Exploring Security Risks in VoIP- Service provision

Exploring Security Risks in VoIP- Service provision

by Chris Kenny

There is no doubt that VoIP is fast becoming a very good alternative to the traditional mode of communication. As many people switch to VoIP due its compelling business opportunities, many other issues arise as well, namely security. VoIP solution has made a transition from emerging technology to a viable business solution. This transition has brought with it a challenging security issues.

Many factors have made VoIP Solution a viable business opportunity and a cost-saving alternative to PSTN especially, sharing of the same network infrastructure, and plug -and - play adaptability. Some of these factors present significant threats and dangers in terms of security of information.

Packet networks depend for their successful operation on a large number of configurable parameters, namely IP and MAC addresses of voice terminals, addresses of gateways, and VoIP specific software such as call managers and other softwares used to make and receive calls. Most of these parameters are established dynamically every time a network device is restarted.

Many intruders have a wide array of potentially vulnerable points of attack because there are some points in the network with dynamically configurable parameters. Opportunities for eavesdroppers increase dramatically because of the many nodes in a packet network. Packets that are sent from a user's computer at home or in the office to an online retailer may have to pass through 10-15 systems that are not under the control of the user's internet service provider (ISP) or the retailer and so are exposed.

Hackers could install special software that can scan packets for credit card information or other vital information.

To resolve this kind of problem, most online retailers use encryption software to protect a user's sensitive information and credit card number, and this technology is constantly being updated.

Similarly, VoIP - which transits voice messages across networks inform of packets - becomes vulnerable to disruptions caused by all-too-familiar denial of service (DOS) attacks, viruses and worms which are mainly targeted at IP infrastructure.

Confidentiality and privacy may be at greater risk in VoIP systems unless strong controls and security measures are implemented and maintained. VoIP systems are still evolving and dominant standards have not fully emerged.

VoIP systems are not as reliable as the public switched telephone network (PSTN) service. VoIP cannot function without internet connections, except for large corporate bodies and some users that operate a private network.

Eavesdropping on conversations is an obvious concern in this system, and confidentiality of other information on the network must be explored to defend against toll fraud, voice and data interception, and denial of service attacks.

VoIP providers and users alike must take steps in resolving these potential areas of threats and vulnerabilities in VoIP environment, including vulnerabilities of both VoIP phones and switches.

Careful planning development, maintenance and implementation of adequate security measures will go along way in reducing potential security threats & risks and restore confidence on the use of the system.