A very basic tutorial from techcentric.org on how to STOP VoIP security threats , CAIN, ARP and MITM attacks. Explains that an ARP Poisoning attack is a man in the middle attack (intercepting data in this case VoIP packets).
They recommend that you use SKYPE instead of SIP to avoid man in the middle attacks; or download ZPhone, it works with most SIP clients, or put your VoIP calls on VPN.
See the SIP protocol diagram (right)more information on what is happening during a SIP based VoIP call
Not the most insightful tutorial and a few people have commented that there were a few inaccuracies or that it was too basic, I thought it was a great tutorial for a ‘first timer’ trying to get a handle of what is going on with VoIP security threats. I would definitely need more details from here though.
Peter Cox(?) a security consultant specializing in VoIP security has a great Podcast primer on VoIP security examples. He states that there are really three categories of VoIP Security Threats:
IP level Threats - shared with the web and email and others, common knowledge to many people already
Protocol and application specific threats, based on the way the SIP protocol is designed and is implemented, these VoIP security vulnerabilities can result in misdirected calls, terminated calls, and general call disruption
Content related VoIP Security threats, the interfere with the media stream (the voice or video call)
The most serious is a application level flooding attack, the works by running a script that sends a bunch of calls to an extension in rapid succession and hangs up once answered. It would make a phone unusable, no effective calls in or out.
Imagine also that the attacker injected content into a call, ring the phone and then play a recorded message - Telephone or VoIP SPAM! the last thing we need
Another set of threats revolve around the need of SIP phones to register with an IP/PBX. these kind of VoIP attacks can come in and de-register phones and extensions and render people unable to receive calls
VoIP uses the Internet for sending and retrieving VoIP data. This makes it vulnerable to hackers. For individuals who use VoIP this may not be a problem, but businesses don’t want their information to leak. For this reason VoIP services are dedicated to making their service as secure as possible.
Hackers may ty to tap your call and retrieve all sorts of information. They can retrieve conversations, but also VoIP phone numbers or user identities. When they retrieve this information, they can use your VoIP to make calls themselves. Some hackers may even record your call and use your voice to make calls.
There are a few ways to avoid these security problems. The first is encryption. Encryption works in the same way as when sending credit card information. The data is sent over a safe connection. Another way of averting security issues is by separating VoIP data and other Internet data by using a so-called VLAN (Virtual Local Area Network). The call quality may suffer under these measures. But both methods are an option if calls are to be kept secret.
Viruses sent with VoIP data could also be a risk factor, although this threat hasn’t been seen yet. Viruses don’t only overload the network, but they also reduce the quality of calls.
Another issue is SPIT – Spam over Internet Telephony. Instead of receiving e-mails you receive calls from companies that try to sell you their services and products.
How secure is my VoIP? Certain services maintain security through encryption or the use of a VLAN (Virtual Local Area Network). There are certain things consumers can do themselves.
A firewall will protect your computer from malicious attacks.
All downloads should also be checked for viruses or other threats.
VoIP hardware on the other hand can be unstabilized or shut down if it receives certain types of data.
Certain Internet phones are sensitive to data piracy. For individuals these security issues may not be of importance. But businesses have sensitive conversations over the Internet. They have their own gateways and equipment, which makes them an easy prey for DOS attacks (Denial of Service) and other assailments.
If you want to switch over to VoIP instead of PSTN all you need to do is choose a VoIP service provider. Most of these providers are situated in the United States. Some VoIP service providers are: Vonage, BroadVoice, iConnectHere and Lingo.
For a monthly fee of $8-$20 they will provide you with features such as voicemail, call forwarding and unlimited calls in certain areas. For VoIP You need a broadband modem, an ATA ( Analog Telephone Adapter) or IP phone. Both the ATA and the IP phone have a number assigned to it, regardless of your IP ( Internet Protocol ) address. This way, others can contact you wherever you are.
Most people are assigned with a new IP address by their service provider whenever they log on. Others have a permanent IP address which never changes. In both cases you will need a VoIP provider. This way people will be able to contact you through your username instead of your IP address.
As mentioned before VoIP is user-friendly and it’s a low cost service. Most providers offer VoIP for free, they only charge when you make calls to the Public Switched Telephone Network Different VoIP Providers have different protocols. SIP, H.323 and LIAX are only a few of the protocols.
The most popular system for VoIP is Skype. Skype has a proprietary protocol. This makes it hard to connect to the Skype network from another VoIP provider. On the other hand Skype makes up for that with their service SkypeIn. This service allows you to receive calls from standard phone networks.
In order to make calls with VoIP, you will need a telephone which can be connected to the World Wide Web. If you wish to use a standard phone with VoIP you can get an Analog Telephone Adapter. This will digitize your voice and enable you to make phonecalls with VoIP. This adapter has an Ethernet connector and a regular connector. Ethernet connectors are the same as regular phone connectors but they are wider.
The ATA will save you money, because you won’t have to buy a new phone. Normally VoIP services will provide you with an ATA. But an IP phone will offer you many perks and extras that come with your VoIP account, such as call display, voicemail and call routing. Also, when you buy your own IP phone you may get a discount on your monthly fee. You can still take advantage of some of these extras with an ATA, but you will have to configure your VoIP account at the service provider’s site.
All IP phones have an LCD display for caller ID and phone configuration. Of course the phones differ, ranging from simple phones for personal to complex machines for commercial use. Advanced models have features such as speakerphones and programmable keys. It is also possible to use wireless phones within an IEEE 802.11b wireless network.
IP phones give you the option to route certain calls. You no longer have to do this for each call individually. Anonymous calls for example can be routed to your voicemail or another number. Your IP phone can also be used to store names and phone numbers. Every call that comes in can be added to your phone and edited or deleted.
VoIP stands out because of its convenience, quality, but also because of its low cost. Not only is the monthly fee lower than PSTN (Public Switched Telephone Network) but VoIP also offers features without charging for them.
Despite the fact that VoIP is a great service, there are still a few loose bolts. When switching to VoIP from a traditional phone service it may not be possible t o keep your old phone number. The service offers local phone numbers in some areas. Check with VoIP and your current phone company if this service is available in your area.
Certain VoIP services will redirect your 911 calls to emergency call centers close by, if you have registered your address with them in case you need 911. But, once connected to the emergency center the operator will not be able to determine your location if you can’t speak. Especially for elderly people it is advised to either stick to the traditional phone line or to always have a cell phone nearby.
In case of a blackout VoIP comes with a battery backup. Only during long blackouts the batteries will go empty. For these types of situations it is also advised to keep a traditional line or a cell phone.
If you consider these to be minor flaws and you wish to switch over to VoIP, the first thing you need to do is choose a VoIP service provider.
The difference between the many providers out there is their rate for long-distance and overseas calls. So pick a provider that suits your type of calling most. You can also choose to have multiple phone numbers. If you were to have local numbers in different cities, people who call you in those cities will only pay the local tariff. Pick a VoIP service that will keep your costs at a minimum, and ask for a local number.
To use VoIP you need a broadband cable or DSL modem, a router and perhaps an IP phone. You can also get a modem and router in one. To set VoIP up you need to follow two easy steps: Plug the router into the modem and the IP phone into the router. No fuss, no muss.
If you’re not sure if VoIP is something for you, then try it out without any charge. If you have a headset and a sound card you can download VoIP software and call anyone anywhere. Skype, Free World Dialup and Net2Phone are some of the popular names you might want to consider. These ‘soft phones’ are user-friendly and they charge you nothing as long as you don’t call a cell phone or landline.
When choosing for VoIP you have a number of options when it comes down to the type of phone you wish to use. You can use a headset, Internet phone or an ATA. Internet phones resemble real phones. Some have number pads, ring like real phones and they are used in the same way. In order to use these ‘soft phones’ you also need VoIP software. The phones are to be plugged in the USB port or sound card.
The ATA gives you the opportunity to connect your traditional phone to your modem. Most VoIP providers will give you the ATA free of charge when you sign up. It connects to a broadband DSL or cable modem. When using an ATA you don’t need a computer to make phone calls. The ATA isn’t only handy because it’s easy to use – you simply pick up your phone and dial – but you can take it with you anywhere, connect it to a modem and make phone calls wherever you are. Calls will be redirected to your ATA with no extra charge.
You may also choose an IP phone. IP phones are plugged into the modem (Internet phones are plugged into USB ports or sound cards). The IP phone has integrated hardware and software. All your numbers can be stored in the phone and it has features like caller ID.
To use VoIP your voice needs to be converted into digital data. Your voice is sampled – the sound is divided into discrete steps that are assigned a number value. This data is compressed and sent over the Internet, in packets of 1500 bytes. These packets contain information about their origin and destination. They also have a timestamp, which helps them to be reconstructed in the right order. The packets are converted from digital data to sound once they arrive at their destination.
Just like any other data that is sent over the Internet, VoIP data also contains a payload and information that determines where and how the payload will be delivered. In VoIP this payload is voice data. The packet also contains other information that helps fast delivery. This allows real time conversations over the Internet.
The Internet Protocol Suite consists of two physical layers - the data link layer and the physical layer. In VoIP the Ethernet is used as the data link layer. This allows reliable transmission of data by controlling and synchronizing the flow. The purpose of the physical layer is to act as a channel through which information is passed to the data link layer. Twisted pair cables are used as physical layers in VoIP systems. All network cards, routers, modems, Analog Telephone Adaptors (ATAs) and IP phones are linked to each other through these cables.
Sound signals from the user end are converted to voice packets. These packets are generated via sound cards. After the voice has been converted to digital equivalent, the audio stream is compressed by the VoIP software to enable quick and efficient transmission. The compressed data packets contain all the data required to reach the other end. Thus the quantized data intelligently finds its way through your modem and a maze of twisted cables to the other end of the communication channel.
The data packets may have to navigate through variable paths to reach the intended destination. This is due to the transient nature of web traffic. Once the data packets arrive at the listening end they are arranged in the order in which they were sent and the process of demodulation begins. Here they are converted to some analog equivalent which can be perceived by the listener. The delay or ping time between data transmission and reception must be less than half a second irrespective of their locations.
Broadband connection is necessary to communicate over VoIP without noticeable delays. This does not pose any difficulty because increasing number of web surfers are homing in on hi speed connections these days.
The data packets may have to navigate through variable paths to reach the intended destination. This is due to the transient nature of web traffic. Once the data packets arrive at the listening end they are arranged in the order in which they were sent and the process of demodulation begins. Here they are converted to some analog equivalent which can be perceived by the listener. The delay or ping time between data transmission and reception must be less than half a second irrespective of their locations.
Broadband connection is necessary to communicate over VoIP without noticeable delays. This does not pose any difficulty because increasing number of web surfers are homing in on hi speed connections these days.
VoIP is an acronym for ‘Voice over Internet Protocol’, which is an ingenious internet protocol which allows you to make telephone calls over the Internet with any individual in the world who also has a VoIP-enabled system. Because of its ease of usage, low cost, and many other benefits, VoIP has been rapidly gaining popularity in recent years with businesses and individuals all over the world.
Created in 1995, VoIP was the first computer-to-computer voice connection. This technology was later advanced into Internet Phone Software. It was now possible to talk to other computer users, and all you needed was basic computer hardware and a modem.
The software converted sound into digital data and, in data packets, sent the signal over the Internet. The quality however was inferior to normal telephone lines. But in 1998 phone-to-phone connections through Internet were developed. Using a computer to commence the phonecall, people were able to use a standard phone once the connection was established.
Some of the many VoIP services that are available for personal and business use still rely on computer-to-computer connections. However, they may also offer computer-to- phone and phone-to-phone connections. Internet phones can be plugged into a sound card, USB port, or directly to a broadband DSL or cable modem. Made to resemble traditional phones, some internet telephones even have a number pad.
