VoIP (Voice-over-Internet Protocol) "telephone" services are open to the vulnerabilities of the Internet.
Many threats may even be more acute because VoIP architectures are complex and hierarchical with many networked components such as IP PBXs, application servers, media gateways, and IP (Internet Protocol) phones.
VoIP networking also relies on numerous protocols, some of which remain poorly defined, and all of which introduce their own security risks.
VoIP Security Threats include DoS and Distributed DoS Attacks; unauthorised access to administration systems for toll and credit card fraud or identity theft; eavesdropping by unauthorised agents; and application-level attacks for registration hijacking, illegal teardowns, register floods, call floods, malformed packets, harassing calls and spam over Internet telephony (SPIT).
The following comprise a best practices approach to VoIP security (summarized):
- Maintain current patch levels.
- Install a good antivirus system.
- Apply state-of-the-art intrusion detection and prevention systems.
- Install application-layer gateways.
- Enforce SIP security by means of authentication.
- Establish policy-based security zones to isolate VoIP segments.
- Run VoIP traffic on VPNs to minimise eavesdropping risk on critical segments.
- Use VLANs to prioritise and protect voice traffic from data network attacks.
- Apply encryption selectively.
- Protect against UDP flooding.
- Develop a holistic security program.
From Andy Miller, vice-president of Juniper Networks Asia Pacific's enterprise division.
(more)