The following article is a technical article explaining
how to protect your business from some of the pitfalls of a
comprehensive business hosted SIP and VoIP solution. By being vigilant, you can
protect your business and business VoIP solution. By taking
action early, you can prevent attacks against your business.
Please visit www.VoIPChoices.com for a
comparison of the most popular VoIP providers
including several providers who offer
a free VoIP trial period. Pricing starts at $8.57/month for
Unlimited calling to the U.S. and Canada. Save money by doing
a side-by-side VoIP comparison by price
as well as features.
Security Checklist For Voip Service
It has been said many times that understanding the problem will lead you to 90%
of a solution, and with SIP-VoIP, taking security seriously is no differnet. Sometimes paralysis by analysis can be your worst enemy,
so the primary step is to acknowledge the type of SIP-VoIP security threats and then rank
them. One of your objectives should be to know, How important is SIP-VoIP security to my business and my customers?
Security to your customers
will protect their identity and confidentiality of any information they are giving your business. Conversly, SIP-VoIP security to the SIP_VoIP service provider means not
their service to be hacked, shut down, or stolen affecting their bottom line. In this feature we
will look at SIP-VoIP provider service shutdown and provider service
VoIP-SIP Service Disruption
A SIP VoIP service provider, service may be shut down by hacking the end-user's
system, placing many calls on the system or hacking into the SIP-VoIP service
provider's infrastructure. A shutdown is usually achieved through
either Logic Attacks or Flood Attacks or Application Layer
• Logic attacks exploit loopholes in internet protocols or
• Flood attacks shutdown providers through passing huge traffic volume;
a flood attack can originate from a single location or from several
• Application Layer Attacks include: SIP-SPAM, and
user identity hacking.
We can also divide the attacks into SIP layer and Voip
IP Logic attacks on SIP phones are no different to any
other IP phones; these include well known viruses such as: Teardrop, Land, Ping of
death, Chargen and Out of sequence packets. All of
the above can shutdown a phone which has not been fully security tested to
protect itself against these types of viruses.
IP Flood Attacks
IP Flood attacks include: Smurf
Attack, Fraggle attack, SYN flood attack (TCP SYN
Floods are one of the oldest DoS attacks ever known). These attacks are
designed either to overcome the VoIP Phone by hogging resources or to
simply overwhelm the provider with a large business voip volume of calls
SIP Logic Attacks
SIP logic attacks expose weak areas in SIP codec
installations. Incomplete or incorrect VoIP or SIP security fields, invalid SIP messages can disable not only the individual client telephones but also entire network
itself. This type of attack can be countered by thorough testing of
any VoIP phone against viruses such at the IETF SIP Torture test.
An example of SIP-VoIP provider service theft is to signal that a
voice call it being made but actually an exchange of video data is occurring. This hits the SIP-VoIP
service provider on two fronts: a) loss of income by charging for
only a telephone call and b) a potentially lowering of service quality
for other end users ending up with consumers being dissatisfied.