Section 10.2. Security for IP Telephony


10.2. Security for IP Telephony

IP telephony security boils down to three risk factorsthe application, the network operating systems, and the infrastructure. Secure these, and you secure the VoIP network. Here are the most common types of security risks to data networks today:



DoS (denial of service)

Attacks that reduce or compromise the functionality of a software system via a buffer or bandwidth overrun or by exploiting a security bug. Generally, DoS attacks are accomplished using specific code to create certain conditions within a target host or network that trigger a denial of service. As a rule, DoS attempts are defeated with access control.



Man-in-the-middle

Attacks that allow a third party to monitor, record, block, or even alter, a data transmission. Packet sniffing, or the capture of packets on a data link, usually accompanies this kind of attack. Man-in-the-middle attacks are defeated with encryption and authentication.



Trojan horses and malware

Autonomous software processes designed to travel across the Internet and IP networks, infecting exploitable hosts in order to replicate themselves and, sometimes, to leave a footprint behind.

In the world of convergence, access control, call-accounting, and telephony features are aspects of the same extensible network. Depending on whether your IP telephony applications come from the phone company or from the local softPBX, your ability to control and customize them varies. If you've chosen a VoIP technology that is open and standards-based, like VOCAL or Asterisk, you can build exacting security policies, precise call-accounting and logging systems, and limitless authentication features.

Supporting the telephony application is a network operating systemusually Linux, FreeBSD, or Windowsthat has its own security concerns. Anybody who's run an Internet server for even a short time knows the importance of hardening the network operating system against viruses, security exploits, and bug-ridden software agents .

Finally, the network infrastructurethe protocols and connectivity equipmenthas a set of security issues that must be addressed. This can mean establishing policies for network access via firewalls or authenticating VoIP devices as they attempt to communicate. This also means auditing network traffic, discouraging network intrusion, and promoting privacy.

The application, the operating systems, and the network infrastructure each have many layers of security features and provisions. Like QoS systems, you may not use them all. As a VoIP network maintainer, your security duties will boil down into three categories: access control, software maintenance, and intrusion prevention.



Switching to VoIP
Switching to VoIP
ISBN: 0596008686
EAN: 2147483647
Year: 2005
Pages: 172

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net