Everything over IP

Data communication was standardized on IP a long time back, then came Voice

over IP (VoIP), and the latest jewel in IP's crown is Surveillance. The

benefits of moving to IP are fairly well known. For one, since it's the de

facto standard of communication, interoperability issues amongst devices are

gone. Second are cost savings, especially in the wake of VoIP. As you're using

the same network for voice and data communication, you save on infrastructure

costs. Plus, of course you can use your existing data links between your various

branch offices for voice as well, thereby saving on STD bills. As, surveillance

has also moved over IP, you can now monitor remote locations from anywhere, and

have much more fine grained control over physical security.

All this doesn't mean that everything is hunky-dory in this technology.

Issues of security and quality are there that need to be tackled. Let's look

at some of the key developments in everything over IP in more detail.

Wireless and VoIP convergence



To enhance user mobility, vendors have merged wireless networking with VoIP, to
create WiFi VoIP phones. Analogous to the way you access e-mail, you can receive

incoming calls anywhere in the world, as long as you're connected to the

Internet. Take your phone, along with the number and enter a wireless hotspot to

make a call. There are phones from Siemens, ZyXel, Vonage and Net2Phone that

offer this facility.

This facility is further extended by Worldwide Interoperability for Microwave

Access (WiMAX) technology (IEEE 802.16a). Created to operate in a high frequency

band from 10 to 66 GHz, WiMAX extends the WiFi experience across the length and

breadth of a city. It uses transmitters like cell phone towers to transmit

signals, ensuring relentless connectivity to the mobile user. Since

line-of-sight transmission is not involved, it becomes easier for multiple users

to connect at the same time. It is particularly cost-effective for geographic

locations where laying wired hardware is quite expensive. Plus, it provides

superior bandwidth than WiFi, where users are in a continuous battle over

connectivity. With a range radius running into several tens of miles, users don't

have to worry about hopping from one hotspot to the other. Wireless VoIP is of

particular importance to certain verticals such as health care and retail, where

worker mobility is urgently needed. However, security issues that plague

wireless systems need to be addressed to ensure wider acceptance.

Unlicensed Mobile Access or UMA allows cellular phone users to access GSM

voice and data services over broadband Internet across various hot spots. Using

this technology, subscribers can easily roam amongst cellular networks and

unlicensed wireless networks using dual-mode mobile handsets.

You can connect to wireless access points using unlicensed access

technologies, such as WLAN (WiFi) and Bluetooth. Nokia has recently developed a

UMA solution that provides network operators with UMA Network Controller (UNC),

linking their broadband and GSM networks. The UMA capable phone, Nokia 6136,

enables VoIP communication through WiFi in hot spots, and in places without WiFi,

the cellular network is used. This technology can be used by operators to

provide an alternate to fixed telephony as it allows the subscriber's mobile

handset to be their main phone at home, office and on the move.

VoIP security



The threats to Internet telephony are genetically closer to those for IP
networks than PSTN networks. A VOIP call can be broken into two parts: signaling

and media. If neither of these is encrypted, the call becomes vulnerable to

signal-channel attacks that fake caller ID, distort call quality, end calls

abruptly, and crash the end device. RTP is widely used for transmitting audio

and video packets between communicating computers.

However, since data packets are not transmitted in encrypted form, they can

be eavesdropped on by black hats throughout the transmission path. Thus, RTP was

improved upon to form SRTP (Secure RTP). It provides for encryption,

authentication, and integrity of the audio and video packets transmitted between

two devices. Then there is Skype that provides built-in encryption. We also have

an Open Source product, Zfone, that uses a VoIP encryption protocol called ZRTP,

to set up the cryptographic key agreement. This is done on a peer-to-peer basis,

a new key being used for each telephone call. However, for this tool to

function, both parties need to have it installed at their ends. Zfone uses

encryption hash technology that provides a unique three-digit identifier when a

caller initiates a VoIP call. When a conversation starts, callers share these

identifiers with each other, to ensure that there is no 'man-in-the-middle'

attack. The rest of the conversation is completely encrypted.

Juniper Networks has also introduced its 'Dynamic Threat Mitigation'

software to secure network services such as VoIP. Using Juniper routers and IDS/IPS,

the software prevents SIP attacks, worms and denial-of-service attacks, in real

time.

Though encryption for IP telephony is important, it's not the ultimate cure.

The biggest threat is eavesdropping at end points. No amount of IP telephony

encryption can prevent a Trojan or worm on your computer-or a hacker who has

managed to access your system-from eavesdropping on your phone calls. So,

end-user computers need to be as secure as the transmission channels.

IP Surveillance



It has started making dents into the conventional CCTV security installations
for reasons of both performance and cost benefits. You can use your existing

structured cabling infrastructure for carrying video signals from an IP camera.

You also save costs on infrastructure maintenance, monitoring and management of

equipment, and specialized training of personnel. With IP networks, you have

access to a wide range of automated software settings and alert systems that

make security management more efficient. You can view video signals over a Web

browser, which implies you enjoy the flexibility of viewing them over a device,

time and place of your choice. A major benefit is remote control over all your

cameras from one console. You can even record all videos on your hard disk,

which means accessing them becomes a lot faster. IP Surveillance also offers

easy scalability, as additional cameras can be added one at a time, whereas

analog systems generally require increments of 8, 16 or 24 cameras.

Voice over VPN



While deploying VoIP on LANs, it is recommended to create a separate VLAN
(Virtual LAN), to keep voice and data networks separate. Thus, any attack on one

would not have debilitating effects on the other. Securely sending VoIP data

across a VPN tunnel also helps to get around problems related to firewalls that

try to block VoIP data. For this, a VoIP gateway-router first converts the

analog signals to digital form and then encapsulates the digitized voice within

IP packets. Encryption of these packets can be done using IPSec, after which

these encrypted voice packets are routed through a VPN tunnel. At the receiver's

end, another VoIP router decodes the digital voice and converts it into an

analog signal for the phone, which in turn converts it to voice.

IP PBX



An IP based PBX system (IP PBX) allows an organization to converge both voice
and data networks, over a LAN or a WAN. It uses standard packet-switch protocols

to carry voice across a data network. A good thing about an IP PBX is that it

can scale as per the organization's need, without needing any expensive

support from traditional PBX providers. As it is based on open standards, users

are not captive to a proprietary architecture. They can choose components from

best vendors for future enhancements. Most vendors provide support for legacy

devices as part of IP PBX solutions. This creates a seamless interface between

the external PSTN network and the internal data network of an organization. IP

PBXs come in two flavors: client-server and converged. The former supports

client devices and switching using only IP telephony. The connectivity to

traditional PBX servers or PSTN is established using an external TDM-to-IP

gateway. While the latter supports both VoIP and TDM within the same server. It

connects to PSTN and IP data networks as well as IP phones, SIP phones and soft

phones.

Security and VoIP

To understand how VoIP calls are hacked, let's take an example of a VoIP network based on SIP and one that uses RTP for voice communication between two places. Take two VoIP phones (from the same vendor) and an IP PBX. Connect all of them to a hub. As RTP is not encrypted, a black hat can initiate a 'Man in the Middle' attack to capture a stream. Hook a machine on the same network, and run a hacking tool such as Ethereal. You can start capturing data by going to the tool's Capture menu and selecting the appropriate network adapter. Let Ethereal capture the data till the call ends. After that, stop the capture process and go to Statistics menu, and select the RTP submenu. Here, click on 'Show All Streams,' which opens a new window. You will see two different RTP streams. Select both the streams one by one and click on 'Analyze.' In the next window, click on 'Save Payload,' which would open another window. Give a name to the file, select the '.au' and 'forward' radio buttons, and save this file. Play this file on any media player and listen to the conversation between the two VoIP phones.

The use of IP in telecom services is increasing by the day. So, even if you

have not started using IP based services yet, get your infrastructure in place

fast.

Plustek's IP Camera

The IPcam P1000A enables managers to watch their premises from anywhere, anytime. You can watch live and recorded video feed on notebooks, PDAs and cellphones enabled with Internet connectivity. Besides this, users can also broadcast live activity videos, product shoot etc, to viewers in real time over a LAN or the Internet. The camera can be programmed to start recording only when it detects any motion or to record for a certain length before and after the motion. It can also be programmed to start and stop recording at a particular time and day of the week.