Security Analysis of VoIP Networks Through Penetration Testing

Ochang, Paschal A.; Irving, Philip

doi:10.1007/978-3-319-67642-5_50

Paschal A. Ochang¹¹ &
Philip Irving¹²

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 756))

Included in the following conference series:

International Conference on Information and Software Technologies

1206 Accesses
1 Citations

Abstract

The Voice over Internet Protocol (VoIP) is gradually becoming the de facto standard in communications technology and it is now viewed as a cheap alternative to Public Switched Telephone Networks (PSTN) due to its low cost and flexibility. However the flexibility and ability of VoIP to provide a converged data and voice network comes with security vulnerabilities and threats some of which are as a result of the existing IP architecture. However, the use of penetration tests can provide a framework for analysing and identifying vulnerabilities and flaws in a VoIP network which in turn can assist in enhancing security. This research presents how a comprehensive VoIP network security level can be attained by carrying out penetration tests through Ethical Hacking. In this research the VoIP Security Alliance (VoIPSA) taxonomy was used to classify VoIP threats which lead to the design of a penetration test which was carried out against a VoIP network in other to identify vulnerabilities and exploits relating to the VoIPSA threat classification. This resulted in the development of a VoIP penetration testing methodology suitable for VoIP Networks. The developed penetration testing methodology successfully identified vulnerabilities in the VoIP deployment which assisted in providing security recommendations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

3CX: 3CX Phone System for Windows Manual Version 12 (2013). http://www.3cx.com/support/3cx-manuals-and-documentation/
Bechtsoudis, A., Sklavos, N.: Aiming at higher network security through extensive penetration tests. Lat. Am. Trans. IIEEE (Rev. IEEE Am. Lat.) 10(3), 1752–1756 (2012)
Article Google Scholar
Butcher, D., Li, X., Guo, J.: Security challenge and defense in VoIP infrastructures. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 37(6), 1152–1162 (2007)
Article Google Scholar
Coulibaly, E., Liu, L.: Security of VoIP networks. In: 2nd International Conference on Computer Engineering and Technology (ICCET) 2010, pp. 104–108 (2010). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5485790
EC-Council: Penetration Testing: Procedures and Methodologies. Cengage Learning, Clifton Park, New York (2011)
Google Scholar
Hanifan, Y., Bandung, Y.: Designing VoIP security system for organizational network. In: International Conference on ICT for Smart Society, pp. 1–5 (2013). http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6588074
Herzog, P.: OSSTMM 3 – The Open Source Security Testing Methodology Manual (2010). http://www.isecom.org/research/osstmm.html
Keromytis, A.: A comprehensive survey of voice over IP security research. IEEE Commun. Surv. Tutor. 14(2), 514–537 (2012)
Article Google Scholar
Moon, K., Moon, M.M., Meshram, B.B.: Securing VoIP networks via signaling protocol layer. In: 2012 International Conference on Radar, Communication and Computing (ICRCC), pp. 6–10 (2012)
Google Scholar
Open Information Systems Security Group: Information Systems Security Assessment Framework (ISSAF) draft 0.2 (2006). http://www.oissg.org/issaf
Perez-Botero, D., Donoso, Y.: VoIP eavesdropping: a comprehensive evaluation of cryptographic countermeasures. In: 2011 Second International Conference on Networking and Distributed Computing, pp. 192–196 (2011)
Google Scholar
VoIP Security Alliance: VoIP Security and Privacy Threat Taxonomy, version 1 (2005). http://www.voipsa.org/Activities/taxonomy.php
Werapun, W., El Kalam, A.: Solution analysis for SIP security threats. In: International Conference on Multimedia Computing and Systems, ICMCS 2009 (2009). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5256707
Zhang, Y., Huang, H.: VoIP voice network technology security strategies. In: 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), pp. 3591–3594 (2011)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, Federal University Lafia, Lafia, Nasarawa State, Nigeria
Paschal A. Ochang
Department of Computing, Engineering and Technology, University of Sunderland, Sunderland, UK
Philip Irving

Authors

Paschal A. Ochang
View author publications
You can also search for this author in PubMed Google Scholar
Philip Irving
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philip Irving .

Editor information

Editors and Affiliations

Kaunas University of Technology, Kaunas, Lithuania
Robertas Damaševičius
Kaunas University of Technology, Kaunas, Lithuania
Vilma Mikašytė

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ochang, P.A., Irving, P. (2017). Security Analysis of VoIP Networks Through Penetration Testing. In: Damaševičius, R., Mikašytė, V. (eds) Information and Software Technologies. ICIST 2017. Communications in Computer and Information Science, vol 756. Springer, Cham. https://doi.org/10.1007/978-3-319-67642-5_50

Download citation

DOI: https://doi.org/10.1007/978-3-319-67642-5_50
Published: 23 September 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67641-8
Online ISBN: 978-3-319-67642-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics