Basic VoIP security threat tutorial, ARP poisoning

 Security, VoIP  No Responses »
Jun 232008
 
Session Initiation Protocol

Image via Wikipedia

A very basic tutorial from techcentric.org on how to STOP VoIP security threats , CAIN, ARP and MITM attacks. Explains that an ARP Poisoning attack is a man in the middle attack (intercepting data in this case VoIP packets).

They recommend that you use SKYPE instead of SIP to avoid man in the middle attacks; or download ZPhone, it works with most SIP clients, or put your VoIP calls on VPN.

See the SIP protocol diagram (right)more information on what is happening during a SIP based VoIP call

Not the most insightful tutorial and a few people have commented that there were a few inaccuracies or that it was too basic, I thought it was a great tutorial for a ‘first timer’ trying to get a handle of what is going on with VoIP security threats. I would definitely need more details from here though.

Related articles
Zemanta Pixie
 Posted by admin at 11:49 am  Tagged with: , , ,

VoIP Security Threats – Video, Peter Cox

 Security, SIP Trunks, VoIP  No Responses »
May 012008
 

Peter Cox(?) a security consultant specializing in VoIP security has a great Podcast primer on VoIP security examples. He states that there are really three categories of VoIP Security Threats:

  1. IP level Threats – shared with the web and email and others, common knowledge to many people already
  2. Protocol and application specific threats, based on the way the SIP protocol is designed and is implemented, these VoIP security vulnerabilities can result in misdirected calls, terminated calls, and general call disruption
  3. Content related VoIP Security threats, the interfere with the media stream (the voice or video call)
The most serious is a application level flooding attack, the works by running a script that sends a bunch of calls to an extension in rapid succession and hangs up once answered. It would make a phone unusable, no effective calls in or out.
Imagine also that the attacker injected content into a call, ring the phone and then play a recorded message – Telephone or VoIP SPAM! the last thing we need 
Another set of threats revolve around the need of SIP phones to register with an IP/PBX. these kind of VoIP attacks can come in and de-register phones and extensions and render people unable to receive calls

 Posted by admin at 9:50 pm  Tagged with: ,
© 2012 WireChatter.com Suffusion theme by Sayontan Sinha