VoIP communications opens up a whole set of concerns previously unconsidered in voice communications. As you know, each country has regulated communications and provisions for 'legal intercept' which is widely known as wiretapping. In VoIP systems, not only is this more difficult, but IP to IP communications has been removed from having this requirement in the U.S. under CALEA. This is of major concern to law enforcement, as IP-to-IP communications is not limited to PCs anymore, but can now be done using WiFi SIP phones in hotspots, which are becoming widely available. This type of communications is difficult to monitor, but not impossible. However, legislative bodies and their advisors need to be better informed of the issues involved.
Technical solutions in the area of IP communications are already in use by legal entities for IM, e-mail and Web traffic, allowing investigations into online illegal activities to be carried out. The real-time aspect of VoIP introduces some extra complexity, but solutions can be implemented at the ISP level through packet sniffing and protocol analysis leading to media forking. Think of it as a high speed, high bandwidth Ethereal.
On another note, IP PBX attacks can be classified into two areas, transport and application layer attacks. Transport layer attacks are well known IP layer attacks such as DOS, DDOS, SYN, ACK, etc. These attacks are identical to the type of attacks faced every day by current IP systems and can be remedied in the standard ways we secure networks. The application layer attacks introduce some new concerns. Attacks at this layer are quite difficult to protect against, as many of the attacks are based on common usage of the systems, for example DOS attacks, phone calls for SPAM/SPIT, voice mail messages, or protocol exploitations -- such as cutting off calls, making phones ring and faking caller ID. Of course, there are also 'man-in-the-middle', session hijacking, and sniffing attacks just to mention a few, which are blended attacks. These attacks are a combination of transport layer and protocol vulnerabilities.
All of these areas can be contained and protected in today's networks. A combination of network design, traffic flow design and a SIP Firewall or SBC will mitigate many of the issues mentioned above.
This was first published in November 2005