VOIP Solution and Service

With the growing use of VoIP, the threats hovering over it have also multiplied significantly. Hence, it has now become essential for any small or large business to be vigilant and maintain a security checklist for their VoIP service.

Nowadays VoIP is in the news not for the great savings in long distance calls that it offers but for the security concerns attached to it. As VoIP runs through internet, the information exchanged can be intercepted by anyone at any time. Moreover, because of its popularity VoIP has become a soft target for the hackers. In the absence of a strong firewall system, hackers may capture sensitive information such as credit card number and bank details. They can even launch denial of service attacks and shut down a voice conversation, or send spam or virus over the internet to disrupt the services. Another vulnerability that the IT sector is worried about the hacking of VoIP networks for making free calls. According to industry sources, a new generation of “phreakers” may be able to manipulate the data switched through a hybrid TDM-VoIP network which will allow them to exploit the billing system to make free calls. Another menace that is plaguing the VoIP networks is ‘caller-id spoofing’. There are some hacking websites that allow people to control the phone number that appears on the receiver’s caller-id display. Moreover, they can modify their voice with the help of voice modification software. Thus, they have become a useful tool for private investigators and pranksters.

Read More: VOIP security

With the advancement in VoIP, spam has also encroached from our e-mails into our VoIP voicemail. ‘Spam’ which was a very common thing for any e-mail user has now started perturbing the VoIP users as well.

‘Spam over Internet Telephony’ or SPIT is much more deadly than its e-mail cousin. E-mail spam can only degrade the service and clog up the bandwidth which in turn can delay your useful mails by a few minutes. However, the VoIP spam hits the VoIP gateways directly which degrades the voice quality, which is something very upsetting for the end user. The open nature of a VoIP phone call makes it easy for spammers to send audio-commercials to people’s VoIP voice-mail inboxes. VoIP is completely insecure at the protocol level; there is no encryption and authentication. People can easily hack a caller ID and claim to be whomever they want. And since VoIP services aren’t regulated, customers aren’t entitled to the same rights and protections as standard phone users, consumer groups get. Any open, IP-based phone system could be a target of “spitters.” That includes such services as Free World Dialup, SIP phone, and Earthlink’s Free Online Calling program. Other services, such as Skype and Vonage would be more immune to such attacks because portions of those networks operate over a closed system that the spitters would have to hack. However any network architecture is vulnerable to hacker attack, in fact Skype users were subjected to an unsolicited Voice Broadcast Message earlier in 2004 following which the company quickly patched the loophole within a couple of days. Hence, the VoIP industry is very well aware of the potential for SPIT and a number of companies are developing solutions to address it, it will be interesting to see the future developments in this field.

Read More: Voip Spam

Spam commonly proliferates using STMP and HTTP protocols, which are critical to e-mail and the Internet, but it could soon become the nemesis of SIP (Session Initiation Protocol) as well. Hence, new technologies like SIP firewalls are emerging to address the protocol’s distinct security requirements. Just as IT security managers rely on firewalls to secure the perimeter of the data network, telephony managers can use a VoIP firewall to their advantage. A VoIP firewall is an application driven by a security policy defining whether to allow or deny certain calls. It manages and protects the traffic, flow and quality of VoIP and other SIP-related communications.

BorderWare’s recently released hardware and software SIP-based firewall, SIPassure, authenticates user connections and allows system administrators to set and enforce VoIP security policies to address application layer exploits. BorderWare claims to protect users against Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks that can eat up large amounts of bandwidth in a VoIP network. There’s also security against eavesdropping and “man-in-the-middle” attacks that allows hackers to become part of a VoIP call without the communicating parties knowing someone is listening. The software also offers protection from Call Redirection, which enables a hacker to automatically call-forward a connection to their system as well as providing protection against Malicious Calling, VBombing and VoIP Spam, which are attacks that flood the receiver with hundreds of false voice mails within seconds. Finally, SIPassure also claims to keep users safe Fake Caller ID, in which a hacker can masquerade as a trusted person making legitimate voice calls to an unsuspecting patron.

Read More: VOIP FIREWALL

These days VoIP is in news not for the great savings in long distance calls that it offers but for the security concerns attached to it. As VoIP runs through internet, the information exchanged can be intercepted by anyone at any time. Moreover, because of its popularity VoIP has become a soft target for the hackers. In the absence of a strong firewall system, hackers may capture sensitive information such as credit card number and bank details. They can even launch denial of service attacks and shut down a voice conversation, or send spam or virus over the internet to disrupt the services. Another vulnerability that the IT sector is worried about the hacking of VoIP networks for making free calls. According to industry sources, a new generation of “phreakers” may be able to manipulate the data switched through a hybrid TDM-VoIP network which will allow them to exploit the billing system to make free calls. Another menace that is plaguing the VoIP networks is ‘caller-id spoofing’. There are some hacking websites that allow people to control the phone number that appears on the receiver’s caller-id display. Moreover, they can modify their voice with the help of voice modification software. Thus, they have become a useful tool for private investigators and pranksters.

VoIP service providers are now trying to secure their customers from these threats through the tunneling and encryption processes. These techniques prevent the hackers from capturing the information packets as they pass through the internet. Most of the service providers are using Layer 2 tunneling and an encryption method called Secure Sockets Layer (SSL) to prevent anyone from getting the confidential information.