Today, many companies are replacing traditional telecommunications services with Voice over Internet Protocol (VoIP), using their own IP network infrastructure to slash phone bills and increase productivity. However, IP telephony terminals, call servers, proxies and gateways create new attack targets, and converged voice/data networks can fall victim to new exploits.
Like all new technologies, VoIP implementations require careful design, testing and analysis to identify and eliminate security vulnerabilities, and reduce the risk of compromise. This guide reviews the two main protocols that power VoIP -- Session Initiation Protocol (SIP) and H.323 -- and their known vulnerabilities, as well as how functional protocol testing ("fuzzing") can help defeat such problems.
VOIP PROTOCOLS TECHNICAL GUIDE
ABOUT THE AUTHOR:
Lisa Phifer is vice president of Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications.
This was first published in January 2006