The Session Initiation Protocol (SIP), is an application level signaling protocol for setting up, modifying, and terminating real-time sessions between participants over an IP data network. Fifth Main Bank can use SIP technology to support any type of single-media or multi-media session, including teleconferencing. The key driving force behind SIP technology is to enable Internet telephony, also referred to as Voice over IP (VoIP.) Using Real-Time Transport Protocol (RTP), Fifth Main Bank can exchange audio, video, or other multimedia content between session participants. There are some concerns that will need to be addressed with implementing a VoIP solution. Routing traffic over the internet is inherently less secure than placing a call over traditional circuit switched networks. The internet is a dangerous place, and packet sniffers can grab unencrypted traffic. To overcome this concern Fifth Main Bank could use Virtual Private Network (VPN) tunnels to connect the remote callers to the office locations.
A second concern that may need to be addressed is gateway security. Gateway security options for VoIP are limited and present some challenges. Fifth Main Bank will need to ensure their firewalls are updated and understand many firewalls actively scan traffic packets as an intrusion detection / prevention system. The packet scanning can affect packet delivery times. A third concern the company will need to address is the possibility of Denial of Service attacks (DoS.) A DoS attack could take down the VoIP telephony system. Without sufficient monitoring, VoIP implementations may leave TCP/UDP ports unnecessarily open. This along with other default services, could create a habitat suitable for a DoS or distributed DoS attacks.
To prevent these attacks Fifth Main Bank will need to ensure that unnecessary ports and services are shut down, and that the network is properly patched for newly discovered vulnerabilities. Fifth Main Bank will need to address several security threats when implementing VoIP. Confidentiality threats will be a major security concern for the bank. Confidentiality threats occur when information can be accessed by unauthorized parties. Leaks of the confidential information of end users private documentation, financial information, security information like password, conversion content, conversion history or pattern, etc. might make attackers’ jobs easier.
Eavesdropping of phone conversations with VoIP increases because of the large number of nodes in the path between two conservation entities. If an attacker compromises any of these nodes, he can access the IP packets flowing through that node. There are many more security concerns the bank will need to address such as unauthorized access attacks, integrity threats, caller identification spoofing, and more. Each security concern has countermeasures that if properly implemented will allow Fifth Main Bank to achieve their long range goals. .