Abstract
The Voice over Internet Protocol (VoIP) is gradually becoming the de facto standard in communications technology and it is now viewed as a cheap alternative to Public Switched Telephone Networks (PSTN) due to its low cost and flexibility. However the flexibility and ability of VoIP to provide a converged data and voice network comes with security vulnerabilities and threats some of which are as a result of the existing IP architecture. However, the use of penetration tests can provide a framework for analysing and identifying vulnerabilities and flaws in a VoIP network which in turn can assist in enhancing security. This research presents how a comprehensive VoIP network security level can be attained by carrying out penetration tests through Ethical Hacking. In this research the VoIP Security Alliance (VoIPSA) taxonomy was used to classify VoIP threats which lead to the design of a penetration test which was carried out against a VoIP network in other to identify vulnerabilities and exploits relating to the VoIPSA threat classification. This resulted in the development of a VoIP penetration testing methodology suitable for VoIP Networks. The developed penetration testing methodology successfully identified vulnerabilities in the VoIP deployment which assisted in providing security recommendations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
3CX: 3CX Phone System for Windows Manual Version 12 (2013). http://www.3cx.com/support/3cx-manuals-and-documentation/
Bechtsoudis, A., Sklavos, N.: Aiming at higher network security through extensive penetration tests. Lat. Am. Trans. IIEEE (Rev. IEEE Am. Lat.) 10(3), 1752–1756 (2012)
Butcher, D., Li, X., Guo, J.: Security challenge and defense in VoIP infrastructures. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 37(6), 1152–1162 (2007)
Coulibaly, E., Liu, L.: Security of VoIP networks. In: 2nd International Conference on Computer Engineering and Technology (ICCET) 2010, pp. 104–108 (2010). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5485790
EC-Council: Penetration Testing: Procedures and Methodologies. Cengage Learning, Clifton Park, New York (2011)
Hanifan, Y., Bandung, Y.: Designing VoIP security system for organizational network. In: International Conference on ICT for Smart Society, pp. 1–5 (2013). http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6588074
Herzog, P.: OSSTMM 3 – The Open Source Security Testing Methodology Manual (2010). http://www.isecom.org/research/osstmm.html
Keromytis, A.: A comprehensive survey of voice over IP security research. IEEE Commun. Surv. Tutor. 14(2), 514–537 (2012)
Moon, K., Moon, M.M., Meshram, B.B.: Securing VoIP networks via signaling protocol layer. In: 2012 International Conference on Radar, Communication and Computing (ICRCC), pp. 6–10 (2012)
Open Information Systems Security Group: Information Systems Security Assessment Framework (ISSAF) draft 0.2 (2006). http://www.oissg.org/issaf
Perez-Botero, D., Donoso, Y.: VoIP eavesdropping: a comprehensive evaluation of cryptographic countermeasures. In: 2011 Second International Conference on Networking and Distributed Computing, pp. 192–196 (2011)
VoIP Security Alliance: VoIP Security and Privacy Threat Taxonomy, version 1 (2005). http://www.voipsa.org/Activities/taxonomy.php
Werapun, W., El Kalam, A.: Solution analysis for SIP security threats. In: International Conference on Multimedia Computing and Systems, ICMCS 2009 (2009). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5256707
Zhang, Y., Huang, H.: VoIP voice network technology security strategies. In: 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), pp. 3591–3594 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Ochang, P.A., Irving, P. (2017). Security Analysis of VoIP Networks Through Penetration Testing. In: Damaševičius, R., Mikašytė, V. (eds) Information and Software Technologies. ICIST 2017. Communications in Computer and Information Science, vol 756. Springer, Cham. https://doi.org/10.1007/978-3-319-67642-5_50
Download citation
DOI: https://doi.org/10.1007/978-3-319-67642-5_50
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67641-8
Online ISBN: 978-3-319-67642-5
eBook Packages: Computer ScienceComputer Science (R0)