the security of voip

what is voip ?
VoIP is that using the Internet Protocol network for voice transmission, which represents the internet protocol IP.
Through Internet , you can send e-mail, instant messaging, as well as tens of thousands of web pages transmitted to the PC or phone. Some people say it is the traditional telecommunications killer, some people say it is a revolutionary factor in international affairs. All in all a lot flatter. However, perhaps the use of this service in your time, perhaps you have a hacker to steal personal information even destroy your network. All affect the data network attacks are likely to affect the VoIP network, such as viruses, spam, illegal intrusion, DoS, hijacking of calls, eavesdropping, sniffing and other data. The only difference is that we are more willing to take some measures to protect other networks. For VoIP, rarely have any specific measures. In fact, only if we take some protective measures, the technology can be real success. Explore the following 25 kinds of ways to protect VoIP:
1, limiting all the VoIP data can only transfer to a VLAN on the Cisco recommends that voice and data were divided into VLAN, this will help to deal with in order of priority, voice and data. VLAN division also contributed to defense costs of fraud, DoS attacks, eavesdropping, hijacking communications. VLAN of the user's computer division to enable the formation of an effective closure of the circle, it will not allow any other computer access to their equipment, thus avoiding the computer attacks, VoIP network will be quite safe; even under attack, it will be lost to a minimum.
2, monitor and track the VoIP network communication mode Monitoring tools and intrusion detection systems can help users identify those VoIP network intrusion attempts. VoIP Log detailed observations can help find some irregular things, such as the inexplicable or the international telephone companies or organizations not linked to the basic international calls, multiple login attempts to crack the password, such as voice exploded.
3, the protection of VoIP server Efficiency measures must be taken to protect the security of the server in order to protect ourselves from internal or external intruders using sniffer technology to intercept the data. Because the VoIP telephone has a fixed IP address and MAC address, so an attacker which is easy to sneak into. Recommend that users limit the IP and MAC address, simply visit the VoIP system does not allow the super user interface, and SIP gateways prior to the establishment of another firewall, this will to some extent limit the intrusion of the network system.
4, the use of multiple encryption Only send encrypted data packets is not enough, we must all phone signal encryption. Of voice encryption will prevent the interception of voice were inserted into the user session. In this regard, SRTP protocol to encrypt-to-end communications, TLS to encrypt the entire communication process. Should be adopted at the gateway, network, host level to provide strong protection to support encrypted voice transmission.
5, the establishment of VoIP network redundancy mechanism Need to be ever ready may be a virus, DoS attacks, they may lead to paralysis of network systems. Construction to set up multi-layer nodes, gateways, servers, power and network call router system and with more than one Internet provider. Recurrent network system for each test to ensure that its work well, when the main service network at a standstill, a standby facility to quickly take over the work.
6, will be placed behind a firewall device The establishment of the separation of the firewall, so that the border through the VLAN communication is limited to the available agreements. In case the client is infected, this will prevent the spread of viruses, Trojans, proliferation to the server. The establishment of separation behind a firewall, system security strategy for the maintenance will become simple. When necessary, the firewall must be properly configured in order to open or close some ports.
7, regularly updated patch VoIP network security, will depend on the underlying operating system are also dependent on the operation of their applications. Maintain the operating system and VoIP application software patch to update the procedures for the defense or infectious malicious code is very important.
8, will be separated from the internal network and the Internet Telephone management systems and network systems at Internet direct access to outside is a good choice, voice services and other server under the domain phase separation and restrict their access.
9, will softphone phone (softphone) to minimize the use of VoIP soft phone terminal computer vulnerable to hacker attacks, even if it is located at the company behind a firewall, because such things are with the ordinary PC, VoIP software and a pair of headphones for use with. Moreover, the soft phone terminal does not separate voice and data, therefore, vulnerable to virus and worm attacks.