Secure Voice Communications
VoIP
o Encapsulates audio into IP packets to support telephone calls
over TCP/IP network connections
o Issues
Caller ID can be falsified using VoIP tools
Vishing
SPIT (spam)
DoS attacks
Man-in-the-Middle
o SRTP - Secure Real Time Transport Protocol is a security
improvement over RTP Real Time Protocol
Social Engineering
o Malicious individuals can exploit voice communications
Fraud and Abuse
o PBX or Private Branch Exchange - many PBX systems can be
exploited to avoid toll charges or hide their identity
o Phreakers gain unauthorized access to personal voice mailboxes,
redirect messages, block access and redirect inbound/outbound
calls
o Countermeasures
Replace remote access or long distance calls with credit
card or calling card system
Restrict dial-in and dial-out features to authorized
individuals
Used unpublished phone numbers
Block or disable unassigned access codes/accounts
AUPolicy
Disable mntc modems
VoIP
o Encapsulates audio into IP packets to support telephone calls
over TCP/IP network connections
o Issues
Caller ID can be falsified using VoIP tools
Vishing
SPIT (spam)
DoS attacks
Man-in-the-Middle
o SRTP - Secure Real Time Transport Protocol is a security
improvement over RTP Real Time Protocol
Social Engineering
o Malicious individuals can exploit voice communications
Fraud and Abuse
o PBX or Private Branch Exchange - many PBX systems can be
exploited to avoid toll charges or hide their identity
o Phreakers gain unauthorized access to personal voice mailboxes,
redirect messages, block access and redirect inbound/outbound
calls
o Countermeasures
Replace remote access or long distance calls with credit
card or calling card system
Restrict dial-in and dial-out features to authorized
individuals
Used unpublished phone numbers
Block or disable unassigned access codes/accounts
AUPolicy
Disable mntc modems
