Voice apps push security barriers

Security threats are on the increase as voice applications move to converged networks where devices are connected to the IP network.

As a result, communication devices are more open to attacks to gain unauthorised access including stored messages, call history records, configuration files, interactive voice response scripts, and log files.

Communications integrator NSC account executive Bob Struthers said threats include eavesdropping, which in the data world involves sniffing network packets for data that can be interpreted in real time.

In the converged space, he said, the new eavesdropping threat involves sniffing voice conversations.

One method of dealing with this threat is encryption, but Struthers said access to data for the purpose of decryption must be controlled using strong authentication and authorisation integrity when deploying voice applications on the converged infrastructure. Therefore, he said encryption is valuable but not sufficient.

"Integrity threats are based on the insertion of bogus content in files or communication streams; attackers may insert malicious or misleading data into unprotected files," Struthers said.

"Other threats involve an attacker spoofing the identity of a valid user to gain access to systems and operate with the full privileges of the impersonated user."

To deal with integrity threats, authentication and signing techniques for users, devices and applications is essential before accessing converged networking resources.

"For example, phones that are connected to a network should be authenticated prior to allowing access to feature servers that enable placing calls," he said.

Another threat to converged networks is Distributed Denial of Service (DDoS) allowing an attacker to gain control of multiple computers to simultaneously attack a single target.

"This type of DoS attack is more difficult to thwart because the perpetrators are more numerous; they can take the form of ICMP floods, TCP SYN floods, and UDP floods," he said.

Struthers said implementations should folllow the Internet Engineering Task Force (IETF) Site Security Handbook RFCs 1918 and 2827.

Case example

NSC is working closely with the Australian National University to meet the security protocols on a major convergent network roll-out.

The ANU is implementing a $5 million IP communications network over the next three years.

As the implementation of converged networks becomes more common so too does the need for a communications integrator to provide network designs that take security into account. Another project under way is a converged voice, data and phone messaging solution at the Department of Veterans' Affairs.

Join the newsletter!

Or
Error: Please check your email address.

More about IETFInternet Engineering Task ForceNSC GroupWoolworths

Show Comments