VoIPChoices.com  VoIP comparisons and options

Residential VoIP

Home Office VoIP

Small Business VoIP

Large Business VoIP

VoIP Articles  > Security Checklist For SiP-Voip Service Providers

The following article is a technical article explaining how to protect your business from some of the pitfalls of a comprehensive business hosted SIP and VoIP solution.  By being vigilant, you can protect your business and business VoIP solution. By taking action early, you can prevent attacks against your business.


Please visit www.VoIPChoices.com for a comparison of the most popular VoIP providers including several providers who offer a free VoIP trial period. Pricing starts at $8.57/month for Unlimited calling to the U.S. and Canada.   Save money by doing a side-by-side VoIP comparison by price as well as features. 


Security Checklist For Voip Service Providers


It has been said many times that understanding the problem will lead you to 90% of a solution, and with SIP-VoIP, taking security seriously is no differnet. Sometimes paralysis by analysis can be your worst enemy, so the primary step is to acknowledge the type of SIP-VoIP security threats and then rank them. One of your objectives should be to know, How important is SIP-VoIP security to my business and my customers?

Security to your customers will protect their identity and confidentiality of any information they are giving your business. Conversly, SIP-VoIP security to the SIP_VoIP service provider means not their service to be hacked, shut down, or stolen affecting their bottom line. In this feature we will look at SIP-VoIP provider service shutdown and provider service theft.

VoIP-SIP Service Disruption

A SIP VoIP service provider, service may be shut down by hacking the end-user's system, placing many calls on the system or hacking into the SIP-VoIP service provider's infrastructure. A shutdown is usually achieved through either Logic Attacks or Flood Attacks or Application Layer Attacks.

Logic attacks exploit loopholes in internet protocols or their installations.

Flood attacks shutdown providers through passing huge traffic volume; a flood attack can originate from a single location or from several locations.

Application Layer Attacks include: SIP-SPAM, and user identity hacking.

We can also divide the attacks into SIP layer and Voip layers thus:

IP Logic attacks on SIP phones are no different to any other IP phones; these include well known viruses such as: Teardrop, Land, Ping of death, Chargen and Out of sequence packets. All of the above can shutdown a phone which has not been fully security tested to protect itself against these types of viruses.

IP Flood Attacks

IP Flood attacks include: Smurf Attack, Fraggle attack, SYN flood attack (TCP SYN Floods are one of the oldest DoS attacks ever known). These attacks are designed either to overcome the VoIP Phone by hogging resources or to simply overwhelm the provider with a large business voip volume of calls

SIP Logic Attacks

SIP logic attacks expose weak areas in SIP codec installations. Incomplete or incorrect VoIP or SIP security fields, invalid SIP messages can disable not only the individual client telephones but also entire network itself. This type of attack can be countered by thorough testing of any VoIP phone against viruses such at the IETF SIP Torture test.

Service Theft

An example of SIP-VoIP provider service theft is to signal that a voice call it being made but actually an exchange of video data is occurring. This hits the SIP-VoIP service provider on two fronts: a) loss of income by charging for only a telephone call and b) a potentially lowering of service quality for other end users ending up with consumers being dissatisfied.





VoIPChoices.com All Rights Reserved!