VoIP: A New Frontier for Security and Vulnerabilities
Introduction to Voice over IP Technology
The promise of extremely cheap telephone service, utilizing the Internet to transmit voice, has made voice over IP an attractive and profitable idea. Vonage (http://www.vonage.com/) and other service providers entice consumers by charging a flat, monthly rate for unlimited long distance in the U.S. and Canada; the rate is often less than it would cost for a regular phone line without any long distance charges. An entity with an enormous call volume, such as a worldwide retail corporation, could benefit from tremendous cost savings by transitioning all of its telephony networks to VoIP.
Voice over IP uses a server to connect all telephones in a local area network and act as a gateway for VoIP packets traveling to and from the Internet. Consumers with broadband internet connections can purchase VoIP handsets or routers with an RJ-11 jack to connect regular telephones. Businesses must implement a VoIP application server to handle corporate telephone use, much like mail servers are used to manage email. The Internet Protocol Private Branch eXchange (IP PBX) is telephone equipment used by private companies, rather than telephone service providers, for the management of VoIP calls placed on the data network. When considering VoIP, organizations should focus on necessary quality of service (QoS) requirements, the cost to implement, and a number of security precautions needed to protect the network (Mullins, 2005).
The two most common protocols central to VoIP are Session Initiation Protocol (SIP) and H.323. Both also rely on a number of other protocols, such as DNS and ENUM, in order to locate and navigate to other hosts on the Internet.
SIP first uses either TCP or UDP to signal a host on port 5060; then the Real-Time Transport Protocol (RTP) is used to transmit an audio stream over UDP ports 16384 through 32767 (Mullins, 2005). It is a broader specification, generally used to connect network devices to servers or other kinds of control equipment. SIP supports user authentication and the transmission of any type of media, including audio, video, and messaging.
On the other hand, H.323 is a bit more complex, deriving much of its design from legacy communication systems. Some would argue that it is also better, having already experienced and solved communication problems in the past. H.323 utilizes unicast and multicast on UDP port 1718 to locate the gateway; then remote access service (RAS) is started on UDP port 1719. H.225 and H.245 are also used for call signaling over TCP port 1720 and data transmission over TCP ports 1000 through 65535 (Mullins, 2005).
As with any new technology of the Information Age which has had groundbreaking implications for...