VoIP Security Examined
Source: www.voip-news.com
Do you remember when anti-virus was a sometimes thing, when people didn’t worry about impending hackings and attempts to steal or corrupt critical data? That’s sort of like VoIP’s state. People take for granted that VoIP should be secure, but the reality is different.
VoIP is an internet-based service. It’s security is only as good as the systems it runs on. So is your VoIP secure? Good question. There was a great feature on this that you should read . . .
According to Enterprise VoIP Planet:
Right from the get-go, this architecture inherits the same old vulnerabilities that can plague any networked application. Within the public switched telephone network, systems are trusted and insulated from outsiders. But in many VoIP deployments, user agents live outside the trusted network, requiring SIP and RTP to traverse unknown and potentially hostile territory. Furthermore, when converged IP networks support both data and VoIP, SIP user agents and servers may be readily accessible to other LAN hosts.
This exposure makes SIP and RTP vulnerable to network-borne attacks. For example, a hacker can flood a SIP server or proxy with REGISTER or INVITE messages, or flood a SIP client with RTP sessions, exhausting resources and making VoIP service unavailable. Or he can extract a caller’s identity from SIP messages to steal service or impersonate an authorized user. Unless RTP is encrypted (for example, by SRTP), a hacker can easily capture and reconstruct voice payload for the purposes of call eavesdropping or replay. SIP calls can also be redirected, hijacked, degraded, or disrupted altogether.
