VOIP
INTRODUCTION
Voice over Internet Protocol (VOIP) refers to the transmission of voice using IP networks that are packet switched. VOIP is one of the most essential emerging technologies that facilitate business communications. Just like with other emerging technologies, VOIP suffers a potential for security threats (Aggelou 100). The architecture implemented by the VOIP is significantly different from the traditional telephony that is circuit based; these architectural differences are the core causation of security threats in VOIP. Low operational costs and increased flexibility are one of the most important advantages associated with VOIP for the business enterprise. However, the implementation of VOIP should not be implemented without taking into consideration security problems that VOIP introduces (Bates 74). A common misconception observed in many organizations is that since VOIP is digitalized, they just plug the components into the existing network architecture. VOIP is time critical and it has low tolerance with respect to disruption and losses in packets, the security strategies that are deployed in conventional telephony systems cannot be used in VOIP in its present architecture (Black 89), this means that firewalls and systems for intrusion detection has to be customized for the VOIP architecture, which are presently using a proprietary protocol and the Session Initiation Protocol (SIP). The design and implementation of VOIP on existing network architectures requires a careful security analysis. In addition, the integration of VOIP in a network that is already overloaded is likely to impose serious issues for the organization (Bates 79). There is no single solution that can address all the security challenges of VOIP. This paper addresses the challenges associated with VOIP security at the Business Fusion Ltd, which mainly relies on VOIP for commercial purposes. In addition the paper outlines the counter strategies that can be implemented in order to ensure security in the VOIP systems of the organization.
PROBLEM STATEMENT
VOIP systems can take diverse forms including the conventional telephone handsets, mobile units and conferencing units. Other components that have been implemented within the organization to facilitate the use of VOIP include call processors, gateways, routers, firewalls and various protocols. Many of the components of the VOIP systems are mostly integrated with the existing data communications frameworks. However, implementing an effective VOIP system requires the addition of special VOIP hardware and software to the existing data network (Aggelou 41). In addition, the integration of VOIP services into the existing data networks imposes various performance complications on the data network, which are magnified by the security vulnerabilities imposed by VOIP (Tanenbaum 48).
ANALYSIS
Quality of Service is a core requirement for the functionality of a VOIP system that is required to meet the quality of expectations of the end users. The challenge is that the implementation of the security measures in VOIP systems has a significant deterioration regarding the quality of service. Some of the complications include the delaying and the blocking of call set ups associated with firewall implementation, and the aspect of latency and delay variation that is due to encryption (Bates 47). In addition, most of the security strategies that are used in the traditional wired telephone systems. The successful operation of packet networks significantly depends on the configuration of parameters such as IP addresses and MAC addresses of the voice terminals, router and firewall addresses and software applications that are specific to Internet telephony such as call managers and applications that are used for call routing. It is important note that the configuration parameters are mostly dynamic, especially when a VOIP service is added to the network or restarted. This increases the security vulnerability of most hardware and software components that are used to facilitate internet telephony (Bates 14).
With the introduction of VOIP in an organization, there is need to increase the security strategies within the organization’s network architecture. In addition, the network security strategies have to be compounded in order to protect voice and data. The internet architecture does not offer the physical security compared to the phone lines. This paper outlines the potential security threats and attacks and the defenses that are relevant to VOIP. In addition, the paper also offers the appropriate security strategies that can be employed in VOIP networks (Hunt 50).
A security threat to VOIP can be described as a potential source of an unwanted incident that may impose unavailability of the telephony service, interruption of the IP telephony service and fraud. In this analysis, the paper discusses the potential security threat that affects VOIP. The following are some of the potential security threats associated with the implementation of VOIP services at the Business Fusion Ltd. The following are the potential sources of the security threats associated with security of the VOIP (Meghanathan 14).
Masquerading
Masquerading attacks are usually associates with the pretence of an entity claiming to be another legitimate identity. Attacks of masquerade can results to integrity and privacy breaches. In addition, masquerading can also result to charging fraud regarding the use of IP telephony services, meaning that they are likely to increase the operational costs for the organization (Shenja 18). Attacks that are associated with masquerading are normally associated with hijacking of a link after the establishment of authentication by the parties. Masquerading can also be initiating using eavesdropping and constant replaying of the information that has been used for authentication (Meghanathan 14).
Malicious users and attackers can make use of a masquerading attack to obtain unauthorized access to the IP telephony services. This is normally undertaking by an identity theft of the real user and then posing as the legitimate end user on the terminal point. Replay attacks are used in obtaining the authentication credentials for the legitimate user, after which the attacker replays the message that is used for authentication in order to have unauthorized access to the IP telephony service. Additionally, a masquerading attack can be used as a source of deception of the attacker in such a manner that the IP telephony service is made unavailable for the user (Black 74).
The basic form of an attack of masquerade entails the re-using of the username and the corresponding password that are captured in the process of interception or during the social engineering process between the hacker and the users of the IP telephony service (Shenja 58). A more advanced instance of the authentication data can be captured for purposes of initiating an attack of masquerade is through using the reverse engineering of passwords techniques which is mostly deployed in cases of SIP digest authentication. In such a case, the attacker usually sends a false message or challenges to the SIP user agent located at the terminal of the intended user with the main objective of generating a list that can be used to facilitate the process of cracking the Message Digest Algorithm 5 cryptographic hash of the passwords. An attack of masquerade can then be integrated with data alteration in order to have unauthorized access to the IP telephony services. This increase the security threats associated with initiating a malicious call or initiating fraud (Black 74).
Masquerading attacks can impose various effects to the organization such as the privacy of the organizational information, breaches of integrity during communication, which may result to information leakages; charging fraud may also serve to increase the operating costs for the organization (Hunt 41).
Denial of Service attacks
A Denial of Service attack is defined as an attack that is initiated with the main objective of imposing unavailability of a service. A denial of service attack can be initiated at different various levels of the VOIP architecture, including the transport, server and signaling levels. At the transport level, an IP level denial of service attack can be initiated through flooding the target user using techniques such as flooding and ping of death (Bates 15). At the server level, a denial of service attack makes the servers unusable through a modification of the information stored with the main objective of barring the users from accessing the IP telephony service. At the signaling level, a denial of service attack may be used to overload the SIP server with a lot of invalid messages, reducing its ability to handle valid SIP messages (Tanenbaum 47). Unauthorized users can also initiate a denial of service attack through over-using the IP telephony service, as a result, affecting the quality of service for the legitimate users. Most of the denial of service attacks can result to a disruption of services such as attacks that are aimed at collapsing the Session Initiation Protocol signaling network (Black 74). The SIP is vulnerable to a number of denials of service attacks such as sending of spoofed SIP messages that are used in tearing down the call. In addition, flooding the targets invite packets can be used to initiate an attack; this is because of the vulnerability of the participating entities. The SIP is also vulnerable to a server overload of the SIP messages that are illegal (Hunt 47).
Denial of service attacks are a communication bottleneck to communication between the organization and other entities may impose significant quality constraints when using IP telephony services. This implies that security strategies should be implemented appropriately to ensure that the availability of the IP telephony service is 100 percent (Bates 78). This is a significant organizational requirement owing to the fact that real time communication is important for the organization because its various branches are located in areas that widely separated by geographical barriers, meaning that a secure IP telephony service is only effective communication service that the organization rely on for communication (Bates 47).
Eavesdropping
Eavesdropping is a security threat whereby an attacker deploys a strategy of copying valid messages between the legitimate terminal users. This is a potential threat to privacy during communication, in the sense that an attacker can access the information without the required authorization through acquiring personal information concerning the source and target of the internet call. This threat imposes dire consequences to the organization because the company mainly relies on IP telephony services for communication with its clients and internal communication among the various company branches (Bates 78).
It is usually easier to initiate an eavesdropping attack on IP telephony compared to the traditional wired telephones. This form of attack is easily established using avenues such as increasing the VOIP traffic on the Wide Local Area Network or the shared infrastructures. Eavesdropping is a real potential security threat because of the readily available packet sniffers that have embedded codec that are used for eavesdropping calls that use the IP telephony service.
Additionally, eavesdropping can also result to the alteration of the legitimate communication. Attackers and malicious users can make use of the data acquired using eavesdropping on the signal level to manipulate the various elements of the audio stream and establish internet calls for fraudulent reasons or speech injection into the audio stream between two communicating entities (Meghanathan 78).
Eavesdropping is the most probable IP telephony threat that organizations should not underestimate. Despite the fact that SIP messages are may be encrypted because there are available standards for encryption, the significant challenge concerning the use of encrypted SIP messages is SIP interoperability. As a result, most of the SIP messages during VOIP are not encrypted, increasing the vulnerability of the IP telephony services within the organization (Black 79).
Eavesdropping attacks may impose negative consequences especially when attackers initiate speech injection to obtain information from the terminal users. This is a breach of integrity and privacy, and may impose significant challenges to the organization if appropriate strategies are not implemented to address the potential threats due to eaves dropping.
Call Quality and Integrity issues (Bates 41).
Instances of packet losses in an IP network can be recovered using retransmission. However, for the case of lost VOIP packets, there are no chances of retransmission and this has significant effects on the quality of the voice transmission. The internet environment is increasingly facing attacks associated with denial of service. This means that as organizations are increasingly integrating their voice communications into the existing data communication platforms, their vulnerability to denial of service attacks increases. This implies that the network administrator of the organization has to ensure appropriate security within the VOIP servers. In addition, it is vital that the organization implement appropriate security strategies at the gateway device in order to ensure that quality of service and integrity of the internet calls (Aggelou 89).
Abuse of access
This is a kind of security threat whereby malicious attackers have access to the system for various reasons such as modification, injection and causing unavailability of the system. In the context of the VOIP, abuse of access can be initiated in diverse forms such as click-to-dial services, whereby organizations call back the users through the traditional phone system (Bates 58).
RECOMMENDED SOLUTIONS AND IMPLEMENTATION
VOIP can be considered to be an emerging technology, implying that it is complex to develop a comprehensive security strategy that can be used for addressing all the security threats that may be initiated within the infrastructure. In addition, the development of new protocols and technologies are bound to affect the functionality of VOIP. Unless a universal standard for VOIP is developed, the solutions for addressing the security threats in VOIP will mostly serve to address the proprietary elements, which is a limitation of the security strategies for business enterprises that rely on VOIP for commercial communication (Cisco 258). It is important to note that the design and the implementation of an effective and secure VOIP is a complex task that requires critical analysis between the implications of the security strategies on the quality of service for VOIP. Integrating VOIP into an existing data communication infrastructure that is overburdened is likely to impose serious issues for the organization. This means that the security solutions for VOIP must be implemented in accordance with the network layout of the organization. The following are the recommendations for the Business Fusion Ltd concerning its implementation of VOIP (Aggelou 100).
The first recommendation is that the use of shared media devices on the VOIP networks should be avoided. Using a shared media increases the security vulnerability and allows a prospective hacker to have access to all the internet conversations across the network. In addition, this increases the complexity of reassembling the random packets into a form that can be recognized for transmission. Therefore, network administrators at the company have the responsibility of undertaking regular audits in order to make certain that there are no unauthorized devices on the network (Aggelou 47).
It is recommended that the all the VOIP traffic to and from the company be encrypted, this is a security enhancement strategy because the company’s VOIP traffic is sent via the public IP. Presently, the core consideration when using VOIP is the quality of service. Encryption of the VOIP traffic plays an integral role in the mitigation of most of the security threats associated with VOIP. Encryption should not only be implemented at the end-end level, it should also be done at the link level (Cisco 89). Despite the fact that end-to-end encryption requires a high processing power for the IP telephony devices, it is plays an important role in eliminating threats associated with eaves dropping and ensures integrity and quality of service. The gateway devises should also have high processing power in order to support link encryption. In order to avoid constraints associated with quality of service due to encryption, it is vital for to encrypt only specific fields of the VOIP packets that are holding sensitive data (Bates 47).
The VOIP servers used within the organization have to be locked down and be given the same security measures that are assigned to the servers that host confidential data such as database servers. This can be effectively implemented by segmenting the VOIP servers on the network and protecting them with a firewall application that is VOIP aware (Hunt 78).
The third recommendation for the organization towards ensuring that their VOIP system is secure is through building a redundant VOIP network. The significant driving force behind the implementation of VOIP and data networks on a single platform is one of the driving forces towards the increasing use of VOIP. However, the constraints associated with this integration are that there will be outages in component of the data networks. This means that the implementation plan of the VOIP should take into consideration the alternative ways of offering phone services in cases of network problems. The argument is that the phone services should function at all times even if the network is down (Aggelou 89).

Work Cited
Aggelou, Greg. Mobile ad hoc networks: design and integration. New York: McGraw-Hill, 2004.
Bates, Donald,. Voice & data communications handbook. New York: McGraw-Hill Professional, 2007.
Black, Uyless. Voice over IP. New York: Prentice Hall, 1999.
Cisco. IP Telephony Solutions Guide. New York: Cisco Technical Solutions Series, 2000.
Hunt, Craig. TCP/IP network administration. New York: O’Reilly Media, Inc, 2002.
Meghanathan, Natarajan. Recent Trends in Network Security and Applications: Third International Conference, CNSA 2010, Chennai, India, July 23-25, . New York: Springer, 2010.
Shenja, Yuichi. Information communication technologies and emerging business strategies. New York: Idea Group Inc (IGI), 2007.
Tanenbaum, Andrew. Computer networks. Upper saddle River, NJ: Prentice Hall Professional, 2003.