Post on 26-Dec-2015
Voip Security
Agenda
• Voice Security• Architecture• VoIP Risk• VoIP threats• Service disruption• Design Consideration• Attacks
Voice Security• Telephony hacker had high degree of skill• Cybercrime activity include: - DOS for extortion - Hijacking for reselling• Voice traffic need different treatment to data• Security control ,policies and technology is
essential to protecting assets
Voice Architecture• Good security starts with good architecture• Three basic Voip paradigm• System evolved from Traditional PBX• System evolved from data switch platform• System design for VoIP
VoIP Risk
Voice change risk by adding :Complexity
New Access pointNew device and protocols
Risk categories that affected is:Line safety
Confidentially & AvailabilityOperational & Financial
Reputation
VoIP Threats• VoIP threats is:• Service disruption• Service interception• Service fraud and abuse
VoIP Threats• VoIP threats is:• Service disruption• Service interception• Service fraud and abuse
VoIP Threats• VoIP threats is:• Service disruption• Service interception• Service fraud and abuse
Service Disruption• Poor design• Attack on PBX include malware• DOS• Equipment failure or rogue device
Design Consideration• Separate data and voice network• Use PVlan• Use NAT• Use Switching device to limit User Agent
interference• Consider UPN(User Personalized Network )• Consider Scalability• End-to end security
Attacks• Common voice attack• Eavesdropping • Packet spoofing and masquerading• Replay attacks• Hijacking and malicious call• Voice mail bombing, SPAM,…