Voice over IP (VoIP) can be a complex subject. Network security professionals may find the terminology foreign, and VoIP vulnerabilities are often misunderstood. This paper provides an overview of the H.323 protocol suite, its known vulnerabilities, and then suggests twenty rules for securing an H.323-based network.
The primary components of an H.323 network include: endpoints, gateways, gatekeepers, and MCUs (Multipoint Control Units). Endpoints (telephones, softphones, IVRs, voicemail, video cameras. etc.) are the devices typically used by end-users in the normal use of the system. Gateways (gateways and controllers) handle signaling and media transport, and typically serve as the interface to other types of networks such as ISDN, PSTN and or other H.323 systems. Gateways which focus primarily on converting between IP and other forms of media (such as PSTN) are termed Media Gateways. Gatekeepers are the logical entity with which endpoints register and are administered. They also manage call setup, teardown, and status and can assist in address resolution. MCUs are designed to support multi-party conferencing.