Security Awareness and Challenges in VoIP Technology

Abstract: Considering the associated benefits that come along with VoIP technology over the tra-ditional telephony service; PSTN, there is no doubt that the best thing that has ever hap-pened to an organization is when management decided to move from the old world of telephony services “PSTN” to the new age of VoIP technology. Not only that this tech-nology provide a huge cost saving for an organization, but, also lots of both physical and logical benefits that are mostly inevitable for every organization.
Considering this huge benefits, it is not a surprise that many organisations that have adopted this technology might neglect the security issues associated with it. Thus, fail-ure to have proper security infrastructure in place for VoIP technology simply means, failure to achieve the goal of every organisation security; Confidentiality, Integrity and Availability (CIA). Kinjal et al. (2012), discussed that, an attacker can execute various kinds of attacks on the vulnerable VoIP solution systems in order to disrupt VoIP ser-vices, and some of those attacks come under the classifications of; Confidentiality, Availability, Authenticity and Larceny. Mathiyalakan (2006), also discussed two factors that could hold back the adoption of VoIP technology including; Quality of Service (QoS) and Security. Based on these issues, this thesis project aim to identify and pro-vide mitigation strategy for VoIP security threats and challenges, as well as to explore IT solution best practice prior to the implementation of VoIP technology.
In order to fulfil the purpose of this thesis, a case study about company xyz was chosen and the use of qualitative methods for data collection and analysis was also adopted. Analysis of the theoretical framework and empirical findings of this thesis project un-cover some the known VoIP security threats including; Call Eavesdropping, Call Re-cording, Voicemail Tampering, Denial of Service (DoS), Floods, Buffer Overflow At-tacks, Worms, Viruses, Registration Hijacking, Caller ID spoofing, Sound Insertion, Voice Phishing, Toll Fraud and Data Theft. And some of the discovered VoIP security challenges are; Availability, Confidentiality, Integrity, Traceability, Firewall, Network Address Translation “NAT” and Encryption.
All these security threats and challenges can then be proactively mitigated through the adoption of Unified Expert Theory “UET”. The aim and concept around this theory is to address and provide detail awareness around VoIP technology through the involvement of Business, VoIP, Network and Security Experts that are needed for a successful VoIP solution.