2 cissp ® Official Study Guide Eighth Edition


Voice over Internet Protocol (VoIP)



Download 19,3 Mb.
Pdf ko'rish
bet492/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   488   489   490   491   492   493   494   495   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Voice over Internet Protocol (VoIP)
VoIP 
is a technology that encapsulates audio into IP packets to support telephone calls 
over TCP/IP network connections. VoIP has become a popular and inexpensive telephony 
solution for companies and individuals worldwide.
It is important to keep security in mind when selecting a VoIP solution to ensure that it 
provides the privacy and security you expect. Some VoIP systems are essentially plain-form 
communications that are easily intercepted and eavesdropped; others are highly encrypted, 
and any attempt to interfere or wiretap is deterred and thwarted.
VoIP is not without its problems. Hackers can wage a wide range of potential attacks 
against a VoIP solution:

Caller ID
can be falsified easily using any number of VoIP tools, so hackers can perform 
vishing
(VoIP phishing) or 
Spam over Internet Telephony (SPIT)
attacks.

The call manager systems and the VoIP phones themselves might be vulnerable to 
host operating system (OS) attacks and DoS attacks. If a device’s or software’s host 
OS or firmware has vulnerabilities, there is increased risk of exploits.

Attackers might be able to perform man-in-the-middle (MitM) attacks by spoofing call 
managers or endpoint connection negotiations and/or responses.

Depending on the deployment, there are also risks associated with deploying VoIP 
phones off the same switches as desktop and server systems. This could allow for 
802.1X authentication falsification as well as virtual local area network (VLAN) and 
VoIP hopping (i.e., jumping across authenticated channels).

Since VoIP traffic is just network traffic, it is often possible to listen in on VoIP 
communications by decoding the VoIP traffic when it isn’t encrypted.

526
Chapter 12 

Secure Communications and Network Attacks
Secure Real-Time Transport Protocol
or 
Secure RTP (SRTP)
is a security improvement 
over the 
Real-Time Transport Protocol (RTP)
that is used in many VoIP communications. 
SRTP aims to minimize the risk of VoIP DoS through robust encryption and reliable 
authentication.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   488   489   490   491   492   493   494   495   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish