Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vanquish the VOIP Security Threat

With over a million users and growing, voice over IP (VOIP) is clearly gaining a foothold and it is anticipated that corporate users will drive the next phase of growth. Many companies are attracted by VOIPs promise of reducing corporate communications costs and the future promise of integrated multimedia.

But, in the rush to adopt VOIP, many organizations are overlooking the security implications of such a move, due in part to the limited number of widespread exploits targeted against VOIP implementations. However, the range of potential threats that exists is significant and warrants a closer look.VOIP Security Threats

With the convergence of data and voice, many of the threats that exist in data networks have their equivalents in the IP telephony world. Among the more serious threats are the following:

Denial-of-Service/Flooding One form of denial-of-service (DOS) attack targets the session initiation protocol (SIP) with a flooding attack. SIP is a widely accepted signaling protocol for IP telephony, Internet conferencing, and instant messaging. By flooding the system with call registration requests, the attacker can exhaust the resources of SIP network servers and create a DOS scenario.

Call Session Hijacking Another form of attack enables the attacker to gain access into a call session by compromising the SIP call signaling process. By injecting a SIP control packet into the call session, the attacker can essentially spoof a response from the SIP server to the endpoint. Similar to a “man-in-the-middle” attack, the attacker is now in a position to either perform call tampering or redirection.

  • 1