The components of Voice over Internet Protocol (VoIP) include: end-user equipment, network components, call processors, gateways and protocols.
1. End-user equipment
It is used to access the Voice over Internet Protocol (VoIP) system to communicate with another end point. Connection to the network may be physically cabled or may be wireless. The end-user equipment may be a phone that sits on a desk or a softphone that is installed on a PC.Functions include voice and possibly video communication, and may contain instant messaging, monitoring and surveillance capabilities. Though end-user equipment is often deployed on an internal, protected network, it is usually is not individually protected by other devices (firewalls) and may be threatened if the equipment has vulnerabilities. The threat, of course, is also dependent on the level of security that exists on the internal network. If the device is allowed to reach or can be reached from a public or unprotected network, there may be threats that are not normally found on the internal network. Softphone software may have vulnerabilities, there may be vulnerabilities in the operating system it is running on, and there may be vulnerabilities of other applications running on the operating system. Patching operating system, soft phone software and those other applications can help mitigate the risk of any threats that are present. Additionally, some end-user equipment may have firmware upgrades that can be applied or may be able to obtain updated software during registration. For operating system based Voice over internet protocol solutions, consideration should be given to virus detection and host based firewalls as well as host-based intrusion detection. Centralization of management of these security components is best, allowing the users of the solution to focus on their duties instead of security details, increasing productivity.
2. Network components
It include cabling, routers, switches and firewalls. Usually the existing IP network is where a new Voice over Internet Protocol (VoIP) system is installed. The impact on the internet protocol network is greater than merely adding more traffic. The added traffic has more of an urgency to reach its destination than most of the data traffic that is already supported. Switches, routers and firewalls will need to recognize and act on Voice over internet protocol data in order to keep latency down. Additional security measures, addressed later, will complicate this process.
Performance can be gained by separating the data traffic from the voice over internet protocol traffic by putting them on different virtual local area networks. This allows management of the data to be segregated so it can be handled based on data type. Since the voice over internet protocol data must have a higher level, isolation of the data types via virtual local area network can help increase the performance at the cost of that on other virtual local area network. This cost may be very low to the other applications. Although virtual local area network should not be relied on alone, they will add a layer of security. The ability to listen to, or sniff, the network, potentially allows the hacker to monitor calls and manipulate the voice over internet protocol system. It is generally more difficult for a hacker to sniff or interfere with the voice traffic from the data virtual local area network when the voice traffic is on its own virtual local area network, but it can be done by manipulating the routing of the network. Encryption can also help defend against sniffing. Another internetprotocol network concern is network slowdowns that might increase latency, jitter or packet loss. Slowdowns can be caused for many reasons including configuration issues, denial of service attacks or high bandwidth utilization by other systems on the network. Configuration issues are probably best addressed with education and checking mechanisms, such as having a co-worker verify configurations. Denial of service attacks are difficult to defend against, but may be reduced by filtering the traffic that can communicate on the network to be only that which is allowed. This may prove difficult due to the use of random ports by voice over internet protocol. Regular network bandwidth analysis can help with tuning of a network and helps with capacity planning. Being aware of bandwidth growth trends helps network administrators know when bandwidth needs to be addressed.
Voice over internet protocol suffers from most of the same internet protocol network vulnerabilities as other systems. A well secured internal network is the first step to protecting the voice over internet protocol system as it was for the pre-existing internet protocol network. Care must be taken to ensure security solutions keep latencies low or the security solution itself may prove to be a denial of service.
3. Call processor
These functions can include phone number to internet protocol translation, call setup, call monitoring, user authorization, signal coordination, and may help control bandwidth. Call processors are usually software that runs on a popular OS. This leaves it open to network attacks for the vulnerabilities of the given OS, the vulnerabilities of the application and other applications running on the operating system.
It can be categorized into three functional types: Signaling Gateways,Media Gateways and Media Controllers. In general, they handle call origination and detection and analog to digital conversion. Signaling gateways manage the signal traffic between an internet protocol network and a switched circuit network, while media gateways manage media signals between the two. Media Gateway Controllers manage traffic. The most common gateway protocols are megaco. Both are composites or derivations of previously but now less used protocols. Vulnerabilities can exist between the internal internet protocol network and the “gated”, circuit switched network. Care should be taken to ensure any vulnerabilities are mitigated.
Gateway communication should be secured with internet protocol Sec to prevent interference with calls and to prevent unauthorized calls from being setup. The gateway itself is vulnerable to internet protocol based attacks and can be mitigated by using internet protocol Sec and by removing any unnecessary services and open ports, as should be done with any server.