Security For VoIP
Security For VoIP
Jim Gurol (VP of Operations, Tierzero) gives expert video advice on: Can anyone eavesdrop on my VoIP calls?; What is VoIP 'clipping'?; What is a VoIP 'DoS attack'? and more...
What is VoIP 'clipping'?
Voice clipping is your voice dropping off, like your ending words dropping off so that you can't hear them. If it's used in an intentional denial of service attack then basically, your voice conversation is useless.
What is a VoIP 'DoS attack'?
A Denial Of Service attack is an intentional method of shutting down a business, a phone call, or a VoIP conversation on a data network by sending a large volume of traffic to that particular IP or where that traffic is originating from. They flood it with a bunch of data packets and all of a sudden your voice calls get clipped, they don't sound as good, or you actually you can't even make calls at all.
What is VoIP-related SPIT?
Spam Over Internet Telephony rides on a protocol called SIP, which is Session Initiated Protocol, all voice over IP all runs on that protocol. Since this protocol is internet based you're basically exposed to the whole world sending you these kinds of messages. So your phone can be sent these messages, they'll display on your screen, and you'll either have to reject them or respond to them, so that is the new form of security threat that has appeared, based on this SIP protocol.
How is 'caller ID spoofing' used in VoIP calls?
Caller ID spoofing is changing the caller ID information so that it appears differently when you receive the call. For example, you might get a call from somebody but he is changing the caller ID to show he is calling from a bank. He might be asking for your bank credit card information. Caller ID spoofing is changing the header information in the SIP protocol to appear that it's someone else who is calling.
What is VoIP 'pharming'?
Pharming is a method to intercept a phone call and redirect your call to another provider. So what your IP phone or Voice-over-IP phone does is register with a service provider, and that's how you make inbound calls or outbound calls. And the security breach of pharming is basically taking that DNS and redirecting or rewriting it, so that actually you're not using your service provider; now you're using somebody else's service provider, and you're making phone calls that way. So if you're calling a bank, for example, they can redirect it and have you talk to somebody else, instead of talking to the intended person.
How are viruses used to affect VoIP calls?
Viruses can be used to create havoc on VoIP calls because viruses will create broadcast storms on your network. These broadcast storms create a lot of traffic on your network which cause problems for VoIP. VoIP means bandwidth and if that bandwidth is used up by that virus or worm that's traversing your network your VoIP quality goes down or then becomes unusable.
Does encryption help protect my VoIP security?
Encryption on your Voice-over-IP is a method to secure that voice conversation. Basically, it takes that data stream and encrypts it, using a secret password. The problem with encryption is that it introduces latency on your network and net voice call, so your call quality can diminish, so I don't recommend using encryption on your voice calls.
Does authentication protect my VoIP security?
Authentication is a good idea and most service providers require it. Your voice, your IP device or soft phone, will register with your service provider with a username and password. And that's how you can make inbound calls or make outbound calls using that authentication method.