A General Overview of Voice over IP
Integration of communication services into the IP network infrastructure, and the Internet especially, is natural course that was started long ago with e-mail, continued with instant messaging and now taken one-step further with integration of standard, classical services like telephony. Voice over IP – the transmission of voice over packet-switched IP networks – is one of the most important emerging trends in telecommunications. Two factors have an important role in the growing popularity of Voice over IP networks: the cost savings factor, inherent to the migration from standard to Voice over IP networks, and the flexibility factor that allows new services and new applications to be added to standard telephony services (video transmission, conferences, etc).
With 2005 declared as the Voice over IP (VoIP) year and with predictions of fairly large budgets attributed to VoIP projects in the near future, this technology seems set to replace classic, circuitbased telephony in the near future. Even if they serve the same purpose, VoIP has a very different architecture from classic telephony.
In VoIP networks voice and signalling are multiplexed and travel as normal data inside LANs, WANs or the Internet whereas in classical telephony each conversation has a private, physical, circuit and a dedicated infrastructure that serves only for its transmission. VoIP sound is sampled, quantified, encoded with an appropriate codec and streamed over traditional network architectures. It is and it behaves as normal IP data but at the same time has to obey to the rules imposed by classical telephony in terms of quality of service and availability. Developing a robust architecture that respects all these constraints and is secure is not an easy task, and the fact that many companies have implemented and tried to impose proprietary architectures has added a factor of uncertainty to the strength of this new technology. In the last period however, major companies and institutions have joined in a common effort to create a basic robust standard for VoIP architectures, and security beneficed from a special emphasis with the creation of such projects as VoIPSA.
As with many new technologies, VoIP introduces new security risks and new opportunities for attack. Inheriting from both networks and telephony, VoIP is subject to security issues coming from both areas. Classical telephony security issues involving signalling protocol manipulations, phreaking (see [4] for more details) as it was dubbed in the seventies, find their mirror in VoIP specific protocol manipulations. The main purpose remains the same: fraud. Network security issues on the counterpart are far more complex and offer larger perspectives of attack than traditional phreaking. From physical layer to faulty applications, all network security items are relevant to VoIP security. In terms of exposure, the transport of voice data over the Internet, a highly insecure and unreliable environment, multiplies the attack surface and will surely lead to more attacks on this technology. Furthermore, the synergies of these two aspects of VoIP emerge to add new security threats such as signalling protocols Denial of Service.
Source: VoIP Security – A layered approach