Multi-Layered VoIP Security
The most threatening attacks for VoIP service providers and enterprises are those that can degrade the quality of voice, thus rendering the service useless. The simplest way to achieve voice quality degradation is through Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
VoIP communication brings another dimension into the security challenge by introducing both control (signaling) and content (voice) parallel channels which together form the VoIP service. The dependence of these channels on one another drastically increases the risk that VoIP service can be damaged, as each one of the channels has its own vulnerabilities. It doesn’t matter which vulnerability is exploited because the attack renders the whole service useless.
Handling the Threats
A comprehensive, multilayer risk mitigation strategy must be implemented in combination with native IP telephony features and standard network security measures. Failure to do so is likely to expose a company to security breaches and service disruptions, resulting in expensive reactive measures.
The following key threats must be addressed:
- Malicious degradation of voice service (DoS, virus, and hacker attacks)
- Intrusion of other network services facilitated by IP telephony implementation
- Non-authorized or fraudulent use of IP telephony equipment
Adding these threats to inherent IP infrastructure vulnerabilities, effective protections for VoIP service are essential for every VoIP service provider – and for any organization that leverages or plans to use IP telephony as part of their ongoing business operation.
Radware’s DefensePro®introduces innovative signature-based and behavioral-based technology modules that aim to detect and prevent VoIP threats. By deploying a multilayer approach of VoIP defenses, DefensePro can protect against all types of VoIP threats.
DefensePro provides VoIP service and infrastructure protection for the three layers of threats shown in the diagram.
- VoIP network threats (first layer) – protects against known and zero-day network flood attacks which cause voice service degradation
- VoIP transport threats (second layer) – protects against misuse and vulnerability exploitation of the TCP/IP stack of VoIP servers
- VoIP application threats (third layer) – protects against the exploitation of SIP protocol vulnerabilities, as well as SIP server non-vulnerability-based threats including: SIP server resource misuse, SIP application brute forcing, SIP Application scanning and SIP application flooding