Most enterprise organizations encrypt data that transverses the network. It's a no-brainer. Thus, encrypting voice...
and data packets transmitted over a VoIP network is also a given, right? Turns out, not so much. By and large, VoIP vendors are building encryption support into their offerings. Across the board, companies planning a VoIP migration rank encryption technology as among their top concerns. Ironically, however, most organizations do not actually employ encryption – or at least are reluctant to do – when launching their VoIP network.
In SearchVoIP.com's Fast guide to VoIP encryption, you'll learn how VoIP encryption works, what malicious scenarios can unfold in the absence of an encrypted VoIP network and why, despite the inherent, inevitable and potentially devastating risks, enterprises are reluctant to encrypt their VoIP traffic.
Here is a sneak peak into the many types of threats and disruptions poised to pounce on your VoIP network if not properly secured.
Voice and data disruption
- VoIP data and VoIP control packet flood
- Service disruption
- VoIP call data flood
- TCP/UDP/ICMP packet flood
- VoIP implementation DoS exploit
- OS/protocol implementation DoS exploit
- VoIP protocol DoS exploit
- Wireless DoS attack
- Network service DoS attacks
- VoIP application DoS attacks
- VoIP endpoint pin change
- VoIP packet replay
VoIP data and service threats
- VoIP packet injection
- VoIP packet modification
- QoS modification
- vlan modification
- VoIP data and VoIP social engineering
- Service theft rogue VoIP device connection
- ARP cache poisoning
- VoIP call hijacking
- Network eavesdropping
- VoIP application data theft
- Address spoofing
- VoIP call eavesdropping
- VoIP control eavesdropping
- VoIP toll fraud
- VoIP voicemail hacks
Terms to know:
IPsec (Internet Protocol Security): A framework for a set of protocols for security at the network or packet processing layer of network communication. (WhatIs.com)
VPN (virtual private network ): A framework for a set of protocols for security at the network or packet processing layer of network communication. (WhatIs.com)
ZRTP: ZRTP is a voice over IP (VoIP) encryption extension for the Real-Time Transport Protocol (RTP). (WhatIs.com)
How does encryption work?
Stolen voices: The challenge of securing VoIP
Businesses should devote at least as much consideration to securing voice traffic as they do to their data today. One possibility is to do this via a virtual private network (VPN) tunnel, either using AES or DES (Data Encryption Standard) for the encryption of the signaling and streaming components of a VoIP call. A second option is to use ...
Keeping out snoopers
A SearchVoIP.com member asked Andrew Graydon, "For best practices, what traffic logging should be performed at firewalls? Is there an encryption for Voice over IP -- for example, to protect traffic from snooping on Internet?" Read Andrew's advice.
Encrypting VoIP traffic: How and why
Securing VoIP traffic remains one of the biggest obstacles to its mainstream enterprise use. VoIP traffic tends to be unencrypted, but that doesn't mean that it has to be. In this tip, Brien Posey explores various options for VoIP encryption, including sending VoIP traffic through a VPN tunnel and implementing an encryption tool called Zfone.
VoIP security, PGP style
In an interview with SearchVoIP.com, the creator of the Pretty Good Privacy e-mail encryption technology, Phil Zimmermann, explains how his new software can successfully secure VoIP connections and why other methods are likely to fail.
Other VoIP security resources:
SearchVoIP.com's security resource center
Don't overlook the security risks that can pop up when the worlds of voice and data converge. Find out how to create security policies, identify security threats and thwart attacks here.
VoIP Security Resource Guide
Voice over Internet Protocol (VoIP) implementations are becoming more common and keeping it secure is no easy task. Created in partnership with our sister site, SearchSecurity.com, SearchVoIP.com's guide is a compilation of resources that review the importance of VoIP security, protocols and standards, LAN security, vulnerabilities, troubleshooting, threats and more.
The Voice over IP Security Alliance (VOIPSA) aims to fill the void of VoIP security related resources through a unique collaboration of VoIP and Information Security vendors, providers, and thought leaders.