Myth and reality of VoIP

Source: Internet
Author: User

Security is often one of the main reasons for enterprises not to use VoIP. Network administrators need to overcome such exaggerated publicity and apply correct security measures to maximize the reliability of voice networks and successfully launch such services.

Changing to VoIP requires many changes. In the old-fashioned TDM (time-division multiplexing) Speech Communication, PBX (switch) is a separate closed system that calls directly to these switches. Its simplicity is also its security. Of course, the problem with this model is: it is difficult to share applications; it is expensive to move, increase, and change, and it is not associated with the data network. The VoIP system looks like any other network-Connected Application. Telephone servers, email servers, and other applications run on commercialized hardware that is configured with IP endpoints for communications with them. These servers and endpoints communicate with each other by connecting to the Ethernet IP address of the vswitch and vro.

Since a VoIP system is the same as other IP application programs, the threats to VoIP are the same. You Need To Know How VoIP components are affected.

Network

Any endpoint with an IP address is vulnerable to network attacks such as denial of service (DoS) attacks. When a Denial-of-Service (DoS) attack is carried out on the network, the quality of the phone is adversely affected. Many professionals believe that DoS attacks are the biggest threat to VoIP applications. Denial-of-service attacks can also overload the telephone server, resulting in a delay in telephone connection.

One of the most widely publicized aspects of VoIP Security is the familiarity with the VoIP firewall. Because most VoIP applications are internal and do not penetrate the firewall, a better security method is to disable the VoIP port on the firewall around you. VoIP communication rarely leaves the enterprise network. You should consider using a firewall that is familiar with VoIP.

Operating System

IP switches, media gateways, and other related servers are built on standardized operating systems, such as Windows, Linux, or a proprietary operating system. Because of the large-scale application of Windows or Linux-based operating systems, these operating systems are more widely supported by developers and the possibility of application integration. However, this does not enable these operating systems to have more security vulnerabilities. As for whether organizations should use products based on Windows and Linux operating systems or products based on other operating systems, there is no correct answer for enterprises. This is just a matter of choice. If a standard-based product is used, appropriate security precautions should be taken.

Protocol

VoIP protocols such as SIP, H.323, MGCP, and Megaco are vulnerable to telephone attacks, such as fraud, counterfeiting of others' identities, and eavesdropping. Improper execution of these protocols may cause cache overflow. Hackers can exploit this cache overflow to control important task systems in the VoIP environment, such as media gateways and telephone servers.

IP Switch Telephone server, IP Phone and soft switch on PC

Most of the spoofing activities around servers and endpoints are tariff spoofing, fraud, and configuration attacks. Although these things are important and do not need to be considered, the more basic problem is viruses. A VoIP Endpoint or infected server can spread the virus to other parts of the network, causing performance problems and possibly damaging data. Because most VoIP applications are internal applications, viruses may be transmitted from computers of other companies. Organizations should adopt best practices to protect all their computers.

In addition to the project mentioned above, the network administrator can do many other things to protect the VoIP environment:

◆ VLAN (Virtual LAN) is used to isolate voice and data communication. Many of the threats that people recognize to VoIP come from the ability of hackers to hack the phone. VLAN can solve most VoIP concerns. It is important to note that a VLAN can only be used with an IP Phone and cannot be used with a soft phone. Windows does not support VLAN tags. Therefore, the same VLAN identifier must be used for voice and data communication.

◆ Implement service quality and prioritize communication in voice VLAN. This will prevent malicious communication flooding attacks on the network and reduce the quality of the phone. Service quality should be implemented on the LAN and wide area networks.

Finally, for VoIP Security, do not use the propaganda method mentioned above. Too many vendors and media have created unnecessary FUD related to VoIP (fear, uncertainty, and suspicion ). No network administrator is willing to deploy a VoIP phone and let security events disrupt the quality of the phone. Therefore, such fear, uncertainty, and suspicion have always affected VoIP applications. Information thieves and unauthorized network access are more worrying for enterprises than eavesdropping, IP Phone spam information, or unauthorized calls. Use appropriate security measures and tools to ensure that all layers of your network are protected against most problems that affect VoIP from a security perspective.

  1. Small security measures block VoIP Security Vulnerabilities
  2. Analyze several typical and prominent VOIP Security Problems
  3. On the integration and development of VoIP speech technology and traditional networks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.