EssaysForStudent.com - Free Essays, Term Papers & Book Notes
Search

Voip: A New Frontier for Security and Vulnerabilities

By:   •  Essay  •  1,191 Words  •  November 14, 2009  •  920 Views

Page 1 of 5

Essay title: Voip: A New Frontier for Security and Vulnerabilities

VoIP: A New Frontier for Security and Vulnerabilities

Introduction to Voice over IP Technology

The promise of extremely cheap telephone service, utilizing the Internet to transmit voice, has made voice over IP an attractive and profitable idea. Vonage (http://www.vonage.com/) and other service providers entice consumers by charging a flat, monthly rate for unlimited long distance in the U.S. and Canada; the rate is often less than it would cost for a regular phone line without any long distance charges. An entity with an enormous call volume, such as a worldwide retail corporation, could benefit from tremendous cost savings by transitioning all of its telephony networks to VoIP.

Voice over IP uses a server to connect all telephones in a local area network and act as a gateway for VoIP packets traveling to and from the Internet. Consumers with broadband internet connections can purchase VoIP handsets or routers with an RJ-11 jack to connect regular telephones. Businesses must implement a VoIP application server to handle corporate telephone use, much like mail servers are used to manage email. The Internet Protocol Private Branch eXchange (IP PBX) is telephone equipment used by private companies, rather than telephone service providers, for the management of VoIP calls placed on the data network. When considering VoIP, organizations should focus on necessary quality of service (QoS) requirements, the cost to implement, and a number of security precautions needed to protect the network (Mullins, 2005).

Protocols

The two most common protocols central to VoIP are Session Initiation Protocol (SIP) and H.323. Both also rely on a number of other protocols, such as DNS and ENUM, in order to locate and navigate to other hosts on the Internet.

SIP first uses either TCP or UDP to signal a host on port 5060; then the Real-Time Transport Protocol (RTP) is used to transmit an audio stream over UDP ports 16384 through 32767 (Mullins, 2005). It is a broader specification, generally used to connect network devices to servers or other kinds of control equipment. SIP supports user authentication and the transmission of any type of media, including audio, video, and messaging.

On the other hand, H.323 is a bit more complex, deriving much of its design from legacy communication systems. Some would argue that it is also better, having already experienced and solved communication problems in the past. H.323 utilizes unicast and multicast on UDP port 1718 to locate the gateway; then remote access service (RAS) is started on UDP port 1719. H.225 and H.245 are also used for call signaling over TCP port 1720 and data transmission over TCP ports 1000 through 65535 (Mullins, 2005).

Security Concerns

As with any new technology of the Information Age which has had groundbreaking implications for the way we communicate electronically, IT managers have been wise to greet voice over IP with some skepticism. After all, VoIP is a service that utilizes the Internet to transmit data, much like web browsers, email, or any other networked application. In that case, security should definitely be a major concern for anyone who is considering the adoption of VoIP telephone service. As Korzeniowski (2005) writes, “VoIP features all of the security problems inherent with IP communications and adds a few new items to the mix.”

The Internet

The benefits that voice over IP offer must be acknowledged with these security concerns in mind. Unfortunately for simplicity’s sake, VoIP is not just a replacement for traditional phone systems operating on the PSTN (Public Switched Telephone Network). Indeed, we often take for granted the security we enjoy on the PSTN, which is by nature more secluded than Internet transmissions. A dedicated circuit handles only the relevant parties involved in communicating (normally only two in a typical two-way telephone call), making breaches or intrusions very uncommon. This is much unlike a typical link on a data network which may handle many IP transmissions at once. In fact, any host that sends or receives data on the Internet is as accessible to the public as the host’s security permits. This also includes the actual IP packets going to and from the host on public lines, which may be intercepted by other parties.

Given the nature of VoIP as an Internet application, we can assume a number of security risks based on those we attribute to any Internet-based application. We should be especially wary of new technology that has yet to receive much attention in the

Download as (for upgraded members)  txt (7.5 Kb)   pdf (110.3 Kb)   docx (13.2 Kb)  
Continue for 4 more pages »