Abstract
The paper aims at gathering information about attacks from real internet infrastructure and their analysis. For this purpose, we prepared a set of honeypots monitoring various aspects of VoIP infrastructure including SIP endpoint and SSH terminal emulation. SIP endpoints are registered with real SIP registrar and the incoming calls are routed to a honeypot according the rules in dialplan. The honeypot gathers valuable data about hacker's activity with no threat to production systems. Analysis of the honeypot data is crucial for further improvement of existing security mechanisms in VoIP networks. The paper describes the honeypot's behaviour and brings an analysis of a detected malicious activity as well.
Highlights
The paper describes the use of honeypots in a VoIP infrastructure
The question is how do we find the system’s bottleneck? Each of us needs to turn into a hacker in his own system to find system weaknesses. This gives a better understanding of the whole infrastructure, the number of security holes found depends on the skills of security auditor
The main goal of this article is to test the honeypot functionality and analyse gathered data. Another goal is to consider its deploying in our real IP telephony infrastructure
Summary
The paper describes the use of honeypots in a VoIP infrastructure These systems become increasingly necessary as the number of IP-based telephony solutions rises. Most large companies today rely on some kind of IP telephony in their internal communication. This situation only induces greater hacker interest in these services. The basic rule is to keep all systems and their versions up to date, with at least access policies properly set and encryption of all crucial data This is not always possible in VoIP systems. Each of us needs to turn into a hacker in his own system to find system weaknesses This gives a better understanding of the whole infrastructure, the number of security holes found depends on the skills of security auditor. Even if the auditor fixes all existing weaknesses there can still be security holes which can be exploited by either a foreign or inner attacker
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Communications - Scientific letters of the University of Zilina
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.