VoIP: A New Frontier for Security and Vulnerabilities
Introduction to Voice over IP Technology
The promise of extremely cheap telephone service, utilizing the Internet to transmit voice, has made voice over IP an attractive and profitable idea. Vonage (http://www.vonage.com/) and other service providers entice consumers by charging a flat, monthly rate for unlimited long distance in the U.S. and Canada; the rate is often less than it would cost for a regular phone line without any long distance charges. An entity with an enormous call volume, such as a worldwide retail corporation, could benefit from tremendous cost savings by transitioning all of its telephony networks to VoIP.
Voice over IP uses a server to connect all telephones in a local area network and act as a gateway for VoIP packets traveling to and from the Internet. Consumers with broadband internet connections can purchase VoIP handsets or routers with an RJ-11 jack to connect regular telephones. Businesses must implement a VoIP application server to handle corporate telephone use, much like mail servers are used to manage email. The Internet Protocol Private Branch eXchange (IP PBX) is telephone equipment used by private companies, rather than telephone service providers, for the management of VoIP calls placed on the data network. When considering VoIP, organizations should focus on necessary quality of service (QoS) requirements, the cost to implement, and a number of security precautions needed to protect the network (Mullins, 2005).
The two most common protocols central to VoIP are Session Initiation Protocol (SIP) and H.323. Both also rely on a number of other protocols, such as DNS and ENUM, in order to locate and navigate to other hosts on the Internet.
SIP first uses either TCP or UDP to signal a host on port 5060; then the Real-Time Transport Protocol (RTP) is used to transmit an audio stream over UDP ports 16384 through 32767 (Mullins, 2005). It is a broader specification, generally used to connect network devices to servers or other kinds of control equipment. SIP supports user authentication and the transmission of any type of media, including audio, video, and messaging.
On the other hand, H.323 is a bit more complex, deri...
... middle of paper ...
Hall, M. (2005, March 21). SIP tips VoIP into secure. Computerworld. Retrieved March 24, 2005 from the World Wide Web: http://www.computerworld.com/printthis/2005/0,4814,100497,00.html
Korzeniowski, P. (2005, February 16). Why VoIP is raising new security concerns. IT Manager’s Journal. Retrieved March 24, 2005 from the World Wide Web: http://software.itmanagersjournal.com/print.pl?sid=05/02/11/0028208.
McArdle, D. (2005, February 18). Group tackles VoIP security fears. ElectricNews.Net. Retrieved March 24, 2005 from the World Wide Web: http://www.enn.ie/print.html?code=9589191.
Mullins, M. (2005, November 3). Doing the VoIP security groundwork. CNETAsia. Retrieved March 24, 2005 from the World Wide Web: http://asia.cnet.com.
Rendon, J. (2004, December 8). The security risks of VoIP. CIO News. Retrieved March 24, 2005 from the World Wide Web: http://searchcio.techtarget.com/originalContent/0,289142,sid19_gci1032194,00.html.
Sullivan, A. (2005, March 21). Scam artists dial for dollars on Internet phones. Computerworld. Retrieved March 24, 2005 from the World Wide Web: http://www.computerworld.com/printthis/2005/0,4814,100549,00.html.