VoIP Security explained

Although VoIP (Voice over Internet Protocol, in control of the multimedia transmission over the Internet) is a great solution to enter the modern era of communication, the users should not forget about security risks that can occur when using Voice over Internet Protocol. If you are more careful rather than ignoring those risks, then you should read this page, which will tell you what you should pay attention to.

Collision of voice and data worlds cause security risks, mostly including privacy and authentication-related issues. These can mainly be avoided by encrypting voice services, building redundancy into VoIP networks, regularly perform security audits and lock down VoIP servers to increse VoIP security. The main threats can be divided into four groups: Attack Vectors, VoIP Application Level Attacks, Denial of Service and VoIP Protocol Implementation Vulnerabilities (Figure 1).

voip security explained
Figure 1 - VoIP Security explained

Attack Vectors

  • Poor architectural design
  • Configuration Weaknesses in VoIP devices
  • Passwords
  • Attacks against the underlying VoIP devices Operating System
  • Web Servers
  • Packet Spoofing and Masquerading
  • Replay Attacks
  • PBX (Private Branch eXchange, which handles incoming and outgoing calls and inside calls within a local network) Hosts and Gateways
  • Reconnaissance Attacks
  • IP Infrastructure Attacks

VoIP Application Level Attacks

  • RTP (Real-Time Transport Protocol, which specifies the way programs deal with the real-time transmission of multimedia over the Internet) Injection Attack
  • SIP INVITE Attack
  • SIP CANCEL Attack
  • Call Hijacking & Redirection
  • Eavesdropping
  • Caller ID Spoofing
  • Phone Impersonation
  • Denial of Service (DoS)

Denial of Service (DoS)

  • UDP (User Datagram Protocol. It establishes speed over reliability of data transmission over the Internet) Flood Attack
  • Synchronization Flood Attack

VoIP Protocol Implementation Vulnerabilities

  • Fuzzing (a legitimate method of testing software systems for bugs)

You should have a vulnerability analysis of your VoIP systems regularly undertaken. Testing on live systems would not be the best choice, though, as it could crash your voip network. If you do more than basic testing, lab conditions should be provided. With Ozeki Phone System, however, you do not need to worry about security as it is provided by our company, since it provides the most advanced developments in VoIP technology.

Read the following pages for further information:

More information