US-CERT Cyber Security Tip ST05-018 -- Understanding Voice over Internet Protocol (VoIP)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        Cyber Security Tip ST05-018
              Understanding Voice over Internet Protocol (VoIP)

   With the introduction of VoIP, you can use the internet to make telephone
   calls instead of relying on a separate telephone line. However, the
   technology does present security risks.

What is voice over internet protocol (VoIP)?

   Voice over internet protocol (VoIP), also known as IP telephony, allows you
   to use your internet connection to make telephone calls. Instead of relying
   on an analog line like traditional telephones, VoIP uses digital technology
   and requires a high-speed broadband connection such as DSL or cable. There
   are  a  variety  of providers who offer VoIP, and they offer different
   services. The most common application of VoIP for personal or home use is
   internet-based phone services that rely on a telephone switch. With this
   application, you will still have a phone number, will still dial phone
   numbers, and will usually have an adapter that allows you to use a regular
   telephone. The person you are calling will not likely notice a difference
   from a traditional phone call. Some service providers also offer the ability
   to  use  your  VoIP  adapter  any place you have a high-speed internet
   connection, allowing you to take it with you when you travel.

What are the security implications of VoIP?

   Because VoIP relies on your internet connection, it may be vulnerable to
   many of the same problems that face your computer and even some that are
   specific to VoIP technology. Attackers may be able to perform activities
   such as intercepting your communications, eavesdropping, taking control of
   your phone, making fraudulent calls from your account, conducting effective
   phishing attacks by manipulating your caller ID, and causing your service to
   crash  (see  Avoiding  Social  Engineering  and  Phishing  Attacks and
   Understanding Denial-of-Service Attacks for more information). Activities
   that consume a large amount of network resources, like large file downloads,
   online gaming, and streaming multimedia, may affect your VoIP service.

   There  are  also inherent problems to routing your telephone over your
   broadband connection. Unlike traditional telephone lines, which operate
   despite  an  electrical  outage,  if  you lose power, your VoIP may be
   unavailable.   VoIP   services   may   also   introduce  problems  for
   location-dependent  systems such as home security systems or emergency
   numbers such as 911.

How can you protect yourself?

     * Keep  software up to date - If the vendor releases updates for the
       software  operating your device, install them as soon as possible.
       Installing them will prevent attackers from being able to take advantage
       of known problems or vulnerabilities (see Understanding Patches for more
       information).
     * Use and maintain anti-virus software - Anti-virus software recognizes
       and  protects  your  computer against most known viruses. However,
       attackers are continually writing new viruses, so it is important to
       keep your anti-virus software current (see Understanding Anti-Virus
       Software for more information).
     * Take advantage of security options - Some service providers may offer
       encryption as one of their services. If you are concerned about privacy
       and confidentiality, you may want to consider this and other available
       options.
     * Install or enable a firewall - Firewalls may be able to prevent some
       types of infection by blocking malicious traffic before it can enter
       your computer (see Understanding Firewalls for more information). Some
       operating systems actually include a firewall, but you need to make sure
       it is enabled.
     * Evaluate your security settings - Both your computer and your VoIP
       equipment/software offer a variety of features that you can tailor to
       meet your needs and requirements. However, enabling certain features may
       leave you more vulnerable to being attacked, so disable any unnecessary
       features. Examine your settings, particularly the security settings, and
       select options that meet your needs without putting you at increased
       risk.

Additional information

     * Understanding Voice over Internet Protocol (VoIP) PDF
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.
 
     Note: This tip was previously published and is being
     re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST05-018.html

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit

     http://www.us-cert.gov/cas/signup.html







-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTOFFTz6pPKYJORa3AQLtlAf/cX6pqJLP3m4rDLKbZdbTd+fKEzQwYeqL
xvlQ8PJal35rWO/ckL3ejrO0/p/G2cy2a+9PJYoLnfVgJi6sCgsP5xlNDirYYxEO
Olgi2dEevVf7NT372ZO+TNdndOso+x0U6ZmR6hC6W6JpQ0VEWDRGJ7VFv99Gp3LY
nu/bjiMLNbwVRL1XKYUUfglSbZvLAgHKRSo/eXlOB2fJxc6vayP5+6uG7jhDqdta
OUPt1p9wzvwg8kIsrp1S+/T4qqD04Tr1XdA4aSAUgwskO23GMSgQj6DC7NPRSiTo
3oJmlstQISR68ipq24EvA9zc+lpDbby0M6SYIJcRajtOCdIj7egcSQ==
=jN5D
-----END PGP SIGNATURE-----


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux