The intent of this paper is to define the security issues regarding the use of Voice over Internet Protocol (VOIP), how these security issues can be resolved, and what a VOIP provider can do in terms of strategies to protect users from external intrusion. Vonage and Comast Digital Voice, two leaders in this field are also profiles in this report from the standpoint of evaluating their security and reliability. To be clear, VOIP is defined as the transmission of voice over packet-switched IP networks, and is the fastest growing area of telecommunications globally.

             VOIP Security Issues.

             Threats to VOIP systems include but are not limited to denial-of-service (DoS) attacks, eavesdropping, man in the middle (MITM) attacks, call hijacking, spoofing, and call fraud in addition to many others. These threats are becoming more prevalent against VOIP providers, forcing the need for continual improvement to counter the increasing sophistication of hijacking, hacking, and listening devices. The most common are DoS and eavesdropping, which are briefly discussed below.

             Denial-of-Service attacks are becoming commonplace even in the early adopter VOIP providers. To counter these attacks Cisco and other network hardware manufacturers are adopting authentication logic in their firmware (electronics) and the ability to spot trends in incoming traffic that signal a DoS in progress. This is the most common threat to VOIP Providers, according to International Data Corporation, 2006. Using VOIP-level firewalls is critical to counter this threat as many today can predict incoming traffic trends showing a DoS attack in progress before the entire system is crashed. .

             Eavesdropping is also a very common threat that VOIP partners encounter, as hackers can record to audio files conversations and post them to the Internet. According to Ghaffar, 2004 a proven strategy for countering eavesdropping is to layer in security strategies for ensuring authorization, authentication, defining Transport Layer Security (TLS), and Media encryption through the Secure Real-time Transport Protocol (SRTP).