OWASP Delhi Meeting VOIP: Emerging Threats and Defenses

Voice over IP (VoIP) has finally come of age and is being rapidly embraced across most markets as an alternative to the traditional public-switched telephone network. VoIP is a broad term, describing many different types of applications (hard phones, softphones, and so on), and using a wide variety of both proprietary and open protocols (SIP, RTP, H.323, and so on). Most major enterprise VoIP vendors are integrating the upcoming protocols into their products. As a result, VOIP-specific attacks such as registration hijacking, BYE call teardown, and INVITE flooding are also likely to emerge.

There is no one time fix for solving current and emerging VoIP security problems. Rather, a well-planned defense-in-depth approach that extends your current security policy is your best bet to mitigate the current and emerging threats to VoIP.