US-CERT Cyber Security Tip ST05-018 -- Understanding Voice over Internet Protocol (VoIP)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    Cyber Security Tip ST05-018
          Understanding Voice over Internet Protocol (VoIP)

   With the introduction of VoIP, you can use the internet to make
   telephone calls instead of relying on a separate telephone line.
   However, the technology does present security risks.

What is voice over internet protocol (VoIP)?

   Voice  over  internet  protocol  (VoIP),  also  known as IP telephony,
   allows  you  to  use your internet connection to make telephone calls.
   Instead of relying on an analog line like traditional telephones, VoIP
   uses digital technology and requires a high-speed broadband connection
   such as DSL or cable. There are a variety of providers who offer VoIP,
   and they offer different services. The most common application of VoIP
   for personal or home use is internet-based phone services that rely on
   a telephone switch. With this application, you will still have a phone
   number,  will  still  dial  phone  numbers,  and  will usually have an
   adapter that allows you to use a regular telephone. The person you are
   calling  will  not likely notice a difference from a traditional phone
   call.  Some  service providers also offer the ability to use your VoIP
   adapter  any place you have a high-speed internet connection, allowing
   you to take it with you when you travel.

What are the security implications of VoIP?

   Because  VoIP relies on your internet connection, it may be vulnerable
   to any threats and problems that face your computer. The technology is
   still  new,  so  there  is  some  controversy  about the potential for
   attack,  but  VoIP could make your telephone vulnerable to viruses and
   other malicious code. Attackers may be able to perform activities such
   as   intercepting   your   communications,  eavesdropping,  conducting
   effective phishing attacks by manipulating your caller ID, and causing
   your  service  to  crash (see Avoiding Social Engineering and Phishing
   Attacks   and   Understanding   Denial-of-Service   Attacks  for  more
   information).  Activities  that  consume  a  large  amount  of network
   resources,  like  large  file  downloads, online gaming, and streaming
   multimedia, will also affect your VoIP service.

   There  are  also inherent problems to routing your telephone over your
   broadband   connection.  Unlike  traditional  telephone  lines,  which
   operate despite an electrical outage, if you lose power, your VoIP may
   be  unavailable. There are also concerns that home security systems or
   emergency numbers such as 911 may not work the way you expect.

How can you protect yourself?

     * Keep  software up to date - If the vendor releases patches for the
       software  operating your device, install them as soon as possible.
       These patches may be called firmware updates. Installing them will
       prevent  attackers  from  being  able  to  take advantage of known
       problems  or  vulnerabilities  (see Understanding Patches for more
       information).
     * Use   and  maintain  anti-virus  software  -  Anti-virus  software
       recognizes  and protects your computer against most known viruses.
       However,  attackers  are continually writing new viruses, so it is
       important   to   keep   your   anti-virus  software  current  (see
       Understanding Anti-Virus Software for more information).
     * Take  advantage  of  security options - Some service providers may
       offer  encryption  as  one of their services. If you are concerned
       about  privacy  and confidentiality, you may want to consider this
       and other available options.
     * Install  or  enable  a firewall - Firewalls may be able to prevent
       some  types  of  infection by blocking malicious traffic before it
       can  enter  your  computer  (see  Understanding Firewalls for more
       information).  Some operating systems actually include a firewall,
       but you need to make sure it is enabled.
     * Evaluate your security settings - Both your computer and your VoIP
       equipment/software offer a variety of features that you can tailor
       to  meet  your  needs  and requirements. However, enabling certain
       features  may  leave  you  more  vulnerable  to being attacked, so
       disable   any   unnecessary   features.   Examine  your  settings,
       particularly  the  security settings, and select options that meet
       your needs without putting you at increased risk.

Additional information

     * Understanding Voice over Internet Protocol (VoIP) PDF
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-018.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSL7vJnIHljM+H4irAQIizAgAkv8OrsI7p6Ts5zaQ7LOAxUwEhXqY3MYD
Hzwwiwhc+FDP2OTfMqP5W2wxaA1jeGVXkCCzvY2EW8EygBl198mDO4IoiJNu7odE
pWF7nL4piw7xOiMdTCiAW9oJR0TCo9MFKpgtuenE6THEfpgAdIFA9t5oMakVUSKI
71BH9QCUYwsQgtgOfT3AvylZBQUal8rm+Q4jdo4mVkWepdrF4pt/loEU4ctOXx/y
QauSAJul1pJ3wLdD6lmRhe878uc4EuHpcoYZ3jitzZ1HHhDGW4m/dUG/b/cnxDRn
nXEKUzDY/KsjNQTZyiPHnMwHezfauDzk8q0ef2fMjFcxjlI457mOUQ==
=Qo+m
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux