Voip Security

Agenda

• Voice Security• Architecture• VoIP Risk• VoIP threats• Service disruption• Design Consideration• Attacks

Voice Security• Telephony hacker had high degree of skill• Cybercrime activity include: - DOS for extortion - Hijacking for reselling• Voice traffic need different treatment to data• Security control ,policies and technology is

essential to protecting assets

Voice Architecture• Good security starts with good architecture• Three basic Voip paradigm• System evolved from Traditional PBX• System evolved from data switch platform• System design for VoIP

VoIP Risk

Voice change risk by adding :Complexity

New Access pointNew device and protocols

Risk categories that affected is:Line safety

Confidentially & AvailabilityOperational & Financial

Reputation

VoIP Threats• VoIP threats is:• Service disruption• Service interception• Service fraud and abuse

VoIP Threats• VoIP threats is:• Service disruption• Service interception• Service fraud and abuse

VoIP Threats• VoIP threats is:• Service disruption• Service interception• Service fraud and abuse

Service Disruption• Poor design• Attack on PBX include malware• DOS• Equipment failure or rogue device

Design Consideration• Separate data and voice network• Use PVlan• Use NAT• Use Switching device to limit User Agent

interference• Consider UPN(User Personalized Network )• Consider Scalability• End-to end security

Attacks• Common voice attack• Eavesdropping • Packet spoofing and masquerading• Replay attacks• Hijacking and malicious call• Voice mail bombing, SPAM,…