The potential danger is very real. VoIP is susceptible to the many exploits that networks generally are heir to — denial of service, buffer overflows and more. VoIP PBXs are servers on corporate networks and are only as secure as the networks themselves.In addition, there are many voice-specific attacks and threats. These have been chronicled by researchers and vendors intending to alert users and suggest ways to guard against them.
For instance, two protocols widely used in VoIP — H.323 and Inter Asterisk eXchange — have been shown to be vulnerable to sniffing during authentication, which can reveal passwords that later can be used to compromise the voice network. Implementations of Session Initiation Protocol (SIP), an alternative VoIP protocol, can leave VoIP networks open to unauthorized transport of data.
In addition, tools that can help find vulnerable deployments have been published online by a VoIPSA, an industry group dedicated to securing VoIP. The VoIPSA tools are intended to help businesses test and secure their networks, but these and other online tools can be used to probe for weaknesses as well.
Still, there have been few exploits so far and none that have been widespread or crippling to businesses. “We are not hearing about attacks. We don’t think they are happening,” says Lawrence Orans, an analyst with Gartner.
Part of the reason may be that the largest VoIP vendors use proprietary protocols, such as Cisco’s Skinny, Nortel’s Unistim and Avaya’s variant of H.323, Orans says. That makes them difficult to obtain and study for potential security cracks. “These systems are not readily available to the bad guys,” he says.
Thursday, December 27, 2007
VoIP in ‘08 - Good News, Bad News
With a new year, comes new worries about vulnerabilities, attacks and the like, and 2008 is no different. Whether it’s pertaining to VoIP, IT or just your e-mail account, the stuff is out there swirling around and although it’s anybody’s guess where it can land, it can be an educated guess. The folks at Network World have a good piece on what we can expect in terms of VoIP vulnerabilities in the new year and while the bad news is that threats and attacks will still continue, the good news is that from their vantage point, the situation is not as critical. Phew! You can read the entire piece right here, but in the meantime, a short excerpt:
Monday, December 17, 2007
The Top 25 VoIP Innovations of 2007
Behind all of the headlines about patent suits and service-provider collapses, the VoIP business remained full of innovation in 2007. Almost every aspect of the industry, from hardware to software to services, saw a variety of large and small breakthroughs from new and established players. Some of the most creative advances involved mixing and matching the benefits of VoIP and traditional telephony. Here, in no particular order, are 25 of the year's most interesting innovations.
Click here for the article source.
Click here for the article source.
Thursday, December 13, 2007
Firefox VoIP Extension open to any SIP provider
A new version of their Firefox VoIP extension that is open to any SIP provider. Luca writes, "A new version of the VoIP Extension is now available for download and it’s not limited to the Abbeyphone VoIP service only. You can insert your favorite VoIP service or even your company’s Asterisk PBX."
Click here to read the full article.
Click here to read the full article.
VoIP breaks onto iPhone and iPod
Voice calls over the internet have migrated onto Apple's new iPod and iPhone products through a new application created by VoIP technology developer Raketu.
Owners of the iPhone and iPod Touch can now use their device's web browser to make a connection over the web that allows them to talk to other people around the world.
Using the scheme means that international calls can be essentially free, although a monthly subscription fee to Raketu is required.
While the iPhone has already been targeted by other consumer VoIP services, Raketu's application is one of the first to work on the iPod Touch over its web connection.
However, these services are solidly aimed at individual users who are not concerned about security or being easily contactable.
Business users may find that a better IP telephony option for them could be a portable VoIP phone that is connected to their employer's IP PBX system, meaning they can make free calls but remain part of the company's voice network.
Owners of the iPhone and iPod Touch can now use their device's web browser to make a connection over the web that allows them to talk to other people around the world.
Using the scheme means that international calls can be essentially free, although a monthly subscription fee to Raketu is required.
While the iPhone has already been targeted by other consumer VoIP services, Raketu's application is one of the first to work on the iPod Touch over its web connection.
However, these services are solidly aimed at individual users who are not concerned about security or being easily contactable.
Business users may find that a better IP telephony option for them could be a portable VoIP phone that is connected to their employer's IP PBX system, meaning they can make free calls but remain part of the company's voice network.
Tuesday, November 27, 2007
It’s easy to hack VOIP
At least that’s what UK based VOIP expert Peter Cox, demonstrated with his Siptap software, which is able to “monitor multiple Voice-over-IP (VoIP) call streams, listening in and (record) them for remote inspection as .wav files.” Run on a test network, the application was able to extract sensitive information from a normal VoIP conversation. Still proof-of-concept, the experiment would probably have to be run on a wider scale to really demonstrate that it can work though.
The lack of privacy in VoIP connections is nothing new though, as anyone with a bit of networking knowledge can access packets of a VoIP flow from an unencrypted network and easily eavesdrop on a conversation. That’s why VoIP users need to make sure they follow a few steps to guarantee a minimum of privacy while chatting away. The best is to set up an encrypted network and just make sure you’re not giving away private information when you’re talking over VoIP. Also check out this list of 25 ways to secure your VoIP network. It includes tips like restricting VoIP to a Virtual Local Area Network (VLAN), monitoring traffic on your VoIP network, setting up firewalls or using proxy servers. You’re never too safe.
The lack of privacy in VoIP connections is nothing new though, as anyone with a bit of networking knowledge can access packets of a VoIP flow from an unencrypted network and easily eavesdrop on a conversation. That’s why VoIP users need to make sure they follow a few steps to guarantee a minimum of privacy while chatting away. The best is to set up an encrypted network and just make sure you’re not giving away private information when you’re talking over VoIP. Also check out this list of 25 ways to secure your VoIP network. It includes tips like restricting VoIP to a Virtual Local Area Network (VLAN), monitoring traffic on your VoIP network, setting up firewalls or using proxy servers. You’re never too safe.
Asterisk V1.4.11 Performance! Tested, verified and documented.
Good Folks at Transnexus who did a performance test on OpenSER a while back, recently performed an in-depth performance test on Asterisk V1.4.11 configured as a SIP B2BUA. This test was conducted on a server with two Xeon 5140, dual core, 2.33 GHz CPUs and 4 GB of RAM.
The Good news is that they found an Asterisk B2BUA on this hardware can manage 1500 simultaneous calls with no transcoding and 400 simultaneous calls with G.711 to G.729 transcoding.
A summary of the test is available
The test details are available (PDF)
Asterisk[IP PBX] unveils customized Linux distro
Asterisk is an open source/free software implementation of a telephone private branch exchange (PBX) originally created by Mark Spencer of Digium. The basic Asterisk software includes many features available in proprietary PBX systems: voice mail, conference calling, interactive voice response (phone menus), and automatic call distribution. Asterisk is released under a dual license scheme, the free software license being the GNU General Public License (GPL), the other being a proprietary software license as to allow proprietary/closed and patented code, such as the G.729 codec to work with the system. Asterisk runs on NetBSD, OpenBSD, FreeBSD, Mac OS X, and Solaris, although as the native platform, Linux is the most supported of these.
AsteriskNOW is an open source Software Appliance; a customized Linux distribution that includes Asterisk (the leading open source telephony engine and tool kit), the AsteriskGUI, and all other software needed for an Asterisk system. AsteriskNOW is easy to install, and offers flexibility, functionality and features not available in advanced, high-cost proprietary business systems.
How to: Setup Asterisk PBX Easily with AsteriskNOW in 30 minutes
Setting up Asterisk is considered as a difficult task. Building a VoIP Linux server with Asterisk is easy with AsteriskNOW software, which can setup Asterisk in minutes:
AsteriskNOW is an open source Software Appliance; a customized Linux distribution that includes Asterisk (the leading open source telephony engine and tool kit), the AsteriskGUI, and all other software needed for an Asterisk system. AsteriskNOW is easy to install, and offers flexibility, functionality and features not available in advanced, high-cost proprietary business systems.
Click here to setup your AsteriskNOW
AsteriskNOW is an open source Software Appliance; a customized Linux distribution that includes Asterisk (the leading open source telephony engine and tool kit), the AsteriskGUI, and all other software needed for an Asterisk system. AsteriskNOW is easy to install, and offers flexibility, functionality and features not available in advanced, high-cost proprietary business systems.
How to: Setup Asterisk PBX Easily with AsteriskNOW in 30 minutes
Setting up Asterisk is considered as a difficult task. Building a VoIP Linux server with Asterisk is easy with AsteriskNOW software, which can setup Asterisk in minutes:
AsteriskNOW is an open source Software Appliance; a customized Linux distribution that includes Asterisk (the leading open source telephony engine and tool kit), the AsteriskGUI, and all other software needed for an Asterisk system. AsteriskNOW is easy to install, and offers flexibility, functionality and features not available in advanced, high-cost proprietary business systems.
Click here to setup your AsteriskNOW
Friday, November 23, 2007
VoIP on 3G will beat Wi-Fi
Mobile VoIP is set to grow, but it will run over the 3G data provided by cellular handsets, rather than over Wi-Fi, according to a research report from Disruptive Analysis Ltd., which predicts 250 million users of 3G VoIP by 2012, compared with less than 100 million for voice on Wi-Fi.
article source: here
article source: here
Deciding on a 'best' VoIP solution provider
In the modern competitive scenario, businesses need to do all that it takes to stay ahead. In this context, the change from public switch telephony network toVoIP makes a lot of sense in terms of cost efficiency and productivity enhancement. Once the decision to switch to VoIP is finalized, organizations need to choose the 'best' provider of VoIP solutions.
article source: here
article source: here
Thursday, November 22, 2007
Why Nobody’s VoIP Is Secure
Eric Vyncke made headlines in October 2007 by telling an audience at RSA Conference Europe 2007 that “nearly nobody” is deploying secure VoIP — even while acknowledging, in a separate interview, that there have been deployments of hundreds or thousands of VoIP phones at a time during the past five years.
Article source: here
Article source: here
Top 10 Security Threat Predictions For 2008
Voice over Internet Protocol (VoIP) attacks comprised more than double the number of security vulnerabilities compared to all of 2006, according to McAfee Avert Labs Top 10 Security Threats of 2008 report. While VoIP threats seem to be here to stay, the defensive technology is still playing catch-up. McAfee expects a 50 percent increase in VoIP-related threats in 2008.
article source: here
Sunday, November 4, 2007
VoIP Resellers: The best way to step into the field of VoIP
With market share for VoIP services reaching sky high, VoIP reseller business opportunities are increasing along with it. People are slowly switching from standard phone lines to voice overIP telephony due to the multitudinous advantages that this service brings along. Let us analyse few of the benefits that has made this service such a huge hit among one and all in a short span of time.
Benefits of VoIP Call Termination Services
1. This service allows you to make more than one call at any given point of time.
2. With the helps of VoIP you can send data, video and voice all three through the same line thereby increasing the efficiency of resources.
3. One of the major reasons for the popularity of this service is that the long distance and international long distance calls can be made at a much cheaper rate. You can easily save over 40% of your monthly telephony expenditure through this service.
4. IP telephony services are extremely flexible and can be easily interconnected with your existing telephony service to enable you to make cost efficient calls.
5. Besides the above mentioned advantages, business houses who have mobile workers or frequent travelers find this service to be of great use for they get the ability to make VoIP calls from anywhere across the globe! All you would need is an internet connection, computer and headphones.
It is primary because of these reasons that not just corporates but also residentials are deploying VoIP services. Therefore the time is right for a company looking to expand its operations or to enter into this field of internet telephony to become a VoIP reseller.
Article Source: here
Benefits of VoIP Call Termination Services
1. This service allows you to make more than one call at any given point of time.
2. With the helps of VoIP you can send data, video and voice all three through the same line thereby increasing the efficiency of resources.
3. One of the major reasons for the popularity of this service is that the long distance and international long distance calls can be made at a much cheaper rate. You can easily save over 40% of your monthly telephony expenditure through this service.
4. IP telephony services are extremely flexible and can be easily interconnected with your existing telephony service to enable you to make cost efficient calls.
5. Besides the above mentioned advantages, business houses who have mobile workers or frequent travelers find this service to be of great use for they get the ability to make VoIP calls from anywhere across the globe! All you would need is an internet connection, computer and headphones.
It is primary because of these reasons that not just corporates but also residentials are deploying VoIP services. Therefore the time is right for a company looking to expand its operations or to enter into this field of internet telephony to become a VoIP reseller.
Vendor Guru has done the research to help you quickly find respected, cutting-edge Telephony companies with the products and services that are right for your business. Click here to learn more.Article Source: here
Challenger Mobile to Offer Free VOIP Without Wi-Fi
A mystery carrier in the UK will soon be partnering with Challenger Mobile to offer free VOIP from normal cellphones without the annoying necessity for a Wi-Fi network. The prospect would allow a mobile phone user to call any country in the world for completely free if the other party supports the techology. So how does it work?
It's a SIP (Session Initiation Protocol) based service, meaning that it's compatible with most cellphone service standards already. When I call you through SIP, your number would be converted to an email-like extension automatically and be sent to a central server. That server would then contact us both to establish the connection. And in the case that your service isn't SIP supported, calls can be appropriately routed to standard telephone networks.
We'll keep an eye on the potentially excellent service. But as many of you already know, anything promising to save you money will probably cost you.Open source gaining traction in U.S. government
Its not the exact topic which we discuss here, but important to know.
November 02, 2007 (IDG News Service) More than half of all U.S. government executives have rolled out open-source software at their agencies, and 71% believe their agency can benefit from the software, according to a survey released Thursday.
November 02, 2007 (IDG News Service) More than half of all U.S. government executives have rolled out open-source software at their agencies, and 71% believe their agency can benefit from the software, according to a survey released Thursday.
Fifty-five percent of respondents said their agencies have been involved or are currently involved in an open-source implementation, according to the survey, commissioned by the Federal Open Source Alliance, a group pushing the use of open-source software in government. The alliance is made up of Intel, Hewlett-Packard and Red Hat.
In addition, 29% of respondents who haven't adopted open-source software plan to do so in the next six to 12 months, the survey said.
"Open source is really gaining momentum in the federal marketplace," said Cathy Martin, director of public sector initiatives at HP. "It really came out loud and clear here. It was a little stronger than I even anticipated."
The survey of 218 IT decision-makers in the U.S. government found that 88% of those in intelligence agencies said that their operations can benefit from open source. That may not be surprising, given that the U.S. National Security agency has been supporting a secure Linux project, called Security Enhanced Linux, since 2001.
Saturday, November 3, 2007
Why VoIP is the next target for spammers
Industry experts believe that attacks over services such as Skype are moving from proof of concept to becoming a real threat
In what looks like a highly developed piece of irony, hackers have proven that Voice over internet Telephony (VoIP) accounts are prone to the nuisance of voice spam - by attacking the university where the co-author of the protocol that VoIP runs on is professor of computer science.
Henning Schulzrinne, co-author of the session initiation protocol (SIP) that is used by all the major VoIP services except Skype, believes the attack (which left unsolicited marketing messages on multiple phone extensions at Columbia University) might have been targeted at him, but could also have been a result of the institution not having a stringent firewall policy in place. Either way, he - like many in the computer and internet security industries - now believes VoIP is the next big target for spammers.
article source: http://www.guardian.co.uk/technology/2007/nov/01/news.hacking
In what looks like a highly developed piece of irony, hackers have proven that Voice over internet Telephony (VoIP) accounts are prone to the nuisance of voice spam - by attacking the university where the co-author of the protocol that VoIP runs on is professor of computer science.
Henning Schulzrinne, co-author of the session initiation protocol (SIP) that is used by all the major VoIP services except Skype, believes the attack (which left unsolicited marketing messages on multiple phone extensions at Columbia University) might have been targeted at him, but could also have been a result of the institution not having a stringent firewall policy in place. Either way, he - like many in the computer and internet security industries - now believes VoIP is the next big target for spammers.
article source: http://www.guardian.co.uk/technology/2007/nov/01/news.hacking
Monday, October 1, 2007
VOIP Bandwidth consumption
VOIP Bandwidth consumption naturally depends on the codec used.
When calculating bandwidth, one can't assume that every channel is used all the time. Normal conversation includes a lot of silence, which often means no packets are sent at all. So even if one voice call sets up two 64 Kbit RTP streams over UDP over IP over Ethernet (which adds overhead), the full bandwidth is not used at all times.
A codec that sends a 64kb stream results in a much larger IP network stream. The main cause of the extra bandwidth usage is IP and UDP headers. VoIP sends small packets and so, many times, the headers are actually much larger than the data part of the packet.
Table below which shows how the codec's theoretical bandwidth usage expands with UDP/IP headers:
BR = Bit rate
NEB = Nominal Ethernet Bandwidth (one direction)
When calculating bandwidth, one can't assume that every channel is used all the time. Normal conversation includes a lot of silence, which often means no packets are sent at all. So even if one voice call sets up two 64 Kbit RTP streams over UDP over IP over Ethernet (which adds overhead), the full bandwidth is not used at all times.
A codec that sends a 64kb stream results in a much larger IP network stream. The main cause of the extra bandwidth usage is IP and UDP headers. VoIP sends small packets and so, many times, the headers are actually much larger than the data part of the packet.
Table below which shows how the codec's theoretical bandwidth usage expands with UDP/IP headers:
| Codec | BR | NEB |
| G.711 | 64 Kbps | 87.2 Kbps |
| G.729 | 8 Kbps | 31.2 Kbps |
| G.723.1 | 6.4 Kbps | 21.9 Kbps |
| G.723.1 | 5.3 Kbps | 20.8 Kbps |
| G.726 | 32 Kbps | 55.2 Kbps |
| G.726 | 24 Kbps | 47.2 Kbps |
| G.728 | 16 Kbps | 31.5 Kbps |
| iLBC | 15 Kbps | 27.7 Kbps |
BR = Bit rate
NEB = Nominal Ethernet Bandwidth (one direction)
Wednesday, September 12, 2007
ITU to Make Standards Available for Free
Back in December, there was news that the ITU would publish its standards free of charge. This was a temporary "trial" period, as it turned out. However, today we learned that the ITU has decided to make the standards available free of charge permanently
Using the Nokia E-Series Phones with Asterisk
The Nokia E60 and its brothers, the E61 and E70, were first released in late 2005 and became available commercially in the first half of 2006. These phones herald a new era of mobile connectivity as they are among the first "fusion" cell phones that join low-cost (or even free) Wi-Fi VOIP communications and ubiquitous standard wireless cell service.
To configure your Nokia E-Series phone with asterisk click here
To configure your Nokia E-Series phone with asterisk click here
US VoIP Usage to Double
The number of consumer VoIP subscribers in the United States is estimated to reach 23.3 million by 2011, up from 11.8 million in the second quarter of 2007, according to TeleGeography's "US VoIP Research Service."
TeleGeography also projected that by 2011 VoIP penetration in Europe will be about twice as high as in the US.
"VoIP service in the US has emerged as a mainstream service that is causing traditional service providers some headaches," said Stephan Beckert, TeleGeography analyst, in a statement. "However, in Europe, VoIP could fundamentally change the structure of the fixed-line market."
European VoIP providers have better access to incumbents' local copper loops, which is driving the continent's VoIP growth. Aggressive competition and pricing and active participation by incumbent operators such as France Telecom, Deutsche Telekom and British Telecom are also drawing subscribers.
Incumbent service providers accounted for 26% of VoIP subscribers in Europe. By contrast, AT&T, Verizon and Qwest have not been especially competitive in the market.
Tuesday, August 28, 2007
MTNL Offers Inexpensive VoIP Calls in India
It’s a good indication that VoIP is catching the fancy of Indian consumers. According to a report in Techshout, Mahanagar Telephone Nigam Ltd (MTNL) has launched an Internet telephony or Voice over Internet Protocol (VoIP) service, which offers very inexpensive call rates for its customers in India. MTNL is the Broadband voice and data telecom services provider for the metros of Delhi and Mumbai in India. MTNL has joined hands with Aksh Optifibre to offer this service.
The service is called Netfone and it allows users to make inexpensive VoIP calls to more than 150 countries.
Initially, Netfone will be available on a prepaid basis and will also be available to all MTNL PCO holders. The customers will be given the choice of two types of plans. In the first plan, for a monthly rental of Rs 200, you can get 400 minutes of SIP-to-SIP calls free and 20 paise per minute subsequently. This plan is called Plan VoIP 200. In the second plan, you will pay a monthly rental of Rs 400 and get 800 minutes of SIP-to-SIP calls free and 10 paise per minute thereafter.
Now, here comes the best part. As most of the consumers in India do not yet have Internet connections at their homes, MTNL has come up with an option to make calls without a PC or the Internet connection! All you need is an adaptor (provided by MTNL) which will be attached to the fixed phone. This adaptor converts the phone into an (IPD) Internet protocol device. Says R S P Sinha, chairman and managing director, “We are now all set to connect the people of our country with the world and I am confident that people would be delighted with the service and demand would certainly increase.”
And if customers are fortunate enough to have a PC and Internet connection, their international call rates drop down to as low as 10 paise per minute (100 paise is equal to 1 Re and at the current rate, approximately 40 rupees equal one U.S. dollar).
The service is called Netfone and it allows users to make inexpensive VoIP calls to more than 150 countries.
Initially, Netfone will be available on a prepaid basis and will also be available to all MTNL PCO holders. The customers will be given the choice of two types of plans. In the first plan, for a monthly rental of Rs 200, you can get 400 minutes of SIP-to-SIP calls free and 20 paise per minute subsequently. This plan is called Plan VoIP 200. In the second plan, you will pay a monthly rental of Rs 400 and get 800 minutes of SIP-to-SIP calls free and 10 paise per minute thereafter.
Now, here comes the best part. As most of the consumers in India do not yet have Internet connections at their homes, MTNL has come up with an option to make calls without a PC or the Internet connection! All you need is an adaptor (provided by MTNL) which will be attached to the fixed phone. This adaptor converts the phone into an (IPD) Internet protocol device. Says R S P Sinha, chairman and managing director, “We are now all set to connect the people of our country with the world and I am confident that people would be delighted with the service and demand would certainly increase.”
And if customers are fortunate enough to have a PC and Internet connection, their international call rates drop down to as low as 10 paise per minute (100 paise is equal to 1 Re and at the current rate, approximately 40 rupees equal one U.S. dollar).
VOIP vulnerabilities
VOIP means voice over IP, and IP means vulnerabilities. Weaknesses with Session Initiation Protocol for VOIP are well-known, but other widely used protocols such as H.323 and IAX get less attention, according to Himanshu Dwivedi, founding partner at iSec Partners.
“H.323 and IAX are just as bad as SIP, if not worse,” Dwivedi said Wednesday at the Black Hat Briefings security conference.
It can be relatively simple for anyone with access to a network to compromise the call set-up protocols, and Dwivedi and iSEC partner Zayne Lackey proved it with a demonstration of attack tools.
Although SIP may be better known, H.323 is the most widely used protocol in enterprise VOIP environments because of its stability and scalability. IAX is gaining in popularity for use with the Asterisk open-source PBX.
But both H.323 and IAX authenticate to their gatekeepers using MD5 hashing to hide the password. But the elements used with the password to create the hash are transmitted in the clear, making it possible to run an offline dictionary attack against the hash to determine the password. This is an especially simple job for a VOIP telephone where the password will just be numeric, rather than alphanumeric.
“Nine times out of ten you will find that password” with a dictionary attack, Dwivedi said.
IAX passwords can be cracked even more easily because the hash is created from only two elements. Attackers can make up rainbow tables requiring only a look-up of a corresponding password from the hash with no real computation involved.
Authorization to the network can be just as easy to attack by finding the authorization key. Phones also can be blocked from being authorized on the network by sending a spoofed rejection packet.
Once an attacker controls the authentication and authorization of a phone, he can control that phone, impersonate it or gain unauthorized access to the network. Denial-of-service attacks against the protocols are easier.
“Making the VOIP phone unavailable is not very hard,” Dwivedi added.
The protocols can support better security, but products examined by Dwivedi and Lackey did not implement it, they said.
Original article from here
“H.323 and IAX are just as bad as SIP, if not worse,” Dwivedi said Wednesday at the Black Hat Briefings security conference.
It can be relatively simple for anyone with access to a network to compromise the call set-up protocols, and Dwivedi and iSEC partner Zayne Lackey proved it with a demonstration of attack tools.
Although SIP may be better known, H.323 is the most widely used protocol in enterprise VOIP environments because of its stability and scalability. IAX is gaining in popularity for use with the Asterisk open-source PBX.
But both H.323 and IAX authenticate to their gatekeepers using MD5 hashing to hide the password. But the elements used with the password to create the hash are transmitted in the clear, making it possible to run an offline dictionary attack against the hash to determine the password. This is an especially simple job for a VOIP telephone where the password will just be numeric, rather than alphanumeric.
“Nine times out of ten you will find that password” with a dictionary attack, Dwivedi said.
IAX passwords can be cracked even more easily because the hash is created from only two elements. Attackers can make up rainbow tables requiring only a look-up of a corresponding password from the hash with no real computation involved.
Authorization to the network can be just as easy to attack by finding the authorization key. Phones also can be blocked from being authorized on the network by sending a spoofed rejection packet.
Once an attacker controls the authentication and authorization of a phone, he can control that phone, impersonate it or gain unauthorized access to the network. Denial-of-service attacks against the protocols are easier.
“Making the VOIP phone unavailable is not very hard,” Dwivedi added.
The protocols can support better security, but products examined by Dwivedi and Lackey did not implement it, they said.
Original article from here
Monday, August 27, 2007
The IP telephony Cookbook
The IP telephony Cookbook is a reference document addressing technical issues for the set-up of IP telephony solutions. Its goal is to provide the user community with guidelines and information about the IP telephony world and everything related to it. Since the Cookbook is intended to be a technical document, the main target audience are the network engineers and system administrations at universities and (NRENs); however, university students and researchers may find it useful both for enriching their technology background as well as for finding information about advanced research topics and projects in the European community.
Read the book here
Read the book here
Thursday, August 23, 2007
Understanding VoIP
This idea of VoIP is certainly not new, as there are research papers and patents dating back several decades and demonstrations of the concept given at various times over the years. VoIP took center stage with the "information super highway" (or, the Internet) concept that was popularized by former Vice President Al Gore in the 1990s, as the Internet would make it possible to interconnect every home and every business with a packet-switched data network. Before Al Gore's effort to grow the Internet, the Internet was generally limited to use in academic environments, but the possibility of mass deployment of the Internet sparked this renewed interest in VoIP.
Read the full paper from Understanding VoIP
Read the full paper from Understanding VoIP
Subscribe to:
Comments (Atom)