IP telephony, or VoIP
is a communication system that is provided by the transmission of a voice signal over IP networks, in particular via the Internet. The signal is transmitted in a digital form, and usually it is compressed, in order to reduce traffic and remove redundancy. For the first time VoIP was implemented in 1993. IP-telephony attracts with ease of implementation and its rich functionality. However, many companies are in no hurry to switch to VoIP, paying tribute to prejudices and myths, the main ones of which we will consider.
IP-telephony is subject to wiretapping.
To preserve the confidentiality of conversations, the most advanced solutions in IP telephony use several mechanisms and technologies. First, voice traffic is directed to a dedicated segment of the network, and access to the voice stream is delimited by routers and firewalls with the help of strict access rules. Secondly, by building virtual private networks (VPN) you can protect traffic from illegal listening. The IPSec protocol used can protect the telephone conversation from wiretapping, even if the connection is through an open network, such as the Internet. Some companies for security enhancement integrate SecureRTP (SRTP) into their IP phones, which is designed specifically for these purposes, preventing the efforts of intruders to intercept voice traffic.
IP-telephony can be infected with Trojan programs and viruses.
Actually, the infrastructure that provides communication can be affected. Usually the telephony system is protected by a whole set of tools that build an echeloned defense against attacks of malicious programs. The first line, along with antiviruses, are firewalls that differentiate access to the IP telephony infrastructure from the outside. The next line is considered the systems of detection of attacks and the same antiviruses but already on the final nodes of IP-telephony. In the end, on the initiative of Network Admission Control, another line of defense was built. According to the rules, all stations and servers that do not comply with the general security policy (for example, the absence of critical updates of the system or the irrelevant anti-virus software) may be deprived of access to the corporate network, and therefore can not infect the infrastructure in the event of infection. For such nodes, a special segment of the network is allocated – quarantine, in which they can get the updates necessary for a full-fledged operation.
The replacement of telephones and management servers is also possible in IP telephony.
The best way to protect against devices that try to “pretend” with authorized IP telephones, illegally connected to the corporate network are not only routers and firewalls with prescribed access rules, but also means of strict authentication of each subscriber of the IP-telephony network. This also applies to the telephone connection management server itself. The standard protocols used for authentication are 802.1x, PKI X.509 certificates, RADIUS certificates, etc.
If an attacker obtains administrative rights, he can disrupt all IP telephony infrastructure.
Serious servers that manage IP telephony, provide for the allocation of system administrators a limited set of rights that they need to perform their immediate tasks. For example, an administrator can have read access to the settings, but have the rights to change them, full access to them. Do not forget that all the administrator’s actions are written to the register of registrations and can be analyzed at the right time in search of forbidden activities. The network structure using IP-telephony is usually quite branched, therefore, usually communication with the management server for managing configuration files is performed over an unauthorized access channel, which does not allow an attacker to intercept and read control commands.For this purpose, special protocols are used to ensure security – SSL, TLS, IPSec and others.
IP-telephony is subject to frequent outages.
It is commonly believed that frequent attacks by intruders lead to frequent disruptions in the operation of the telephony network, but this is not the case. Companies that provide network security offer a variety of measures that help to combat both the attacks themselves and their consequences. You can use already built-in protection equipment in the network equipment, and you can use additional solutions:
– division of the corporate network into segments of data transfer that do not overlap, which can prevent occurrence of DoS type and other attacks in the segment with “voice” data;
– setting up access rules for the network and its segments on routers, as well as firewalls around the perimeter of the network;
– installation on the nodes of systems to prevent attacks;
– installation of highly specialized software that protects against DDoS and DoS attacks.
– a special configuration of network equipment, which does not allow to change the address for DoS attacks, restricts the bandwidth of traffic, which does not allow generating a large data flow, disabling the equipment.
You can make unauthorized access directly to IP telephones.
IP-telephony devices themselves are not as simple as they seem. To prevent illegal access to them, they contain a number of special settings. For example, access to the functions of the device can be obtained only by presenting an identifier and a password, you can set a ban on changing the settings of the device itself, etc. In order to prevent unauthorized “filling” of the modified software code and configuration files on the phone, the integrity of such data is controlled by X.509 certificates and an electronic digital signature.
With a large number of calls, the IP telephony infrastructure management server can be disabled.
The number of calls a management server can accept is from 100,000 per hour, up to 250,000 when using the cluster structure of these servers. But nothing prevents the administrator from applying settings that limit the fixed value to the number of incoming calls. In the event of the failure of one of the management servers, it is possible to set up call forwarding to the backup option.
IP-telephony network is fraudulent.
Phone fraud is common, but the server that manages the infrastructure of IP telephony has a number of opportunities to combat the theft of services, refusals of payments, falsification of calls, and others. For example, any subscriber can:
– filter calls by certain parameters;
– block the possibility of redirecting your call to certain groups of numbers, for example, to long-distance, international, etc .;
– block all incoming or outgoing calls to specific numbers.
And the possibility of accomplishing these measures does not depend on which phone the subscriber is calling from. Protection is included when authenticating a subscriber on any IP-telephony device. If the user does not confirm his authenticity, then the list of numbers on which he can call is usually limited, for example, a support phone or a police number, an ambulance.
IP-telephony is less secure than conventional telephony.
But this statement is the most common in the world of telephony. Conventional communication lines, developed many decades ago, do not provide the level of security offered by IP telephony with its new, more advanced technology. In ordinary telephony, it is not uncommon for a subscriber to connect to someone else’s telephone line, listen to other people’s conversations. An attacker can easily perform the substitution of numbers, “flood” with calls and perform a number of actions, which in principle are impossible in IP telephony. If expensive equipment is used to protect traditional communication lines, then in IP telephony they are already included in the components of the technology itself.For example, to protect from wiretapping, conventional telephony uses scramblers. But the centralized management of these devices is impossible, and the acquisition and installation of each scrambler in front of each telephone is not an expensive pleasure. Recently, much attention is paid to the security of information technology in general and IP-telephony in particular. Many are afraid of introducing new systems to receive new risks of breach of confidentiality. It is no accident that in the issue of building new systems in IT, much attention is paid to their security. A lot has been written about this, for example, NetworkWorld magazine together with Miercom’s independent laboratory conducted comprehensive security testing of a number of the most popular IP telephony solutions. The results confirmed the sufficient security of the infrastructure with its correctly tuned and advantages over the traditional means of communication. The cost of protection is much less than that of the older sister, managing the same network is much more convenient. For large businesses, the transition to IP telephony is only a matter of time, and the one who will be the first to occupy this niche will undoubtedly become the leader in its segment.