SEGURIDAD EN VOZ SOBRE IP

Abstract

VoIP technology has many benefits; it has however some security problems, which are main-ly due to security drawbacks of data networks. In this paper, a generic method to implement secure VoIP networks is presented. This work is based on a study of existing vulnerabilities and countermeasures in the model layer ISO/OSI. Application, session, transport, network and link layers were studied. In order to understand how VoIP technology works, a description of the processes and com-ponents of this technology is introduced. The main concepta of rietwork security (confidentiality, integrity and availability) and the threats to VoIP networks are analysed. They provide an overview of the security issues of VoIP networks. In order to understand how attackers exploit vulnerabilities on VoIP protocols, a detailed study of H.323, SIP, RTP, MGCP, SCCP, and IAX protocols is presented. In addition, a study of security protocols used in VoIP networks (SRTP, TLS, IPsec encryption and IAX) is described. Finally, a method to implement security systems for VoIP is developed. This method provides recommendations per layer of the OSI model. Then, a practical implementation is performed, using the Asterisk PBX and Cisco networking equipment. The security of VoIP protocols is tested on this platform.