A single integrated network is often convenient and easier to manage and administrate than two separate voice and data networks. Unified communications make it easier for users to access other services such as voicemail, e-mail, fax and text messages over the single infrastructure.
The VoIP traffic itself can be divided into two main categories, firstly the digitised, packetised speech and of course the signalling traffic which in most cases today uses SIP (Session Initiation Protocol). When we use a standard telephone we assume that the telephone company is keeping our conversation safe from those that might want to listen in, but what about VoIP?
VoIP signalling and data is created and sent across the network in packets like other data such as email, file transfer and HTTP. Some of the signalling may include credit and billing information, as well as the usual user identification. If this information is sent in clear across a private network, and more importantly across the Internet then hackers and fraudsters could obtain sensitive information about the user. The voice conversation is converted into a digital format using a codec (coder / decoder), and if intercepted could be decoded through the use of an identical codec.
Most users would be concerned if they thought that there was the possibility of hackers listening in on their conversations, known as eavesdropping. There are laws in most countries that prohibit the interception of communications, whether they be over a telephone network or in the case of VoIP, over a data network. But this doesn't mean that determined people will not try to do so. There are a lot of free tools available on the Internet that will allow an attacker to capture a VoIP conversation and play or replay almost in real time. Wireshark is one such basic tool that can be used for this purpose, and there are some even more sophisticated intercept tools.
SIP signalling protocol signalling messages normally contain plain text information, so a hacker or potential eavesdropper with sufficient technical knowledge could interject and re-route a calls, spoof calls or even disrupt calls that are already in progress.
VoIP calls can be intercepted by redirecting the call to what is referred to as a "man-in-the-middle" proxy, which is a SIP server which has been configured to monitor the call.
There are two general areas we look at with VoIP security which are digest authentication and TLS (Transport Layer Security). SIP comes with a configurable challenge-based authentication, not dissimilar to that used with secure HTTP. Authentication information is contained as part of the SIP header to initially challenge a server or recipient, which must reply with the correct credentials. Transport Layer Security is a recognised protocol used to establish a secure connection between two devices, usually a client and server. TLS can use a number of authentication protocols and encryption protocols to ensure the VoIP call is secured. Authentication and Encryption for VoIP will be discussed in a later post.
VoIP Security is discussed on some of our instructor-led training courses, which we are constantly updating.