CHAPTER 34

SECURING VOIP

Christopher Dantos and John Mason

34.1 INTRODUCTION

34.2 REGULATORY COMPLIANCE AND RISK ANALYSIS

34.2.1 Key Federal Laws and Regulations

34.2.2 Other U.S. Federal Regulations and Laws

34.2.3 State Laws and Regulations

34.2.4 International Laws and Considerations

34.2.5 Liability

34.2.6 Risk Analysis

34.3 TECHNICAL ASPECTS OF VOIP SECURITY

34.3.1 Protocol Basics

34.3.2 VoIP Threats

34.4 PROTECTING THE INFRASTRUCTURE

34.4.1 Real-Time Antivirus Scanning

34.4.2 Application Layer Gateways and Firewalls

34.4.3 Logical Separation of Voice and Data

34.4.4 Quality of Service

34.4.5 Network Monitoring Tools

34.4.6 Device Authentication

34.4.7 User Authentication

34.4.8 Network Address Translation and NAT-Traversal

34.5 ENCRYPTION

34.5.1 Secure SIP

34.5.2 Secure Real-Time Protocol

34.5.3 Session Border Control

34.6 CONCLUDING REMARKS

34.7 FURTHER READING

34.8 NOTES

34.1 INTRODUCTION.

Whether it is referred to as Voice over Internet Protocol (VoIP) or Internet Protocol Telephony (IPT), the digitization of voice messaging has had and will continue to have an impact on society. Voice messaging is part of a shift that some are calling the Unified Messaging System (UMS).¹ The future does not include separate applications for instant messaging, text messaging, voice communications, video conferencing, e-mail, and network presence. These are expected to become one application that will be shared by both the home user and large corporations. New technologies promise to empower ...