-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-018
Understanding Voice over Internet Protocol (VoIP)
With the introduction of VoIP, you can use the internet to make
telephone calls instead of relying on a separate telephone line.
However, the technology does present security risks.
What is voice over internet protocol (VoIP)?
Voice over internet protocol (VoIP), also known as IP telephony,
allows you to use your internet connection to make telephone calls.
Instead of relying on an analog line like traditional telephones, VoIP
uses digital technology and requires a high-speed broadband connection
such as DSL or cable. There are a variety of providers who offer VoIP,
and they offer different services. The most common application of VoIP
for personal or home use is internet-based phone services that rely on
a telephone switch. With this application, you will still have a phone
number, will still dial phone numbers, and will usually have an
adapter that allows you to use a regular telephone. The person you are
calling will not likely notice a difference from a traditional phone
call. Some service providers also offer the ability to use your VoIP
adapter any place you have a high-speed internet connection, allowing
you to take it with you when you travel.
What are the security implications of VoIP?
Because VoIP relies on your internet connection, it may be vulnerable
to any threats and problems that face your computer. The technology is
still new, so there is some controversy about the potential for
attack, but VoIP could make your telephone vulnerable to viruses and
other malicious code. Attackers may be able to perform activities such
as intercepting your communications, eavesdropping, conducting
effective phishing attacks by manipulating your caller ID, and causing
your service to crash (see Avoiding Social Engineering and Phishing
Attacks and Understanding Denial-of-Service Attacks for more
information). Activities that consume a large amount of network
resources, like large file downloads, online gaming, and streaming
multimedia, will also affect your VoIP service.
There are also inherent problems to routing your telephone over your
broadband connection. Unlike traditional telephone lines, which
operate despite an electrical outage, if you lose power, your VoIP may
be unavailable. There are also concerns that home security systems or
emergency numbers such as 911 may not work the way you expect.
How can you protect yourself?
* Keep software up to date - If the vendor releases patches for the
software operating your device, install them as soon as possible.
These patches may be called firmware updates. Installing them will
prevent attackers from being able to take advantage of known
problems or vulnerabilities (see Understanding Patches for more
information).
* Use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known viruses.
However, attackers are continually writing new viruses, so it is
important to keep your anti-virus software current (see
Understanding Anti-Virus Software for more information).
* Take advantage of security options - Some service providers may
offer encryption as one of their services. If you are concerned
about privacy and confidentiality, you may want to consider this
and other available options.
* Install or enable a firewall - Firewalls may be able to prevent
some types of infection by blocking malicious traffic before it
can enter your computer (see Understanding Firewalls for more
information). Some operating systems actually include a firewall,
but you need to make sure it is enabled.
* Evaluate your security settings - Both your computer and your VoIP
equipment/software offer a variety of features that you can tailor
to meet your needs and requirements. However, enabling certain
features may leave you more vulnerable to being attacked, so
disable any unnecessary features. Examine your settings,
particularly the security settings, and select options that meet
your needs without putting you at increased risk.
Additional information
* Understanding Voice over Internet Protocol (VoIP) PDF
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST05-018.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSL7vJnIHljM+H4irAQIizAgAkv8OrsI7p6Ts5zaQ7LOAxUwEhXqY3MYD
Hzwwiwhc+FDP2OTfMqP5W2wxaA1jeGVXkCCzvY2EW8EygBl198mDO4IoiJNu7odE
pWF7nL4piw7xOiMdTCiAW9oJR0TCo9MFKpgtuenE6THEfpgAdIFA9t5oMakVUSKI
71BH9QCUYwsQgtgOfT3AvylZBQUal8rm+Q4jdo4mVkWepdrF4pt/loEU4ctOXx/y
QauSAJul1pJ3wLdD6lmRhe878uc4EuHpcoYZ3jitzZ1HHhDGW4m/dUG/b/cnxDRn
nXEKUzDY/KsjNQTZyiPHnMwHezfauDzk8q0ef2fMjFcxjlI457mOUQ==
=Qo+m
-----END PGP SIGNATURE-----
