Layer fortification protects VoIP security against wall-ear intrusion

Source: Internet
Author: User
Keywords Security VOIP content security
Even today, VoIP technology is widely used, security is still repeatedly questioned. Peter Cox, a British security expert and founder of the firewall company Borderware, announced recently that VoIP phones based on the internet are extremely insecure and easy for hackers to exploit. To substantiate this view, he developed a "proof-of-concept" (proof-of-concept) software siptap that could eavesdrop on VoIP Internet telephony. The software uses a Trojan horse software installed on the corporate network to successfully monitor the VoIP network and generate a suffix of ". WAV files for hackers to then spread the use on the Internet. It is no coincidence that VoIP is a target for both expert and hacker attacks. As an IP technology applied on the Web, VoIP technology is a unique threat and risk, as is the case with IP applications such as Web and email. These threats and vulnerabilities include all IP network-level threats, VoIP protocols and application threats, and content-related threats. Just as the bare skin is the most vulnerable, the solution is to put a few more layers of armor on your VoIP-take a multi-level security mechanism and set up as many obstacles as possible to the potential intruder's attacking route. To establish a secure VoIP network, you must first separate it from the data network. To set the VoIP phone on a virtual local area network (VLAN) to a routing address, then disable any communication between the computer connected to the Internet and VoIP, and use Access control lists (access controls Lists) to block the communication between VLANs. Also, a specially designed firewall is needed to identify and analyze VoIP protocols, to conduct in-depth checks on VoIP packets, and to analyze the payload of VoIP to detect any attack-related behavior. There are also several levels of barriers to be set, including the protection of VoIP gateways, locking the network physical layer, using IPSec encryption, locking the session layer with TLS, and using SRTP to encrypt the media in the application layer. Gateways are a key point for data in and out of VoIP networks, and they connect to different networks, such as IP networks and public telephone exchange networks (PSTN). Use authorization mechanisms and access controls at the gateway to control the calls that can be dialed and answered through VoIP systems, and to set different people's rights to perform administrative tasks. For a voice network, restricting access to media and access to VoIP servers and endpoints is important. To limit access to media or to VoIP servers and endpoints, control all call servers and server-related contacts first, then limit contact to the terminals and bury the cables in the pipes in the wall to keep them safe; Finally, select the location of the wireless AP, Limit wireless communication, limit signal strength, use shielding materials to keep wireless signals as far as possible in the building. Use IPSec PlusSecret to protect VoIP data in the network, it can guarantee that even if the attacker intercepts the VoIP packets through the physical layer protection, it cannot decipher the contents. TLS uses digital signatures and public key encryption, which means that each endpoint must have a trusted signature that is authenticated by the authoritative ca. You can also call within an enterprise through an internal CA (such as a Windows server running the authentication Service) and through a public CA for calls outside the company. Using SRTP to encrypt the media of the application layer, it can provide security mechanism such as information authentication, confidentiality, playback protection, etc. VoIP Security Remedies No matter how tight the VoIP network is guarding against, the attack will inevitably occur. Therefore, it is necessary to discover various attempts to hack into VoIP networks by deploying appropriate monitoring tools and intrusion detection systems. By carefully observing the logs recorded by these tools, it is helpful to discover the unusual state of data traffic in a timely manner and find out if someone has entered the network by brute force. At the same time, the timely maintenance of the operating system and VoIP application system patches, to prevent the threat from malware or viruses is very important. Another idea that might help is to make a plan to imagine yourself as a hacker and then try to attack your VoIP system in a variety of ways. Not finding an attack entry doesn't mean your VoIP system is secure. But if you can find the entrance, then others can, then quickly plug this loophole! "Related article" Network content security new threat VoIP into a security hidden topic: Discussion of VoIP security: Yutie TEL: (010) 68476606 "Original: Layers of security to protect VoIP safety against the ear of the wall intrusion back to network security home
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.