Evaluation of Security and Countermeasures for a SIP-Based VoIP Architecture

Evaluation tests were conducted on Asterisk IPPBX and several SIP hardware and software clients from the security point of view. The tools involved allow scanning, enumerating, fingerprinting, UDP flooding, session and application hacking, traffic interception, eavesdropping, session teardown and RTP media injection/mixing. The responses were interpreted in regards to the capabilities of the targeted systems to make/receive calls, recover after the attacks, and provide debugging/error responses during the attacks. After testing for vulnerabilities, countermeasures were applied by encrypting the media stream, configuring a firewall and installing an Intrusion Detection/ Prevention System.