Two Days Left to Get a Free GIAC Certification Attempt or Take $350 Off with OnDemand or vLive Training!

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

VOIP Issues

Featuring 10 Papers as of April 30, 2019

  • Security Considerations for Voice over Wi-Fi (VoWiFi) Systems STI Graduate Student Research
    by Joel Chapman - April 30, 2019 

    As the world pivots from Public Switched Telephony Networks (PSTN) to Voice over Internet Protocol (VoIP)-based telephony architectures, users are employing VoIP-based solutions in more situations. Mobile devices have become a ubiquitous part of a person's identity in the developed world. In the United States in 2017, there were an estimated 224.3 million smartphone users, representing about 68% of the total population. The ability to route telephone call traffic over Wi-Fi networks will continue to expand the coverage area of mobile devices, especially into urban areas where high-density construction has previously caused high signal attenuation. Estimates show that by 2020, Wi-Fi-based calling will make up 53% of mobile IP voice service usage (roughly 9 trillion minutes per year) (Xie, 2018). In contrast to the more traditional VoIP solutions, however, the standards for carrier-based Voice over Wi-Fi (VoWiFi) are often proprietary and have not been well-publicized or vetted. This paper examines the vulnerabilities of VoWiFi calling, assesses what common and less well-known attacks are able to exploit those vulnerabilities, and then proposes technological or procedural security protocols to harden telephony systems against adversary exploitation.

  • Security Considerations for Avaya ESS Implementation by Thomas McDermott - December 29, 2008 

    This paper addresses the security requirements of an enterprise PBX. The sample PBX architecture is an Avaya Enterprise Survivable Server (ESS) environment supporting an enterprise with multiple call centers.

  • Skype: A Practical Security Analysis by Bert Hayes - October 15, 2008 

    The purpose of this paper is to suggest best practices and recommendations when running Skype.

  • VoIP Security Vulnerabilities by David Persky - December 21, 2007 

    Since the dawn of time, humans have tried to communicate with each other. As languages and dialects prospered, the forms of communication became more advanced by using letters in various alphabets and writing messages on papers or letters. From the Caeser cipher that Julius Caesar used where letters in encrypted messages were actually three letters off, to the Nazis in WWII who built and used the Enigma machine to encrypt military communications, to SIP-TLS to encrypt VoIP conversations, as forms of communication have advanced there have been subsequent efforts to keep those communications secret by one party, and to identify the clear message by a second party.

  • Security Issues and Countermeasure for VoIP by Jianqiang Xin - February 7, 2007 

    This paper focuses on these VoIP specific security threats and the countermeasures to mitigate the problem.

  • Voice Over Internet Protocol (VoIP) and Security by Greg Tucker - January 17, 2005 

    This paper will describe Voice Over Internet Protocol (VoIP) to a level that allows discussion of security issues and concerns. Business concerns of implementing VoIP, components of a VoIP system, and relevant security issues and concerns as they apply to the topics, are explored.

  • The VoIP Dilemma by Fernando Robles - August 15, 2004 

    This paper intends to discuss the general security concerns that need to be considered during the design and implementations of a VoIP (Voice over Internet Protocol) converged infrastructure.

  • Latency and QoS for Voice over IP by Karie Gonia - March 20, 2004 

    This paper will familiarize the reader with the fundamentals of a VoIP (Voice over IP) implementation and its effects. VoIP has been a front runner for companies looking to take advantage of IP.

  • Security Concerns with VOIP by Eric Weiss - August 20, 2001 

    This paper will briefly discuss the following IP telephony standards: H.323 from the ITU, Session Initiation Protocol (SIP) from the IETF,and MGCP by the Media Control Working Group.

  • Secure Voice Over IP by Brian Stringfellow - August 15, 2001 

    The purpose of this document is to give a general overview of Voice over IP (VoIP) and to explain the essential security issues surrounding a successful VoIP deployment.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact

All papers are copyrighted. No re-posting or distribution of papers is permitted.

STI Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.