Best Practices for Secure VoIP Telephony
VoIP systems are becoming prevalent in business organizations and so do the threats aiming to subvert their security. The security issue was not so much critical in the past as VoIP systems were implemented on private LAN and WAN, which were more or less secure. As the usage of VoIP started spreading widely and Internet telephony has come into existence, the VoIP security issues have become points of great concern. Any VoIP device which is communicating over the Internet is at risk.
Some of the common VoIP threats which have been predicted are denial of service (DoS) attacks, VoIP eavesdropping, VoIP attacks against service providers, Vishing etc. Several tools and techniques have been developed to provide IP security depending on the VoIP protocol and the policies used. Some of the best practices are described below:
Authorization
An attacker can bombard a VoIP server or gateway device on the Internet using unauthorized data packets. This results in flooding of the server and makes the services unavailable to users. A hacker can flood the SIP server with bogus requests thus making it impossible to dial or receive calls. This attack is referred to as ‘denial of service’. Authorization can shield the system against this kind of attacks. Authorization implies that the device is configured in a way so that it allows traffic only from a selected (trusted) group of IP addresses.
Authentication
Authentication is considered to be one of the most effective ways to provide security to VoIP service. In this technique, there is a requirement of at least two VoIP devices which communicate with each other. These VoIP devices authenticate each other prior to initiating an actual communication. This mutual authentication process is based on a shared, pre-defined data exchanged prior to the actual communication, and, this makes it difficult for attackers to masquerade identities.
Transport layer security:
Eavesdropping is a common threat in an unsecured VoIP telephony. In case of such kind of attacks, the eavesdropper can tap audio conversations using unauthorized interception of audio streams and then decoding the signal. This can be prevented by using a Transport Layer Security. Transport layer security, or TSL, is a protocol which ensures privacy, security and data integrity between the communicating equipment and applications and their uses over Internet. TSL is capable of providing a secure and safe communication channel or medium between communicating entities.
This protocol is designed in such a way that enables the server/client applications to prevent tampering, eavesdropping or message forgery. It is possible to configure TSL so that it allows only secure SIP signals (Session Initiation Protocol) while communicating with other IP devices. It is mandatory that the client sets up a TSL connection to server and then exchange the encrypted SIP messages on a secure connection. Here, the communication is based on controlled information that is known only to the client and the server. As a result, it is very difficult and almost impossible for an eavesdropper to manipulate or decode the messages.
Encryption
VoIP telephony can be secured by using the encryption technology. VoIP telephones can encrypt audio stream via Secure Real-time Transport Protocol (SRTP). SRTP is a security profile used for RTP which adds message authentication, confidentiality, and replay protection for that particular protocol. The prime purpose of SRTP is to ensure confidentiality of the RTP payload along with integrity protection of the entire packet.
SRTP is an ideal solution to secure VoIP traffic as it can be used along with header compression and also does not affect the quality of service. A unique key stream is created for each RTP packet and hence makes it impossible for attacker to retrieve or decode the original RTP stream from the encrypted one. Not only this, SRTP also provides relay protection which secures multimedia data. By using stream ciphers, SRTP also resists denial of service attacks.
About Dove Communications
Dove Communication is a leader in installing and supporting VoIP and IP based communication systems. From voice to video to full integration to your computerized system for data integration, we can provide all the knowledge and technology needed for you to switch over to VoIP communication. Our association with Toshiba gives us a strong edge in technology.
Toshiba’s VIPedge, their IP telephony in the cloud, has been winning awards year after year. If your phone usage is high, we can also offer your IPedge, another award-winning product from Toshiba. If you have call center requirement, we have the wonderful Strata CIX. All these products are backed by powerful software as well as our installation and support capabilities.