One of the key aspects of keeping your VoIP communication secure is guarding the protocols that make it work. For most businesses, this means Session Initiation Protocol (SIP), but SIP wasn’t built with security in mind, so protecting it raises some extra issues.
The designers of VoIP, like those of many early computer systems, didn’t take account of security. Making the system safe is, therefore, something that has had to be addressed later by the addition of security mechanisms.
Wholesale VoIP termination rates – the risks
The first step towards making your SIP connection secure is to understand the risks involved. These fall into two broad categories, firstly the risk of calls being intercepted or hijacked, and secondly the risk of interference with the service such as denial of service attacks.
The first type of attack may lead to hackers being able to gain access to the network and make unauthorised calls on your account. It may also allow them to eavesdrop on the content of conversations and use them to perpetrate fraud or to steal intellectual property. They may also be able to interfere with call content to impersonate a caller for the purposes of phishing or other illicit activity. The second type of attack may allow attackers to disrupt or even completely bring down an IP phone or perhaps the entire VoIP network, causing significant disruption to the business.
Protection strategies
So, what can you do to keep your SIP connections secure? Protecting the packets as they travel over the network is a crucial step. SIP data packets usually travel over TCP connections leaving them open to attack or manipulation. You can protect them by using Transport Layer Security (TLS). This provides an encrypted channel via which you can send SIP messages. It’s developed from the SSL technology originally developed to secure website transactions. For this to work the VoIP devices in use must support TLS.
If you want to make sure that all of your communications are secure, it is possible to configure SIP-capable devices so that they only accept calls protected by TLS.
In most cases, your VoIP network won’t be separate from your other internet and network connections. It’s therefore important to ensure that network protection systems including firewalls are able to deal effectively with SIP traffic.
Firewalls are often configured to accept traffic only if the connection comes from a computer on the network. There’s a problem here in that making a call via SIP uses connections on two separate ports. One port carries the signal information while the other carries the content of the actual call. The firewall may, therefore, allow the initial connection, but block the call itself. To get around this you need something called a ‘session controller’. This provides a public IP address for your VoIP server, allowing calls to connect, but your firewall still needs to understand the port information contained in SIP packets so that calls are routed correctly.
