Analysis And Suggest On The Security Issue Of VoIP

Traditionally, the PSTN network and Internet are independent. They are isolated network that are without business relationship. With the development of computer technology, digital technology, packet switch technology, voice encode and compression technology, there are trend that PSTN network and internet network become merge into one network. VoIP is the product of this trend. VoIP stands for Voice over IP, this technology encode the analog voice signal and transform it into digital byte, compress it, form a frame, convert it to IP packet then transmit over the network. Through this way, voice transmits through data network.VoIP shares the same infrastructure with date network; it can reduce the cost of long distance voice communication; provide some new kinds of service that traditional network do not has; its economic, flexibility and mobility characteristic improve enterprise efficiency. These obvious advantages make it more and more popular among enterprise.Although VoIP owns the advantage of both PSTN network and internet network, it also owns the same risks from both networks. Compare to PSTN network, VoIP traffic go through internet network or private network. VoIP not only will be attacked by eavesdrop like it did in PSTN, but also be attacked by virus, DoS that from data network. The security issue with VoIP becomes more and more evident when VoIP service enters business area.Some enterprises simply take advantage of VoIP, but they do not understand the security issue of VoIP deployment. This will not only impact enterprise business, it will bring risk and lost to enterprise.This article will introduce the basic concept of VoIP; the two main signaling standards H.323 and SIP; the RTP protocol; analyze the security issue of VoIP system; introduce the security concept for VoIP; provide the elementary methods for network infrastructure and connectivity; provide some additional suggestions to protect VoIP network. The article analyze the eavesdrop threat, propose to use IPSec VPN and TLS to protect the signaling and use SRTP to protect media stream; Because the header of SRTP is still be disclosed, IPSec is a necessary tool to be used to secure the SRTP packets. To avoid the SIP registration attack, it is necessary to use HTTP message digest authentication and S/MIME. No-authorization access will threat the security of VoIP system. To identify the equipment, it suggests using digit credential and 802.1X technology.In the end, this article designs a simple, effective and complete solution to secure VoIP system for enterprise. It uses SRTP to protect media stream; uses TLS to protect registration process between IP Phones and SIP server; And IPSec VPN is used to protect RTP and SIP head packet. An authentication server is placed in normal SIP platform to provide both-way authentication between user agent and authentication server.