How to protect your VoIP network

VoIP has finally arrived as a mainstream application. IP PBX equipment sales topped $1 billion in 2005, for the first time outpacing traditional TDM PBXs, according to Dell' Oro Group.

In fact, analysts predict that IP PBXs will account for more than 90% of the market by 2009. Before you deploy VoIP, however, you need to be aware of the security risks and the countermeasures that you can take. Security is important in every context, but especially when you're replacing the world's oldest, largest and most resilient and available communications network. While no individual security measure will eliminate attacks against VoIP deployments entirely, a layered approach can meaningfully reduce the probability that attacks will succeed.

The threats

Enterprise VoIP customers and service providers are vulnerable to many of the same impersonation-based attacks "phreakers" attempt against traditional telephone and cellular services. The goals - identity and information theft and toll fraud - are the same.

Many attacks focus on VoIP endpoints. The operating systems, Internet protocols, applications and management interfaces of VoIP hard phones and computers running softphones are vulnerable to unauthorized access, viruses and worms, and many denial-of-service (DoS) attacks that exploit common Internet protocols and VoIP protocols themselves.

VoIP uses the IETF Session Initiation Protocol (SIP) and the Real-time Transport Protocol (RTP) for call signaling and voice-message delivery. These and complementing session description and RTP control protocols (SDP, RTCP) do not provide adequate call-party authentication, end-to-end integrity protection and confidentiality measures on call signaling and call data (such as media streams containing compressed and encoded speech). Until these security features are implemented and put into service, attackers have many vectors to exploit.

Today, SIP and RTP protocols do not encrypt call-signaling packets and voice streams, so identities, credentials and SIP Uniform Resource Identifiers (phone numbers) of callers can be captured using LAN and wireless LAN (WLAN) traffic-collection tools (sniffers).

An attacker can use captured account information to impersonate a user to a customer representative or self-service portal, where he can change the calling plan to permit calls to 900 numbers or to blocked international numbers. He also can access voice mail or change a call forwarding number.

Impersonation attacks commonly are used to perpetrate toll fraud, but financially motivated attackers also can capture voice conversations and later replay them to obtain sensitive business or personal information.

Flooding VoIP targets with SIP call-signaling messages (e.g., Invite, Register, Bye or RTP media stream packets) can degrade service, force calls to be dropped prematurely and render certain VoIP equipment incapable of processing calls entirely. VoIP equipment also may be vulnerable to DoS attacks against such Internet protocols as TCP SYN, ping of death and the recent DNS distributed DoS amplification attacks.

VoIP systems also can be disrupted by media-specific attacks, such as Ethernet broadcast storms and Wi-Fi radio jamming. Operating systems and TCP/IP stacks used in new VoIP hardware may be susceptible to implementation-specific attacks that exploit programming flaws. This can cause the system to cease operating or provide the attacker with remote administrative control of the system.

VoIP softphones pose a unique and thorny problem. Softphone applications run on user systems (PCs, PDAs) and thus are vulnerable to malicious code attacks against data and voice applications. IT administrators must consider the possibility that an attacker may try to evade conventional PC malware protection by injecting malicious code via a VoIP softphone application.

Spam often harbors spyware and remote administration tools. Spam over Internet telephony can carry unsolicited sales calls and other nuisance messages, and programs downloaded to softphones could include hidden malware.

Even this partial description should cause IT managers to assess the risk of introducing VoIP, and to develop a policy and an implementation plan to reduce the risks using security technology at hand.

http://www.networkworld.com

 

VOIP 2005 & beyond!

2006 VOIP has now become one of the most technologically advanced communications platform in the world

Next 5 years

According to experts, with VoIP’s increasing Quality of Service (QoS) and universality of added features, it will occupy a major percentage of all communications

Antiquated, expensive traditional PBX’s and expensive Local, Long Distance, and Cellular services have created the need for a global solution – VOIP.

HISTORY of VOIP - 2005

2005

Voice quality issues have long since been addressed and VoIP traffic can be prioritized over data traffic to ensure reliable, clear sounding, unbroken telephone calls. Revenue from VoIP equipment sales alone are projected to reach around $3 billion this year and are being forecast to be over $8.5 billion by the end of 2008. This is primarily being driven by low cost unlimited calling plans and the abundance of enhanced and useful telephony features associated with VoIP technology.

This is a phenomenal growth rate and with the rapid introduction of Video over IP fueling demand, the future of this technology is truly exciting and will enable us to enjoy products that our grandparents and even parents never thought were possible. Video over IP follows the same concept as VoIP but in this case enables the transmission of video signals. As such, video phones are becoming more common than you would think, and many companies are already offering attractive packages. One of our featured partners, Packet8 already has a video phone offering.

Voice over Internet Protocol, VoIP or Broadband phone service as it is often referred to, is changing the telephony world.

Traditional phone lines are slowly being phased out as businesses and households around the world embrace the benefits and features that VoIP technology has to offer.

HISTORY of VOIP - Since 2000

Since 2000

• VoIP usage has expanded dramatically
• Several different technical standards for VoIP data packet transfer and switching - each is supported by at least one major manufacturer
• No clear "winner" has yet emerged to adopt the role of a universal standard.
• Service has also been extended to residential users
• While companies often switch to VoIP to save on both long distance and infrastructure costs, VoIP.
• VoIP has gone from being a fringe development to a mainstream alternative to standard telephone service.
• VOIP traffic exceeded 3% of voice traffic by 2000,

Currently, the majority of IP switching and routing equipment suppliers offer VoIP on their mid-range and up equipment, either as standard equipment or as an option. Voice over Internet Protocol traffic was in excess of 3% of voice traffic by the year 2000, and it is expected that it would grow rapidly to somewhere between 25% and 40% of all international voice traffic by the year 2005.

HISTORY of VOIP - Late 1990's

Late 1990's

VoIP service relied on advertising sponsorship to subsidize costs, as opposed to charging customers for calls.

The gradual introduction of broadband Ethernet service allowed for greater call clarity and reduced latency, (calls still had static or there was difficulty making connections between the Internet and PSTN (public telephone networks). Startup VoIP companies were able to offer free calling service to customers from special locations.

VoIP hardware less computer dependent (breakthrough in VoIP history). Cisco Systems and Nortel (hardware manufacturers) started producing VoIP equipment that was capable of switching, therefore functions that previously had to be handled by a computer's CPU, such as "switching" a voice data packet into something that could be read by the PSTN (and vice versa) could now be done by another device

Larger companies were able to implement VoIP on their internal IP networks, and long distance providers even began routing some of the calls on their networks over the Internet, now that hardware started becoming more affordable

HISTORY of VOIP - 19958

1998 (VoIP evolved gradually over the next few years)

· PC to phone service offered by small companies.

· Phone to phone service soon followed (by using a computer to establish the connection)

· email, cellular (mobile), and the Internet becoming standards for global communications

By 1998, VoIP traffic had grown to represent approximately 1% of all voice traffic in the United States. Entrepreneurs were jumping on the bandwagon and were creating devices which enabled PC-to-phone and phone-to-phone communication. Networking manufacturers such as Cisco and Lucent introduced equipment that could route and switch the VoIP traffic and as a result by the year 2000, VoIP traffic accounted for more than 3% of all voice traffic.

By 1998 VOIP had reached some potential. A number of entrepreneurs started setting up gateways to allow first PC-to-Phone and later Phone-to-Phone connections. Some of these entrepreneurs started by providing customers a facility to make free phone calls using the regular phone. Every phone call which the user made had an advertisement at the beginning and at the end of the call. This service was only available to users in North America. This service allowed the users to make free long distance calls. This “free to the customer” marketing model, was sponsored by various advertising companies or agencies. These services often required the services of a PC to originate the call, although the actual communication was from ‘phone to ‘phone. At this stage, VOIP traffic represented rather less than 1% of voice traffic.

In 1998 three IP switch manufacturers introduced equipment capable of switching. At present, most IP switching and routing equipment suppliers offer VOIP as either a standard or as an option on their mid-range and up equipment.

Voice over Internet Protocol had made considerable progress by the year 1998. A number of organizations began to set up gateways to allow first PC-to-Phone and later Phone-to-Phone connections. A few of these organizations started by providing users a facility to make free phone calls using the regular phone. Each phone call that the user made started with an advertisement and also had one at the end of the call. This particular service was offered only to users in North America. This allowed the users to make free long distance calls. A number of advertising companies or agencies sponsored this “free to the customer” promotional model. These kinds of services, time and again, require a PC to originate the call, even if the actual communication is from ‘phone to ‘phone.

Three IP switch manufacturers launched equipment, during the year 1998, which was capable of being used for switching.

HISTORY of VOIP - 1996

Vocaltec – one of the true pioneers of VoIP - Internet Phone product

It had initial success with Internet Phone, and had a successful IPO in 1996 and was perhaps the first "true" VoIP software application. It helped lay the groundwork to make VoIP mainstream and was the first VoIP product on the shelves of Compusa and other retail outlets.

In the old days of VoIP there were full-duplex issues and soundcard full-duplex driver issues. If you didn't have the latest sound card driver, you'd get a half-duplex CB/walkie-talkie type experience. The Internet hadn't really taken off at that point in history. You had to download the latest sound card power dissipation following suit.

The VoIP software vendors responded in kind by supplying the necessary codecs and data packaging components necessary to run on the DSP, however this bottom-up approach left manufacturers to fend for themselves with the most critical design elements, including system management, signaling, call control, gateway control, and control plane interface. Often, the integration of these disparate components was quite a difficult process, requiring the stitching together of algorithms and protocols from many different suppliers. Consequently, system efficiency was sub-optimal, and time to market was painfully slow.

driver to get full-duplex VoIP sound.

In 1996 they released and officially invented the protocol and today they are leading providers of the latest VoIP solutions. The technology is still fairly new and history is being written right now.

Historically, VoIP software focused mainly on the DSP (Digital Signal Processors), primarily due to the components' high representation in the design of VoIP platforms. Not surprisingly, OEMs centered their design decisions on which DSP they intended to use, with the standard considerations of performance, size.

HISTORY of VOIP - 1995

1995 the first Internet Phone Software appeared - Vocaltec

• Vocaltec released the first internet phone software called "Internet Phone".
• Hobbyists began to recognize the potential of sending voice data packets over the Internet instead of communicating through standard telephone service
• Designed to run on a home PC
• Utilized sound cards, microphones and speakers.
• Allowed PC users to avoid long distance charges
• The software used the H.323 protocol instead of the SIP protocol that is more prevalent today.

Contemporary VoIP

• uses a standard telephone hooked up to an Internet connection
• early efforts in the history of VoIP required both callers to have a computer equipped with the same software, as well as a sound card and microphone.
• early applications had poor sound quality and connectivity
• but showed that VoIP technology was useful and promising, considered the Skype of the 90s.

A major drawback in 1995 was the lack of broadband availability. Also software used with modems resulted in poor voice quality vs. normal telephone call. It was still a major milestone as it represented the first ever IP Phone.

Voice over IP began as the result of work done by some hobbyists in Israel in 1995 when only PC-to-PC communication was available. Later in 1995, Vocaltec, Inc. released Internet Phone Software. This software was designed to run on a home PC (486/33 MHz) with sound cards, speakers, microphone, and modem. The software compressed the voice signal, translated it into voice packets, and shipped it out over the Internet. The technology worked as long as both the caller and the receiver had the same equipment and software. Although the sound quality was nowhere near that of conventional equipment at the time, this effort represented the first IP phone.

VoIP came into existence as a result of work done by a few hobbyists in Israel in the year 1995 when only PC-to-PC communication was in vogue. Later on during 1995, Vocaltec, Inc. released Internet Phone Software. This particular software was intended to run on a home PC (486/33 MHz) with:

• sound cards
• speakers
• microphone
• modem

The software was used to compress the voice signal, convert it into voice packets, and then finally to ship it out over the Internet. This particular technology worked as long as both the caller and the receiver had the same tools and software. However, the sound quality was not even close to that of the standard equipment in use at that point of time. This attempt can be termed as the first IP phone that came into existence.

HISTORY of VOIP - Long Ago

"When did VoIP begin?"

This standard of communication dates as far back as Alexander Bell and his invention of the telephone, utilizing the same basic purpose and design. With the notion that one person can talk to another person far away using some kind of device, in 1876 this device was the telephone, but in 1996, it can be found on the Internet. The first telephone call from one end of the American continent to the other was made 87 years ago, on January 25, 1915.

The inspiration for this technology is the Internet capability oh allowing one computer to talk to another. In the past, with limited technology, communication was only possible if both parties had the same kind of soundcard with the latest drivers installed; otherwise the result was more like a Half-Duplex walkie-talkie quality.

Long ago

Worldwide communication first started out

POTS - Plain Old Telephone Systems allowed local area calling, but was only available to the elite, since there was a huge cost involved, considering the equipment and line placement. The POTS network grew, as did its popularity and necessity (for individuals and corporations alike)

PSTN - Public Switched Telephone Networks

The industry quickly evolved to include nationwide and eventually global connectivity through the phone company.

1973 Voice over IP or VoIP Protocols are used to carry voice signals over the IP network, a commercial realization of the experimental Network Voice Protocol invented for the ARPANET.

HISTORY of VoIP

1876 – Invention of the telephone

1915 – Call across the continent

1973 – ARPANET/Network Voice Protocol

1995 - Volcatec

1996 – DSP

1997 – VoIP introduced/global communications

2000 – Residential acceptance

WHAT IS VOIP?

VoIP, an acronym for Voice over IP, is a technology that allows one to make telephone calls using a Broadband Internet connection instead of a regular telephone line, thereby having phone service over the Internet delivered through your Internet connection, instead of from your local phone company.

Voice over Internet Protocol, is the routing of voice conversations over the Internet (or through any other IP-based network). Voice over IP traffic can be utilized on any IP network, including those without a connection to the rest of the Internet, such as LAN, for example.

Traditionally, a phone conversation is converted into electronic signals that travel along a network of switches, in a dedicated circuit that lasts the length of a call, as is with cellular providers, and long distance carriers.

The conversation is converted to packets of data that travel over the Internet or private networks, just like e-mails or Web pages. The packets get reassembled and converted to sound on the other end of the call.

In contrast to a PBX business phone system with its proprietary components, or with a cellular service that requires a tower and/or satellites to connect, VoIP is not limited to single users. It can accommodate multiple-line and group-access users regardless of their location or the type of phone they are using.

The two main advantages are cost and functionality. All that is required is a high-speed Broadband Internet connection in order to take advantage of VoIP. You can use a regular (i.e. analog) phone that is connected to an adaptor (ATA). This adapter converts your voice to data packets; sends it to the Internet; and then to a VoIP service provider. The person you are calling doesn’t need any special equipment to receive the call. The service routes the phone call via Internet to the called party's local telephone company to complete the call. Also, while VoIP does require your broadband Internet connection to be active, it does not require your computer to be online to take advantage of the phone services.

When you choose a VoIP service provider, you will be sent a converter (adapter) to allow a regular phone to use the VoIP service. Your phone number is programmed into the converter (adapter), allowing you to take your phone converter (adapter) and phone number wherever you travel in the world to use them, just as long as you have access to a high-speed broadband Internet connection. Because your telephone number is based in you converter and not your home, you have the option of choosing any area code for your phone number. Some carriers will allow you to have more than 1 phone number in different area codes for a small additional fee, called a virtual phone number. For instance, you can have one number in your local area code and another phone number with an area code from another city. By having a virtual phone number in another city where you have a lot of friends and family, you will be saving them money because they can call you on a local number instead of paying for long distance charges to contact you. Both phone numbers will ring your VoIP phone wherever you have your converter hooked up to a high-speed Internet connection.

There are a few drawbacks to VoIP, with regard to limitations of use, reliance on other services, and implementation challenges, but VoIP will only improve with time.