Editing Voice over IP (section)

==Security==
Secure calls are possible using standardized protocols such as [[Secure Real-time Transport Protocol]]. Most of the facilities of creating a [[secure telephone]] connection over traditional phone lines, such as digitizing and digital transmission, are already in place with VoIP. It is necessary only to [[encrypt]] and [[authenticate]] the existing data stream. Automated software, such as a [[Business telephone system#Current trends|virtual PBX]], may eliminate the need for personnel to greet and switch incoming calls.

The security concerns for VoIP telephone systems are similar to those of other Internet-connected devices. This means that [[hacker]]s with knowledge of [[VoIP vulnerabilities]] can perform [[denial-of-service]] attacks, harvest customer data, record conversations, and compromise voicemail messages. Compromised VoIP user account or session credentials may enable an attacker to incur substantial charges from third-party services, such as long-distance or international calling.

The technical details of many VoIP protocols create challenges in routing VoIP traffic through [[firewall (networking)|firewalls]] and [[network address translator]]s, used to interconnect to transit networks or the Internet. Private [[session border controller]]s are often employed to enable VoIP calls to and from protected networks. Other methods to [[NAT traversal|traverse NAT]] devices involve assistive protocols such as [[STUN]] and [[Interactive Connectivity Establishment]] (ICE).

Standards for securing VoIP are available in the [[Secure Real-time Transport Protocol]] (SRTP) and the [[ZRTP]] protocol for [[analog telephony adapter]]s, as well as for some [[softphone]]s. [[IPsec]] is available to secure [[Point-to-point (telecommunications)|point-to-point]] VoIP at the transport level by using [[opportunistic encryption]]. Though many consumer VoIP solutions do not support encryption of the signaling path or the media, securing a VoIP phone is conceptually easier to implement using VoIP than on traditional telephone circuits. A result of the lack of widespread support for encryption is that it is relatively easy to eavesdrop on VoIP calls when access to the data network is possible.<ref>{{cite web|website=CircleID|url=http://www.circleid.com/posts/examining_two_well_known_attacks_on_voip1/ |first1=Peter |last1=Thermos |date= April 5, 2006 |title=Examining Two Well-Known Attacks on VoIP|access-date=April 5, 2006}}</ref> Free open-source solutions, such as [[Wireshark]], facilitate capturing VoIP conversations.

Government and military organizations use various security measures to protect VoIP traffic, such as voice over secure IP (VoSIP), secure voice over IP (SVoIP), and secure voice over secure IP (SVoSIP).<ref>{{cite web |url-status=dead |url=http://iase.disa.mil/stigs/stig/VoIP-STIG-V2R2.pdf |archive-url=https://web.archive.org/web/20090825002946/http://iase.disa.mil/stigs/stig/VoIP-STIG-V2R2.pdf |archive-date=August 25, 2009 |title=Internet Protocol Telephony & Voice over Internet Protocol Security Technical Implementation Guide Version 2, Release 2 |date=21 April 2006 |publisher=DISA }}</ref> The distinction lies in whether encryption is applied in the telephone endpoint or in the network.<ref>{{cite web |url=http://www.gdc4s.com/Documents/Products/SecureVoiceData/GD-SVOIP_FAQ-w.pdf |title=Secure Voice over IP (SVoIP) vs. Voice over Secure IP (VoSIP) Installations |website=General Dynamics C4 Systems |url-status=dead |archive-url=https://web.archive.org/web/20150924021100/http://www.gdc4s.com/Documents/Products/SecureVoiceData/GD-SVOIP_FAQ-w.pdf |archive-date= Sep 24, 2015 }}</ref> Secure voice over secure IP may be implemented by encrypting the media with protocols such as [[Secure Real-time Transport Protocol|SRTP]] and [[ZRTP]]. Secure voice over IP uses [[Type 1 encryption]] on a classified network, such as [[SIPRNet]].<ref>{{cite journal|first1=Markus|last1=Dunte|first2=Christoph|last2=Ruland|url=http://paper.ijcsns.org/07_book/200706/20070610.pdf|title=Secure Voice-over-IP|journal=International Journal of Computer Science and Network Security|date=June 2007|volume=7|issue=6|pages=63–68 |url-status=live |archive-url=https://web.archive.org/web/20230419021029/http://paper.ijcsns.org/07_book/200706/20070610.pdf |archive-date= Apr 19, 2023 }}</ref><ref>{{Cite web |title=Secure Voice Over IP  |url=http://www.sans.org/reading_room/whitepapers/voip/secure_voice_over_ip_322 |website=SANS Institute |first1=Brian |last1=Stringfellow |date=August 15, 2001 |url-status=live |archive-url=https://web.archive.org/web/20230601084811/https://www.sans.org/white-papers/322/ |archive-date= Jun 1, 2023 }}</ref><ref>{{cite book|last=White|first=C.M.|author2=Teague, K.A.|author3=Daniel, E.J.|title=Conference Record of the Thirty-Eighth Asilomar Conference on Signals, Systems and Computers, 2004 |chapter=Packet loss concealment in a secure voice over IP environment |date=Nov 7–10, 2004|volume=1|pages=415–419|doi=10.1109/ACSSC.2004.1399165|chapter-url=http://www.clsp.jhu.edu/~cwhite/papers/asilo_04_LossConceal_final.pdf|isbn=978-0-7803-8622-8|citeseerx=10.1.1.219.633|s2cid=402760|access-date=June 12, 2009|archive-date=May 17, 2006|archive-url=https://web.archive.org/web/20060517201314/http://www.clsp.jhu.edu/~cwhite/papers/asilo_04_LossConceal_final.pdf|url-status=dead}}</ref><ref>{{cite web|url=http://www.networkworld.com/news/2009/041609-cellcrypt-secure-voip-heading-to.html|work=Networkworld.com|title=Cellcrypt secure VOIP heading to BlackBerry|access-date=June 12, 2009|archive-date=April 24, 2009|archive-url=https://web.archive.org/web/20090424030128/http://www.networkworld.com/news/2009/041609-cellcrypt-secure-voip-heading-to.html|url-status=dead}}</ref> Public Secure VoIP is also available with free GNU software and in many popular commercial VoIP programs via libraries, such as ZRTP.<ref>{{cite web|url=http://www.freesoftwaremagazine.com/columns/secure_voip_calling_free_software_right_to_privacy|work=Free Software Magazine|title=Secure VOIP calling, free software, and the right to privacy}}</ref>

In June 2021, the [[National Security Agency]] (NSA) released comprehensive documents describing the four attack planes of a communications system – the network, perimeter, session controllers and [[Communication endpoint|endpoints]] – and explaining security risks and mitigation techniques for each of them.<ref>{{Cite web |title=NSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Systems |url=https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2661746/nsa-releases-guidance-on-securing-unified-communications-and-voice-and-video-ov |access-date=2022-09-26 |website=National Security Agency/Central Security Service |language=en-US}}</ref><ref>{{Cite web |title=Deploying Secure Unified Communications/Voice and Video over IP Systems |url=https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF |access-date=27 September 2023 |website=media.defense.gov}}</ref>