Please enable JavaScript.
Coggle requires JavaScript to display documents.
1.9.5
2.9.5 (VOICE-OVER IP ( IP telephony, also known as Internet…
1.9.5
2.9.5
VOICE-OVER IP ( IP telephony, also known as Internet telephony)
, is the technology that makes it possible to have a voice conversation over the Internet or over any dedicated IP network instead of dedicated voice transmission lines.
-
VoIP allows the elimination of circuit switching and the associated waste of bandwidth. Instead, packet switching is used,
advantages
• VoIP innovation progresses at market rates rather than at the rates of the multilateral committee process of the International Telecommunications Union (ITU)
• Lower costs per call or even free calls, especially for long-distance calls
• Lower infrastructure costs. Once IP infrastructure is installed, no or little additional telephony infrastructure is needed
When designing a VoIP system, the backup has to be considered.
-
-
Voice and multimedia communications typically contain or relate to business-critical information,
• Intellectual property (e.g., patents, copyrighted material)
• Sensitive corporate material,
including data relating to financials, marketing and strategic planning, sensitive personnel information, sales and marketing, and daily business operations
• Communications with third parties,
such as customers, government authorities, external legal counsel, joint venture partners, stockholders, stockbrokers and external auditors
-
-
-
Security
security mechanisms, such as those
deployed in data networks (e.g., firewalls, encryption)
session border controllers (SBCs) are used to provide security
features for VoIP traffic similar to that provided by firewalls.
-
OS patches and virus signature updates must be promptly applied to prevent a potential system outage
To enhance the protection of the telephone system and data traffic,
-
PRIVATE BRANCH EXCHANGE
A PBX is a computer-based switch that can be thought of as essentially a small, in-house phone company for the organization that operates it
Failure to secure a PBX can result in exposing the organization to ,
-
-
-
-
principal purposes of a PBX is to save the cost of requiring a line for each user to the telephone company’s central office. Also,
-
Risk
• Theft of service—Toll fraud, probably the most common of motives for attackers
• Disclosure of information—Data disclosed without authorization, either by deliberate action or by accident.
Examples include eavesdropping on conversations and unauthorized access to routing and address data.
• Data modification—Data altered in some meaningful way by reordering, deleting or modifying it
. For example, an intruder may change billing information or modify system tables to gain additional services.
• Unauthorized access—Actions that permit an unauthorized user to gain access to system resources or privileges
• Denial of service—Actions that prevent the system from functioning in accordance with its intended purpose.
A piece of equipment or entity may be rendered inoperable or forced to operate in a degraded state; operations that depend on timeliness may be delayed.
• Traffic analysis—A form of passive attack in which an intruder observes information about calls (although not necessarily the contents of the messages) and makes inferences (e.g., from the source and destination numbers or frequency and length of the messages).
For example, an intruder observes a high volume of calls between a company’s legal department and patent office and concludes that a patent is being filed.
-
PBX Audit
preliminary assessment of the PBX system,
-
-
type of perceived threat and the seriousness of any discovered vulnerabilities must be decided by the auditor
corrective actions must also be determined based on the cost of the loss compared with the cost of the corrective action
-