How to Protect Your VoIP Network from AttacksBefore you deploy VoIP, however, you need to be aware of the security risks and the countermeasures that you can take.Security is important in every context, but especially when you're replacing the world's oldest, largest and most resilient and available communications network. While no individual security measure will eliminate attacks against VoIP deployments entirely, a layered approach can meaningfully reduce the probability that attacks will succeed. More... |
IP Telephony Security, Part 1: Threats to SubscribersIP networks are now used to handle an increasing number of voice calls. While the bulk of this telephone traffic is currently enterprise, consumers are dabbling in IP Telephony (alias Voice over IP, VoIP). As products are commoditized and public services like Vonage mature, new voice-data applications will be offered, encouraging even broader adoption. As a VOIP customer or user, you need to understand how VOIP differs from plain old telephone service. More... |
IP Telephony Security, Part II: Threats to OperatorsPart I of this series explains how IP networks are used to handle an increasing number of voice calls. As products are commoditized, new applications appear, and more public IPT "carriers" come online, even broader adoption is inevitable. The dark side of the convergence of voice, IP, and wireless networking also presents formidable threats to VOIP network operators, both public and private. More... |
Is VOIP hacking heating up? What do disclosure lists indicate?It's unusual to see three SIP-related posts on BugTraq in the span of less than a week. Perhaps it's an anomaly, but last week, exploit code for two vulnerabilities and a new SIP war dialing tool were announced. These posts suggest that there are enough SIP UAs to make attacking *interesting* and that traditional scanning and information gathering tools can and are being extended to probe SIP-based applications. More... |
Books
Hacking VOIP Exposed
Understanding Voice over Internet Protocol Security
Forums and Consortia
VOIP Security Alliance
Voice Over Packet Security
The Defense Switched Network (DSN) DISA
VOIP Security Research at the University of Hamburg
Security Standards and Works in Progress
RFC 3093, Firewall Enhancement Protocol
RFC 3323, A Privacy Mechanism for the Session Initiation Protocol
RFC 3324, Short Term Requirements for Network Asserted Identity
RFC 3325, Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks
RFC 3711, The Secure Real-time Transport Protocol (SRTP)
RFC 3725, Best Current Practices for Third Party Call Control (3pcc) in the Session Initiation Protocol (SIP)
RFC 3760, Securely Available Credentials (SACRED) - Credential Server Framework
RFC 3830, MIKEY: Multimedia Internet KEYing
Secure SIP
Secure SIP protects VoIP traffic by Michael Ward
SKYPE Security
SKYPE: Free Internet Telephony that just works
Skype Security Evaluation by Tom Berson
Skype uncovered: Security study of Skype by Desclaux Fabrice
Attacks and Threats
Eavesdropping an IP Telephony Call by Tom Long
Voices... I hear voices! by Ivan Arce
VOIP Security Threats Explained
Two attacks against VoIP by Peter Thermos
The Value of SIP Security by Mark Collier
Security Concerns with VOIP by Weiss
Security Analysis: Traditional Telephony and IP Telephony by Alan Klein
VoIP Security Challenges In Enterprise And Service Provider Networks by Steve Bakke
The RTP DOS Attack and its Prevention by Jonathan Rosenberg
IPT: Is Your VOIP Secure? at Communications Convergence
VOIP spam - it's coming by Peter Cochrane
Security Considerations when Implementing IP Telephony in Enterprise Networks at Ericcson
IP Telephony in Enterprise Environments and Security Issues by Brennan Reynolds
How VoIP is changing the network security equation by Philip Bednarz
Modem Passthrough over Voice over IP at Cisco Systems
VOIP and Security Greg Tucker
Voice over IP Exposed Larry Stevens
Experts: VOIP Attacks Are Tough to Stop at Dark Reading
The myths and realities of VoIP security Zeus Kerravala
Hacking VOIP Exposed
SPIT, SPAM and Vishing
SPAM and DOS headed VOIP's way by Susan Kushinskas
Net phone customers brace for VOIP spam by Ben Charny
Don't SPIT on VOIP by Susan Kuchinskas
Move over SPAM, make room for SPIT NewScientist.com news service
What is Voice Phishing?
Mark Collier's VOIP Phishing Blogs
VOIP and Wireless (WiSIP, VOWLAN)
VoIP Vulnerabilities and DoS Delusions by Andy Dornan
Overcoming QoS, Security Issues in VoWLAN Designs by Ravi Kodavarti
Adding Voice Service to a WLAN Network: Protecting QoS and Data Security at Colubris
Beyond Interoperability: Network Security: as a Voice over IP (VoIP) Enabler
Defenses and Countermeasures
A VoIP security plan of attack by Joel Snyder
IP Telephony changes security equation Mathias Thurmon
SIP, Security and Session Controllers Newport Networks
Breaking Through IP Telephony Ed Meir
VOIP Security: Not an afterthought by Douglas C. Sicker and Tom Lookabaugh
Configuring High Availability in a SIP-Based Network
Security Considerations for Voice over IP Systems at NIST
Next Generation Networks and Security Peter Thermos and Guy Hadsall
VOIP Security Technical Implementation Guide Defense Information Security Agency
VOIP Security - A Layered Approach
Often Overlooked: PBX and Voice Security in a Networked World by Chris Herrera
VOIP: Don't overlook security
The value of VOIP security by Mark Collier
Securing IP Telephony by Tony Rybczynski
Defense in Depth for VOIP networks by Dave Roberts
Security in SIP-Based Networks at Cisco Systems
How VoIP is changing the network security equation by EE Times
STOP DoS Attacks against your VoIP by Tom Lancaster
VOIP Security Implementation by Debbie Greenstreet and Sophia Scoggins
Securing The IP Telephony Perimeter David Greenfield
Secure IP Telephony For The Enterprise at Check Point Technologies
Voice over IP Security Matt Tanase
VoIP Security: Loose IPs Sink Ships Ray Horak
Security for service provider VoIP networks at Nortel Networks
VOIP Security - Firewall Options
Five VoIP security recommendations Gerhard Eschelbeck
SIP Firewalls Tom Lancaster
Avoiding a VoIP security 'judgment day'Eric B. Parizo
Encrypting VoIP traffic: How and why
Employ fuzzing to test VoIP security Benjamin Vigil
VoIP Security - Best Practices Outline at Juniper Networks
Privacy Guru Locks Down VOIP Phil Zimmerman on PGP VoIP
VoIP security safeguards -- they may be there already VoIP News
VoIP tightens security against fuzzing, zombies, malicious intruders
Comments
You can follow this conversation by subscribing to the comment feed for this post.