VoIP Security

By | August 15, 2006

Software can also be used to report unusual calling patterns from ‘legitimate’ phones, drawing any that might be running rogue dialler software to the administrator’s attention.

Access to billing systems and records can be protected using conventional IT security measures. A point of weakness that organisations need to be aware of is disaffected staff – especially if they are employed in management of the IP telephony system.

Nuisance calls

The goal: To cause inconvenience or offence

How it works: SPIT – Spam over Internet Telephony – can be thought of as a new, and potentially more disruptive, way for people to make nuisance calls.

Because VoIP is a data service, the rate at which voice messages can be sent isn’t limited by the number of a lines the caller has available or the rate at which numbers can be dialled. Instead, an audio file could be uploaded to a computer and sent to a list of target IP addresses in much the same way that email spam is sent to people’s inboxes. Depending on the performance of the computer and the capacity of the network connection, thousands of ‘calls’ could be made every few minutes.

These might simply promote products and services that recipients don’t want, or they could have a more malicious intent.

How to stop it: While not yet a major problem, experts expect SPIT to become an increasing irritation as IP telephony becomes more commonplace.

Solutions similar to those used to remove spam messages from email inboxes will be required to prevent SPIT reaching its target, wasting the recipient’s time and consuming network resources unnecessarily.

These will need to achieve higher levels of performance, however, to avoid introducing delays that could disrupt ‘legitimate’ calls.

Eavesdropping

The goal: To listen in to calls or otherwise acquire confidential information.

How it works: VOMIT is an acronym for Voice Over Misconfigured Internet Telephony. It is a technique that can be used when the data packets that make up phone calls are transmitted through a network that also carries data.

Leave a Reply