The Growth Of Voip And Related Concerns

Published Date: 02 Nov 2017

Voice over IP or (VoIP) is the real-time transmission of voice signals using the Internet Protocol (IP) over the Internet or a private data network. VoIP converts the voice signal from your telephone into a digital signal that can be transmitted in data packets over any IP network. This allows businesses to carry voice signals across existing data networks and thus avoid toll charges of the Public Switched Telephone Network (PSTN) or legacy networks. Since the PSTN required dedicated trunks for voice signals, this integrated voice/data solution can result in a significant savings for businesses, such as call centers, that utilize large voice services platforms. Additionally, when compared with PSTN services, IP networks can carry between 5 and 10 times the number of voice calls over the same amount of bandwidth (Edwards, 2001). Finally, as a result of high speed Internet connections that used to be reserved for the Fortune 500, now becoming a standard commodity in businesses of all sizes, the growth of VoIP services is growing tremendously. VoIP penetration is expected to reach 79% of U.S. businesses by the end of 2013. (Speechtechmag.com, 2010) As with any fast growing protocol, security is becoming a larger concern of engineers and administers of VoIP networks.

Functional Overview

Unlike PSTN service that compressed voice to a specific frequency to send it across a circuit, VoIP compresses voice into a data packet. A simple conversation can be split into tens of thousands of data packets, with each of these packets having its own headers and routing information. When the data packets are then routed over the IP network and received on the remote end, they are decoded and the voice uncompressed and played for the recipient (Edwards, 2001). This demonstrates the need for a reliable and speedy network, because without it, packets containing the conversation could be received out of order. As this is a real time application, receiving the packets out of order, or loosing packets in transit would result in garbled or a conversation that was not understandable.

VoIP can be broken down into 5 functional requirements. These are Signaling, Database Services and Unified Communications, Bearer Channel Control, CODECs and the IP PBX.

Signaling

Signaling refers to the ability to establish, monitor and tear down a connection between two endpoints through the generation and exchange of control information. Similar to the PSTN Signaling System 7 or SS7, VoIP provides several protocols for managing this function. These include H.323, Session Initiation Protocol (SIP), Megaco/H.248 and Media Gateway Control Protocol (MGCP). Additionally, there are some VoIP gateways that have the ability to generate SS7 signaling directly into the PSTN.

Signaling protocols are designated as either peer to peer (SIP and H.323) or client/server (Megaco/H.248 and MGCP). In a peer to peer arrangement, the end points have the intelligence to handle the call set up and tear down procedures and to interpret call control messages. In a client/server environment, the end points do not manage the call control themselves, but work with a server on the network that is referred to as a call agent.

Bearer Channel Control

Bearer channels are the channels that carry voice calls. In order for these channels to properly function, it is critical that signaling to connect and disconnect calls is passed between end points properly. Proper handling of this signaling ensures that the channel is available when it is not in use.

CODECs

Coder-decoder (CODECs) provide for the ability to encode and decode information between analog and digital platforms. Each CODEC utilizes a specific method of compression and encoding to convert the voice signals from analog to digital and vice versa. Unlike the PSTN that used TDM to compress voice signals to 64k voice streams, VoIP CODECs typically compress voice signals far beyond the traditional 64k to allow for more efficient use of the data networks. The most common CODEC in use is the G.279 CODEC that compresses the voice stream to only 8k.

Database Services and Unified Communications

There are a variety of database requirements for a VoIP network. These can include back end toll free lookups, calling name delivery (CNAM), call detail reporting (CDR) and billing information databases that are transparent to the end user. They can also include items databases that are more interactive with the customer, including call routing through an Interactive Voice Response (IVR) or contact lookups through a phonebook feature on the end point. In addition to these databases, there is also the function of Unified Communications or UC. Unified Communications is the term that represents the merging of audio, video and web into a single cohesive application. It allows businesses to integrate the real time and non real time communications with business process for greater user efficiency. (Ascierto, 2007)

IP PBX

The IP Private Branch Exchange or PBX is the IP based platform that provides integration to desktop applications for remote call control and presence. The IP PBX can be broken down into two functions: signal processing and call setup and tear down (Kim, 2005). Due to it being the focal point of most VoIP platforms, the IP PBX is many times a target of Denial of Service (DoS) attacks. Additionally, it is many times an entry point for attackers looking to compromise information; therefore it is one of the most critical components to secure.

Security Concerns Overview

The convergence of voice and data has brought with it a great deal of cost savings and efficiencies, as well as new found applications, however it has also caused voice to now share the same security concerns the data network has battled for decades. This has required voice networks to implement the same types of severity measures as data networks, such as locking down servers, encrypting voice traffic, monitoring with intrusion detection software and administering security audits. These tasks, amongst others, help ensure the VoIP network is protected against vulnerabilities, just as the data network is.

The manner in which an intruder can take advantage of a voice network differ with VoIP from a traditional PSTN voice network, however the end result is the same. Unauthorized calls, disruption of voice services, eavesdropping on sensitive calls and access to sensitive records are just some of the ways an intruder can take advantage of a voice network, in addition to the concerns of a standard data network.

The overall goal in implementing security on any network is to make the access to the data more costly for the intruder than the value of the data they are after. Understanding the risks of a VoIP network is the first step in accomplishing this.

VoIP Security Risks

VoIP security is inherently only as good as the security of the data network it is traveling. As such, a VoIP administrator needs to understand the typical data security concerns such as viruses, worms and Denial of Service attacks. The VoIP administrator also needs to be more aware of the pool of individuals that have potential access to the databases, servers and endpoints that a VoIP network utilizes. In the past with a PSTN network, all of these concerns were mitigated by the fact that the PSTN network was a more closed network. Many of the databases were purpose written and the servers were purpose built. Additionally, there were few people that had access to these back end pieces of equipment, as they were on a closed network. In today’s typical VoIP infrastructure, the accessibility is far greater than with the PSTN. As with any network, the first step is to complete a risk analysis and understand what the vulnerabilities are and how to mitigate them.

Denial of Service

One of the most serious threats to any VoIP platform is a distributed Denial of Service or DoS Attack. According to Cert (a part of the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) operated by Carnegie Mellon University), "a DoS attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include

attempts to "flood" a network, thereby preventing legitimate network traffic

attempts to disrupt connections between two machines, thereby preventing access to a service

attempts to prevent a particular individual from accessing a service

attempts to disrupt service to a specific system or person" (Cert, 2013)

Denial of Service attacks can result in the loss of services on a VoIP platform, such as the inability to make or receive calls. DoS attacks can restrict available bandwidth resulting in latency and poor connectivity and can utilize all system resources and possibly crash the device(s) the attack is directed at. When the massive distributed denial-of-service (DDoS) attack in March 2011 brought down VoIP call processing supplied by TelePacific Communications to thousands of its customers, it marked a turning point for the local-exchange services provider in its thinking about security (Messmer, 2011). Dos attacks may be the single greatest threat to a VoIP platform today. Due to this, it is imperative that the VoIP administrator always keep security front and center. Measures such as disabling unneeded network services and protocols, moving to more stringent authentication requirements and implementing stronger firewalls are a few of the ways that administers of VoIP platforms can begin to get in front of the rising trend of DoS attacks against VoIP platforms.

Toll Fraud

While the number of incidents of toll fraud is rising with the expansion of VoIP services and implementations, the act is nothing new. Toll fraud involves illegally using a company or persons phone line, services or equipment to make or receive calls that are charged to the owner. It is a practice that initially began in the 1950’s by hacking the telephone service to make phone calls and avoid paying the associated fees. In the early days, the fraud was localized as it was typically the result of a single individual. Today, toll fraud is an international industry that not only costs companies money, but is also a potential national security issue. As recently as January 2013, NY State Senator Charles Schumer has addressed the issue by revealing that "a New York phone hacking ring, with possible connections to Al Qaeda and reported links to Syracuse, has hacked dozens of small businesses’ phone systems in New York, costing them hundreds of thousands of dollars." (Shumer, 2013) 

Due to its easier point of entry versus traditional PSTN service, less experienced administers and access to high speed connections, VoIP offers hackers an opportunity to take advantage of businesses for their own personal gain. Session Initiated Protocol (SIP) trunks for PSTN connectivity (as opposed to T1 TDM) provide the hacker with the access to twice as many available minutes, a number that can be further maximized if the hacker’s calls are placed during non-peak hours. For example, a compromised media gateway with two T1s could potential yield about 2,750 call minutes per hour for a fraudster to exploit. In contrast, a SIP trunk of roughly equivalent bandwidth and using a common compression algorithm could provide 6,000 call minutes per hour. (Adams, 2009) 

While the typical way to describe the affects of toll fraud on the business is the telephony expense that it costs the business, the affects can be much deeper. Calls may ring busy if the hackers have maximized their use of the companies trunks, this can result in lost business. For outgoing fraudulent calls, there is the additional bandwidth that is consumed. This reducing in bandwidth can result in poor network performance, quality of service issues with the VoIP service, as well as call drops and other quality issues.

There are a variety of measures the administrator can take to try and protect their VoIP platform from toll fraud. These include, restricting access to the international operator (900 ), as well as international numbers (if applicable to the user). Restrict the numbers that can be used for system transfers. Instruct users on how to handle hackers with phishing schemes and implement secure passwords and require them to be updated every 30 days. These simple procedures can help avoid a great deal of agony for the VoIP administrator. (Avaya, 2010)