Digital Phone Service : Digital Voice Security

Back

Q: What is Digital Voice eavesdropping?

 

A: Eavesdropping on Digital Voice calls takes place when unauthorized third parties monitor call signal packets. By eavesdropping, third parties can learn user names, passwords, and phone numbers thereby gaining control over calling plans, voicemail, call forwarding, and billing information. More importantly, third parties may also gain access to confidential business and personal information by eavesdropping on actual Digital Voice based conversations.

 

Q: What is Digital Voice identity theft?


A: Digital Voice identity theft occurs when an unauthorized third party obtains a

user name and password and uses it to place calls at the expense of the legitimate account owner. In some cases, the third party may mislead other call participants into believing that the unauthorized third party is in fact the legitimate account owner.

 

Q: What is a Digital Voice denial of service attack?

 

A: Digital Voice denial of service attacks (DoS attacks) overwhelm IP telephony devices with call requests and registrations. This flooding can create resource exhaustion, long term busy signals, and force disconnects of in session calls.

 Digital Phone Service


Q: What is SPIT or Spam Over Internet Telephony?


A: Digital Voice spam is a relatively new threat with very few incidents reported thus far. Even so, every Digital Voice account has an IP address associated with it, allowing spammers to target thousands of IP addresses with messages. Most of these messages will end up clogging voicemail boxes, creating a need for more voice storage capacity and efficient voicemail management tools.

 

A: Phishing in the Digital Voice world is similar to Digital Voice SPIT except that the voice mail left for the account owner is purportedly from a trustworthy person or business and is designed to acquire sensitive information such as passwords or credit card numbers. Recipients may be provided a phone number or web address masquerading as a legitimate bank or online payment service.

 

Q: What is Digital Voice service theft?

 
A: Similar in nature to PSTN based toll fraud, service theft in the Digital Voice world involves an unauthorized third party initiating outbound calls using a valid user’s name and password. Service fraud may also occur when a third party gains unauthorized physical access to a Digital Voice device. Typically, Digital Voice service theft is used for international calls where rates are higher.
   

Q: What precautions should be taken against Digital Voice security threats?


A: First, ensure that all Digital Voice traffic is encrypted. There are multiple options here including VPNs and SRTP (Secure

RTP), but make sure that the selected encryption method is efficient and fast. Otherwise, performance and throughput may be negatively impacted. Second, actively monitor for unauthorized or non-compliant technologies supporting the Digital Voice network. This includes identifying devices with non-standard configurations. Third, make Digital Voice servers physically secure by adopting technologies such as firewalls and intrusion detection. Be sure to use firewalls that can handle the unique attributes of Digital Voice traffic. Finally, require all users to login to access the Digital Voice network. A Digital Voice handset should be treated no differently than a user’s computer where network access is governed by login and password.

 Digital Home Phone Service

 

 

E-mail: Digital Voice Information