Security issues around VoIP systems


The security of phone systems has often remained a separate subject. Now, the risks associated with telephone systems can have serious consequences on the information system and businesses.

Moreover, the list of historical flaws of telephony is still relevant now that it uses IP standards.

VoIPshield Laboratories, a company specializing in the security of VoIP systems in November 2008 discovered a security flaw in the protocol RTP1.

The flaw in question was not presented in detail but the lab announced that it would conduct denial of service attacks on software users using RTP.

Software Aspect

With the commoditization of broadband networks, the number of applications has increased dramatically. The applications of VoIP (Voice over IP) is one of the new opportunities.

The increase in flows and permanent connections provide opportunities for development of voice over IP (Internet Protocol).

The development of VoIP has led designers to develop API (Application Programming Interface) specific to VoIP. The integration of new requirements in a platform development helps attract software developers who need to integrate functions of VoIP into their applications. They implement the SIP protocol.

VoIP APIs can be used in many applications, the simplest being soft phones. Other applications can integrate VoIP as a secondary need.

For example, instant messaging applications that integrate increasingly able to speak directly with contacts or any application requiring a textual interaction between different client applications such as video games.

Several solutions exist to make Voice over IP. Either with proprietary solutions and infrastructure based on a service provider server such as Skype or Yahoo! Messenger software.

Other solutions such as NetMeeting or KPhone, can operate in a peer-to-peer network or connect via standard protocols independent phone infrastructure. Finally, some manufacturers offer solutions such as IP PBX Aastra, Cisco, Alcatel, Wildix, Sipleo3 or free Asterisk solution.

The parameters required include:

Owner network name, password, no such thing, APN (mobile)
of Voip Service: name, password, IP / domain FQNDN, stun server, Proxy outBoound


VoIP equipment is more directly compatible with Wi-Fi phones all in one, or many “VoIP gateways” that allow you to connect an old post of traditional phone service.

Some materials are linked in their operation with proprietary solutions like Skype, while others are based on the open SIP protocol, providing compatibility with a variety of VoIP services.

There are PCI interface cards (eg Digium) which allow PBX (such as Asterisk) software to connect to one or more analog lines (classic). VoIP for better compatibility, they must comply with TIA / EIA standards, ISO / IEC and CENELEC in the cabling Ortronics fiber or copper.

VoIP should be improved by IPv6 when generalized. The quality of service built into its design allows to independently manage various streams such as voix4, Internet browsing (including downloads that loom large bandwidth).

In this way, the voice quality should be optimum and of consistent quality.

About these ads