Data communication was standardized on IP a long time back, then came Voice
over IP (VoIP), and the latest jewel in IP's crown is Surveillance. The
benefits of moving to IP are fairly well known. For one, since it's the de
facto standard of communication, interoperability issues amongst devices are
gone. Second are cost savings, especially in the wake of VoIP. As you're using
the same network for voice and data communication, you save on infrastructure
costs. Plus, of course you can use your existing data links between your various
branch offices for voice as well, thereby saving on STD bills. As, surveillance
has also moved over IP, you can now monitor remote locations from anywhere, and
have much more fine grained control over physical security.
All this doesn't mean that everything is hunky-dory in this technology.
Issues of security and quality are there that need to be tackled. Let's look
at some of the key developments in everything over IP in more detail.
Wireless and VoIP convergence
To enhance user mobility, vendors have merged wireless networking with VoIP, to
create WiFi VoIP phones. Analogous to the way you access e-mail, you can receive
incoming calls anywhere in the world, as long as you're connected to the
Internet. Take your phone, along with the number and enter a wireless hotspot to
make a call. There are phones from Siemens, ZyXel, Vonage and Net2Phone that
offer this facility.
This facility is further extended by Worldwide Interoperability for Microwave
Access (WiMAX) technology (IEEE 802.16a). Created to operate in a high frequency
band from 10 to 66 GHz, WiMAX extends the WiFi experience across the length and
breadth of a city. It uses transmitters like cell phone towers to transmit
signals, ensuring relentless connectivity to the mobile user. Since
line-of-sight transmission is not involved, it becomes easier for multiple users
to connect at the same time. It is particularly cost-effective for geographic
locations where laying wired hardware is quite expensive. Plus, it provides
superior bandwidth than WiFi, where users are in a continuous battle over
connectivity. With a range radius running into several tens of miles, users don't
have to worry about hopping from one hotspot to the other. Wireless VoIP is of
particular importance to certain verticals such as health care and retail, where
worker mobility is urgently needed. However, security issues that plague
wireless systems need to be addressed to ensure wider acceptance.
Unlicensed Mobile Access or UMA allows cellular phone users to access GSM
voice and data services over broadband Internet across various hot spots. Using
this technology, subscribers can easily roam amongst cellular networks and
unlicensed wireless networks using dual-mode mobile handsets.
You can connect to wireless access points using unlicensed access
technologies, such as WLAN (WiFi) and Bluetooth. Nokia has recently developed a
UMA solution that provides network operators with UMA Network Controller (UNC),
linking their broadband and GSM networks. The UMA capable phone, Nokia 6136,
enables VoIP communication through WiFi in hot spots, and in places without WiFi,
the cellular network is used. This technology can be used by operators to
provide an alternate to fixed telephony as it allows the subscriber's mobile
handset to be their main phone at home, office and on the move.
VoIP security
The threats to Internet telephony are genetically closer to those for IP
networks than PSTN networks. A VOIP call can be broken into two parts: signaling
and media. If neither of these is encrypted, the call becomes vulnerable to
signal-channel attacks that fake caller ID, distort call quality, end calls
abruptly, and crash the end device. RTP is widely used for transmitting audio
and video packets between communicating computers.
VXML |
Voice Extensible Markup Language (VXML), facilitates interactive voice communication between a person and a computer, using voice recognition technology. The user interacts with the voice browser by listening to audio output that is either pre-recorded or computer-synthesized and submits an |
However, since data packets are not transmitted in encrypted form, they can
be eavesdropped on by black hats throughout the transmission path. Thus, RTP was
improved upon to form SRTP (Secure RTP). It provides for encryption,
authentication, and integrity of the audio and video packets transmitted between
two devices. Then there is Skype that provides built-in encryption. We also have
an Open Source product, Zfone, that uses a VoIP encryption protocol called ZRTP,
to set up the cryptographic key agreement. This is done on a peer-to-peer basis,
a new key being used for each telephone call. However, for this tool to
function, both parties need to have it installed at their ends. Zfone uses
encryption hash technology that provides a unique three-digit identifier when a
caller initiates a VoIP call. When a conversation starts, callers share these
identifiers with each other, to ensure that there is no 'man-in-the-middle'
attack. The rest of the conversation is completely encrypted.
Juniper Networks has also introduced its 'Dynamic Threat Mitigation'
software to secure network services such as VoIP. Using Juniper routers and IDS/IPS,
the software prevents SIP attacks, worms and denial-of-service attacks, in real
time.
Though encryption for IP telephony is important, it's not the ultimate cure.
The biggest threat is eavesdropping at end points. No amount of IP telephony
encryption can prevent a Trojan or worm on your computer-or a hacker who has
managed to access your system-from eavesdropping on your phone calls. So,
end-user computers need to be as secure as the transmission channels.
IVE Video Plus Voice Service |
Sony Electronics and GlowPoint have launched a new version of Sony's Instant Video Everywhere (IVE) service, to provide free video and voice service for consumers throughout the globe. IVE combines VoIP services with live video to enable users to send and receive video and voice calls worldwide with other IVE users, and also to cell phones, telephones, and other traditional video or audio conferencing systems. You can communicate outside your home or office from any broadband enabled location or 'hotspot.' The customers have the flexibility of communicating beyond users of the same proprietary service. The IVE service is a tremendous boon for people living in different parts of the globe as they can see and talk to each other simultaneously, using real-time, high quality video. Similarly, the branch offices of an enterprise can hold video conferences from different locations. |
IP Surveillance
It has started making dents into the conventional CCTV security installations
for reasons of both performance and cost benefits. You can use your existing
structured cabling infrastructure for carrying video signals from an IP camera.
You also save costs on infrastructure maintenance, monitoring and management of
equipment, and specialized training of personnel. With IP networks, you have
access to a wide range of automated software settings and alert systems that
make security management more efficient. You can view video signals over a Web
browser, which implies you enjoy the flexibility of viewing them over a device,
time and place of your choice. A major benefit is remote control over all your
cameras from one console. You can even record all videos on your hard disk,
which means accessing them becomes a lot faster. IP Surveillance also offers
easy scalability, as additional cameras can be added one at a time, whereas
analog systems generally require increments of 8, 16 or 24 cameras.
Voice over VPN
While deploying VoIP on LANs, it is recommended to create a separate VLAN
(Virtual LAN), to keep voice and data networks separate. Thus, any attack on one
would not have debilitating effects on the other. Securely sending VoIP data
across a VPN tunnel also helps to get around problems related to firewalls that
try to block VoIP data. For this, a VoIP gateway-router first converts the
analog signals to digital form and then encapsulates the digitized voice within
IP packets. Encryption of these packets can be done using IPSec, after which
these encrypted voice packets are routed through a VPN tunnel. At the receiver's
end, another VoIP router decodes the digital voice and converts it into an
analog signal for the phone, which in turn converts it to voice.
IP PBX
An IP based PBX system (IP PBX) allows an organization to converge both voice
and data networks, over a LAN or a WAN. It uses standard packet-switch protocols
to carry voice across a data network. A good thing about an IP PBX is that it
can scale as per the organization's need, without needing any expensive
support from traditional PBX providers. As it is based on open standards, users
are not captive to a proprietary architecture. They can choose components from
best vendors for future enhancements. Most vendors provide support for legacy
devices as part of IP PBX solutions. This creates a seamless interface between
the external PSTN network and the internal data network of an organization. IP
PBXs come in two flavors: client-server and converged. The former supports
client devices and switching using only IP telephony. The connectivity to
traditional PBX servers or PSTN is established using an external TDM-to-IP
gateway. While the latter supports both VoIP and TDM within the same server. It
connects to PSTN and IP data networks as well as IP phones, SIP phones and soft
phones.
Security and VoIP |
|
To understand how VoIP calls are hacked, let's take an |
The use of IP in telecom services is increasing by the day. So, even if you
have not started using IP based services yet, get your infrastructure in place
fast.
Plustek's IP Camera |
|
The IPcam P1000A enables managers to watch their |