Pro And Cons Of Security Measure Information Technology Essay

Pro And Cons Of protection visor Information Technology EssayThis recreate requires the student exe sawed-offe a limited research found assignment in Net written re larboard certification measure. This work should be a conference style paper. Suggested Topics atomic number 18 given below. However, the work should reflect strong thought and effort. The descriptor will be based on the following factors novelty, depth, correctness, clarity of pre moveation, and effort. Students s spear select any(prenominal) a nonher(prenominal)wise(a) topics relevant to entanglement earnest an early(a)(prenominal) than key outed below with the approval of the staff leader.In this paper student should explain the Security issues relevant to their topics and should crumble any two of the tribute joyrides/measures widely apply to on the whole everywherecome those issues. to a crackinger extent emphasize is given to the analysis of pros and cons of the aegis department measure s followed where a thorough cognition/understanding of the problem and its countermeasures be gained.Introduction vox everywhere meshing Protocol overly known as phonate over IP, IP Telephony or VoIP and it started by a sm entirely company foretelled Vocaltec, Inc in February 1995 from Israel. Joe Hallock, A Brief History of VoIP By that succession, it will be the scratch internet phone softw atomic number 18. Vocaltec aims argon to generate drug user to put ups phone press from one calculator to a nonher computer utilise sound card, mike and speaker. This VoIP softw ar created by Vocaltec only works when both phoner and the receiver charter the same setup softw be installed.VoIP is design for deliver the office communication and multimedia session over the meshwork Protocol and it is as well categorized as one of the internet technology, communication protocol and transmittal technology. In simpler terms, VoIP converts the section augury from your telephone into a digital signal that travels over the Internet. thither be three types of VoIP tools that are commonly used IP Phones, Software VoIP and Mobile and Integrated VoIP. The IP Phones are the almost institutionally established precisely still the least obvious of the VoIP tools. Of all the software VoIP tools that exist, Skype is probably the most easily identifiable.The use of software VoIP has increase during the global recession as many persons, timbreing for ways to cut costs have turned to these tools for giving or inexpensive label or video conferencing applications. Software VoIP stack be only unkept down into three classes or subcategories wind vane Calling, Voice and Video minute pass on and Web Conferencing. Mobile and Integrated VoIP is conscionable another subject of the adaptability of VoIP. VoIP is getable on many smartphones and internet bends so even the users of movable devices that are not phones privy still make calls or ship SMS text capacit ys over 3G or WIFI.2One of the most signifi give the bouncet advantages of VoIP (over a handed-down public switched telephone net profit (PSTN also known as a legacy earningss) is that one brush off make a gigantic distance phone call and bypass the toll charge. This integrated vowelise/ cultivation radical allows large makeups (with the funding to make the transfer from a legacy network to a VoIP network) to carry express applications over their be data networks.VoIP telephone systems are sensitised to attacks as are any internet-committed devices. This meaning that ward-heelers who know about these vulnerabilities ( much(prenominal) as in inviolate passwords) feces form denial-of- value attacks, harvest customer data, record conversations and intermission into vowelize mailboxes.26Another altercate is routing VoIP barter through and through firewalls and network court translators. Private Session frame Controllers are used along with firewalls to change V oIP calls to and from protected networks. For example, Skype uses a trademarked protocol to route calls through other Skype peers on the network, allowing it to traverse isobilateral NATs and firewalls. Other methods to traverse NATs involve using protocols such as beat or ICE.Many consumer VoIP solutions do not sup style encryption, although having a ready phone is ofttimes easier to implement with VoIP than traditional phone positions. As a result, it is relatively escaped to eavesdrop on VoIP calls and even change their content.27 An assaulter with a sheaf sniffer could intercept your VoIP calls if you are not on a desexualize VLAN. However, corporeal security of the switches indoors an first step and the facility security provided by ISPs make packet obtain less of a problem than air intende pilotly foreseen. Further research has shown that tapping into a fiber optic network without detection is difficult if not impossible. This means that once a utter packet is within the internet rachis it is relatively safe from interception.There are able source solutions, such as Wireshark, that facilitate sniffing of VoIP conversations. A modicum of security is afforded by patented auditory sensation codecs in proprietary implementations that are not easily forthcoming for open source applicationscitation call for however, such security through obscurity has not proved effective in other fields.citation required whatever vendors also use compression, which whitethorn make eavesdropping more difficult.citation needed However, real security requires encryption and cryptographic certification which are not widely supported at a consumer level. The animate security standard detain Real-time ictus Protocol (SRTP) and the currentfangled ZRTP protocol are available on Analog Telephone Adapters (ATAs) as hale as conglomerate softphones. It is possible to use IPsec to secure P2P VoIP by using opportunistic encryption. Skype does not use SRTP, exactly uses encryption which is logical to the Skype providercitation needed. In 2005, Skype invited a researcher, Dr turkey cock Berson, to assess the security of the Skype software, and his conclusions are available in a make report.28The Voice VPN solution provides secure express for enterprise VoIP networks by applying IPSec encryption to the digitized contri thation stream. The IAX2 protocol also supports lengthwise AES-256 encryption autochthonously.Traditional enterprise telecommunications networks used to be viewed as relatively secure because you practically needed to be within physical reach to gain access to them. Sure, things identical toll fraud and war dialing were problematic, but those were easily remedied by yearlong or more complicated passwords and other access understands. The age of converged networks has changed that with voice now traveling over IP networks (VoIP). These converged networks inherit all the security weaknesses of the IP protocol (sp oofing, sniffing, denial of service, integrity attacks, and so on). In addition, voice quality and confidentiality are strengthly affected by common data network problems such as worms and viruses. Converged networks also offer an array of cutting vectors for traditional exploits and malware, as each IP endpoint becomes apotential point of network entry.Internet telephony refers to communications services-voice, facsimile machine, SMS, and/or voice-messaging applications-that are transported via the Internet, rather than the public switched telephone network (PSTN). The go involved in originating a VoIP telephone call are signal and media channel setup, digitisation of the elongate voice signal, encoding, packetization, and transmission as Internet Protocol (IP) packets over a packet-switched network. On the receiving side, similar steps (usually in the reverse order) such as reception of the IP packets, decoding of the packets and digital-to-analog conversion reproduce the genuine voice stream.1VoIP systems employ session control protocols to control the set-up and tear-down of calls as well as audio codecs which encode speech allowing transmission over an IP network as digital audio via an audio stream. The codec used is wide-ranging between different implementations of VoIP (and often a range of codecs are used) round implementations rely on narrowband and compressed speech, while others support high fidelity stereo codecs.Technical reviewIn term of security issues, VoIP showdown numerous of issues reported and some of it stand lead into big breathing out to a company. Below are some of the security issues that discuss in this research. value TheftThe most basic thing a cyber-terrorist abide do with your VoIP service is to mistake it. In doing so, the perpetrator can make bleak calls and possibly start off a new VoIP telephony business of his/her own at amazingly cheap ratesjust handle the first criminal who was charged with hacking VoIP 1 . Service theft is relatively easy with VoIP because the Session Initiation Protocol (sip) that is used for authentication in VoIP calls does not use encryption by disregard.Identity TheftC retrogress on the heels of service theft is the risk of identity theft. If someone can steal a service, they have everything else they need to steal the identity of the person(s) using the service. Accounts as basic as utilities and as critical as pecuniary loans are often tied to a specific phone number. If all else fails, the hacker can, at a minimum, gather sig-nificant information about the quarry individual(s) to be able to take the future(a) step towards stealing the persons identity.EavesdroppingOne mogul memorialise when tapping a phone required some serious instruments that needed to be installed at the sound places while at the same time the person bugging the phone would have to make sure that nobody watches him/her in action. This procedure is a lot easier with VoIP. The instru ment might still look like a phone and work like a phone, but tapping this phone is not at all difficult for someone with the right knowhow and tools and the wrong intentions.Hackers today can take control over some(prenominal) VoIP features such as voicemail, call forwarding, caller ID, call forward-ing, calling plan selection, and billing details. Stealing the VoIP service to enable free calls is really much less prof-itable and desirable for hackers. Instead, with businesses increasingly using VoIP, sensitive corporate information is now the target. VoIP packets flow over networks like packets of data that can be sniffed just like regular data pack-ets. These packets can then be merged together to play the voice conversation in a normal media player software. Mix VoIP hacking with corporate espionage and you end up with a very lucky and enabled hacker.VishingVishing is the criminal practice of using social applied science over the telephone system, most often using features fa cilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward.What if you were to receive a call from your bank or your reference point card company that had an automated voice at the other end asking you to enter your debit/credit card number, PIN, and other details? Chances are you might comply with the request. let out still, if you were the person making the call to your phone banking number then these chances are rattling quite high considering the fact that you were the person making the call.In both these cases, a Vishing attack could have been launched using VoIP that could lead you to guess that youre calling an entity that you trust. Specifically in the second case, redirecting your call to a Visher would actually be much easier if you use a VoIP based phone.Denial of ServiceOne VoIP hacking method that can cause significant frustration and losings to businesses is the Denial of Servi ce. As the name suggests, the main aim of the hacker is to procure that your organization is denied the usage of your VoIP telephony service.Voice calls made by an organization can be finagled, tampered, and even dropped. Hackers can even flood the target VoIP understructure with several call-signaling sip messages. Many times, these DoS attacks are actually a smokescreen for hackers to plant malware or even take control of systems in the background.Spyware and MalwareVoIP fundament rests on the same architecture as a normal computer system. Essentially, the issues that a normal computer system can face are quite applicable to VoIP infrastructures as well. Top of the list is spyware and malware. Consider the example of a software application that is used to enable VoIP telephony.A user would have to run this software over a computer, a PDA, an iPhone, or such. This introduces the vulnerabil-ity of falling prey to viruses, spyware, malware, worms, and just about all forms of malic ious code.SPAMSpam exists with VoIP, although it is known as SPIT or Spam over Internet Telephony. mend more typically just an annoyance, SPIT does at times carry viruses and malware, just like spam. While the occurrence of SPIT is not very common today, trends definitely place that SPIT is heading in the direction of SPAM.VoIP telephone systems are susceptible to attacks as are any internet-connected devices. This means that hackers who know about these vulnerabilities (such as insecure passwords) can institute denial-of-service attacks, harvest customer data, record conversations and break into voice mailboxes.26Another altercate is routing VoIP traffic through firewalls and network address translators. Private Session Border Controllers are used along with firewalls to enable VoIP calls to and from protected networks. For example, Skype uses a proprietary protocol to route calls through other Skype peers on the network, allowing it to traverse symmetric NATs and firewalls. Othe r methods to traverse NATs involve using protocols such as STUN or ICE.Many consumer VoIP solutions do not support encryption, although having a secure phone is much easier to implement with VoIP than traditional phone lines. As a result, it is relatively easy to eavesdrop on VoIP calls and even change their content.27 An attacker with a packet sniffer could intercept your VoIP calls if you are not on a secure VLAN. However, physical security of the switches within an enterprise and the facility security provided by ISPs make packet capture less of a problem than originally foreseen. Further research has shown that tapping into a fiber optic network without detection is difficult if not impossible. This means that once a voice packet is within the internet backbone it is relatively safe from interception.There are open source solutions, such as Wireshark, that facilitate sniffing of VoIP conversations. A modicum of security is afforded by patented audio codecs in proprietary impleme ntations that are not easily available for open source applicationscitation needed however, such security through obscurity has not proven effective in other fields.citation needed Some vendors also use compression, which may make eavesdropping more difficult.citation needed However, real security requires encryption and cryptographic authentication which are not widely supported at a consumer level. The existing security standard absolute Real-time Transport Protocol (SRTP) and the new ZRTP protocol are available on Analog Telephone Adapters (ATAs) as well as various softphones. It is possible to use IPsec to secure P2P VoIP by using opportunistic encryption. Skype does not use SRTP, but uses encryption which is transparent to the Skype providercitation needed. In 2005, Skype invited a researcher, Dr Tom Berson, to assess the security of the Skype software, and his conclusions are available in a published report.28The Voice VPN solution provides secure voice for enterprise VoIP ne tworks by applying IPSec encryption to the digitized voice stream. The IAX2 protocol also supports end-to-end AES-256 encryption natively.Securing VoIPTo prevent the above security concerns government and military organizations are using Voice over Secure IP (VoSIP), Secure Voice over IP (SVoIP), and Secure Voice over Secure IP (SVoSIP) to protect confidential and classified VoIP communications.29 Secure Voice over IP is accomplished by encrypting VoIP with Type 1 encryption. Secure Voice over Secure IP is accomplished by using Type 1 encryption on a classified network, like SIPRNet.3031323334 Public Secure VoIP is also available with free GNU programs.35edit ships company IDCaller ID support among VoIP providers varies, although the majority of VoIP providers now offer full Caller ID with name on extrovertive calls.In a few cases, VoIP providers may allow a caller to spoof the Caller ID information, potentially making calls appear as though they are from a number that does not be long to the caller36 Business grade VoIP equipment and software often makes it easy to modify caller ID information. Although this can provide many businesses great flexibility, it is also open to abuse.The Truth in Caller ID Act has been in preparation in the US Congress since 2006, but as of January 2009 still has not been enacted. This bill proposes to make it a offence in the United States to knowingly transmit misleading or wide caller identification information with the intent to defraud, cause harm, or wrong to the full obtain anything of value 37editCompatibility with traditional analog telephone setsSome analog telephone adapters do not decode pulse dialing from older phones. They may only work with push-button telephones using the touch-tone system. The VoIP user may use a pulse-to-tone converter, if needed.38editFax handlingSupport for sending facsimile machinees over VoIP implementations is still limited. The existing voice codecs are not intentional for telefax tran smission they are designed to digitize an analog representation of a human voice efficiently. However, the inefficiency of digitizing an analog representation (modem signal) of a digital representation (a document image) of analog data (an original document) more than negates any bandwidth advantage of VoIP. In other words, the fax sounds simply do not fit in the VoIP channel. An alternative IP-based solution for delivering fax-over-IP called T.38 is available.The T.38 protocol is designed to compensate for the differences between traditional packet-less communications over analog lines and packet based transmissions which are the basis for IP communications. The fax machine could be a traditional fax machine connected to the PSTN, or an ATA box (or similar). It could be a fax machine with an RJ-45 conjunction plugged straight into an IP network, or it could be a computer pretending to be a fax machine.39 Originally, T.38 was designed to use UDP and transmission control protocol tr ansmission methods across an IP network. TCP is better suited for use between two IP devices. However, older fax machines, connected to an analog system, benefit from UDP near real time characteristics collectable to the no recovery ascertain when a UDP packet is lost or an error occurs during transmission.40 UDP transmissions are like as they do not require testing for dropped packets and as such since each T.38 packet transmission includes a majority of the data sent in the prior packet, a T.38 termination point has a higher(prenominal) degree of success in re-assembling the fax transmission back into its original form for interpretation by the end device. This in an attempt to traverse the obstacles of simulating real time transmissions using packet based protocol.41There have been updated versions of T.30 to resolve the fax over IP issues, which is the core fax protocol. Some newer high end fax machines have T.38 built-in capabilities which allow the user to plug right into the network and transmit/receive faxes in native T.38 like the Ricoh 4410NF Fax Machine.42 A unique feature of T.38 is that each packet contains a portion of the main data sent in the preliminary packet. With T.38, two successive lost packets are needed to actually lose any data. The data you lose will only be a delicate piece, but with the right settings and error correction mode, there is an increase likelihood that you will receive enough of the transmission to satisfy the requirements of the fax machine for output of the sent document.editSupport for other telephony devicesAnother challenge for VoIP implementations is the proper handling of outgoing calls from other telephony devices such as Digital Video RecordersDVR boxes, satellite television receivers, alarm systems, conventional modems and other similar devices that depend on access to a PSTN telephone line for some or all of their functionality.These types of calls sometimes complete without any problems, but in other ca ses they fail. If VoIP and cellular substitution becomes very popular, some ancillary equipment makers may be forced to redesign equipment, because it would no longer be possible to assume a conventional PSTN telephone line would be available in consumers homes.Improving Your VoIPThe key to securing a VoIP infrastructure is to remember that it involves sending voice over the Internet Protocol (IP). So, the way to secure it is quite similar to the way you deal with an IP data network. here are the key aspects to keep in thinker when securing a VoIP infrastructure EncryptionVoIP packets, by default, are transmitted in clear-text and so encryption is vital to ensure confidentiality. VoIP in-frastructures based on Secure Real-time Transport Protocol (SRTP) take a step ahead of the unencrypted SIP and en-sure that VoIP traffic privacy and confidentiality is maintained. Alternatively, encryption in the form of Transport Layer Security (TLS) or Internet Protocol Security (IPSec) can als o make a great difference.Network DesignA basic shape of thumb to remember is to logically separate voice and data networks. The crush case scenario would be to let the VoIP infrastructure have its own disjointed network with only the minimum necessary interactions with other sub-networks via secure firewalls. Having use VoIP servers with audited and hardened operating systems and all unnecessary services disabled is the next step to fortifying your VoIP infrastructure.Soft PhonesSoft phones add to an administrators misery by religious offering another end point that needs to be secured. The ideal solu-tion is to annul using Soft phones altogether.If they must be used, ensure that they are fully hardened and patched at all times. While it adds an additional bur-den, it is suddenly paramount to the security of the VoIP infrastructure.Hard PhonesHard phones offer a great alternative to soft phones, especially when coupled with private branch swap (PBX) systems running on a har dened and, preferably, dedicated server. Periodic checks and updates are essential to ensure that the IP-PBX and IP Phone firmware is fully patched. forcible SecurityThis is an often under dry landd aspect of VoIP security. While an organization can spend countless hours and resources securing the medium of transmission, it is critical to also ensure the physical security of the enabling infrastructure components like the hard phones, the VoIP servers, and any other device that directly or indirectly supports the VoIP infrastructure. Physical security can become the Achilles heel of your VoIP infrastructure if it is not respected.Defaults and PasswordsMore often than not, default passwords and settings are not secure. These defaults are created with a generic scenario in mind and will most likely not fit the requirements and customization that your organization demands. It is impor-tant to knock back all default passwords with strong passwords that are at least octette characters long, and employ a com-bination of uppercase letters, lowercase letters, numbers, and special characters. This should be further bolstered by good password policies and robust identity management.Voice Messaging Systems and StorageOne typical area that is easy to miss is the security of calls that are stored on voice messaging systems. Ensure that the voice message boxes of all users require that the password be changed each time the service is used. It might cause a bit of inconvenience, but it will also offer a mile of improved security. It is also important to secure the storage of voice messages by make outing periodic checks and audits to look for exploitable holes. vulnerability AssessmentsLast, but most important, a periodic vulnerability assessment of the VoIP infrastructure can ensure that no holes have emerged due to the ever-changing nature of business requirements and the networks that support them. Inde-pendent audits can often provide useful insights into the state o f the VoIP infrastructure and serve as an additional piece of evidence of due diligence in the regulatory compliance armory.Make VoIP Work For YouVoIP has really been a genuine money saver for businesses all over the institution and the world is a smaller place, in part thanks to VoIP technology. The security issues around VoIP are serious and very real. However, taking the right steps and countermeasures can truly help your organization make the most of VoIP.The Internet is like alcohol in some sense. It accentuates what you would do anyway. If you want to be a loner, you can be more alone. If you want to connect, it makes it easier to connect.Research methodologySecondary resources such as journal, white paper and thesis are being use in this research to analyze and further necessitate in order to produce this research.EvaluationVoIP Sniffing beamsVoIP Scanning and Enumeration machinesVoIP Fuzzing ToolsVoIP Sniffing ToolsAuthTool Tool that attempts to determine the password of a user by analyzing SIP traffic.Cain Abel Multi-purpose tool with the capability to reconstruct RTP media calls.CommView VoIP analyzer VoIP analysis module for CommView that is suited for real-time capturing and analyzing Internet telephony (VoIP) events, such as call flow, signaling sessions, registrations, media streams, errors, and so onEtherpeek general purpose VoIP and general ethernet sniffer.ILTY (Im Listening To You) Open-source, multi-channel SKINNY sniffer.NetDude A example for inspection, analysis and manipulation of tcpdump trace files.Oreka Oreka is a modular and cross-platform system for record and retrieval of audio streams.PSIPDump psipdump is a tool for dumping SIP sessions (+RTP traffic, if available) from pcap to phonograph record in a fashion similar to tcpdump -w.rtpBreak rtpBreak detects, reconstructs and analyzes any RTP session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protoco l. In particular, it doesnt require the presence of RTCP packets.SIPomatic SIP listener thats part of LinPhoneSIPv6 Analyzer An Analyzer for SIP and IPv6.UCSniff UCSniff is an assessment tool that allows users to rapidly test for the nemesis of unauthorized VoIP eavesdropping. UCSniff supports SIP and Skinny signaling, G.711-ulaw and G.722 codecs, and a MITM ARP Poisoning mode.VoiPong VoIPong is a improvement which detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to separate wave files. It supports SIP, H323, ciscos Skinny customer Protocol, RTP and RTCP.VoIPong ISO Bootable Bootable Live-CD disc version of VoIPong.VOMIT The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players.Wireshark Formerly Ethereal, the premier multi-platform network traffic analyzer.WIST Web Interface for SIP Trace a PHP Web Interface that permits you to connect on a remote host/port and capture/filter a SIP dialog.VoIP Scanning and Enumeration ToolsEnableSecurity VoIPPack for public opinion poll VoIPPack is a set of tools that are designed to work with Immunity CANVAS. The tools perform scans, enumeration, and password attacks.enumIAX An IAX2 (Asterisk) login enumerator using REGREQ messages.iaxscan iaxscan is a Python based scanner for catching live IAX/2 hosts and then enumerating (by bruteforce) users on those hosts.iWar IAX2 protocol WardialerNessus The premier free network vulnerability scanner.nmap the premier open source network port scanner.Passive Vulnerability image scanner The Tenable Passive Vulnerability Scanner (PVS) can find out what is happening on your network without actively scan it. PVS detects the actual protocol, various administrative interfaces, and VoIP scanner(s). Currently includes over 40 VoIP checks.SCTPScan This tool enumerates open SCTP ports without establishing a full SCTP association with the remote host. You can also scan whole networks to find SCTP-speaking machines.SIP Forum block out Framework (SFTF) The SIP Forum Test Framework (SFTF) was created to allow SIP device vendors to test their devices for common errors.SIP-Scan A fast SIP network scannerSIPcrack SIPcrack is a SIP protocol login cracker. It contains 2 programs, SIPdump to sniff SIP logins over the network and SIPcrack to bruteforce the passwords of the sniffed login.Sipflanker Sipflanker will help you find SIP devices with potentially vulnerable Web GUIs in your network.SIPSCAN SIPSCAN is a SIP username enumerator that uses INVITE, REGISTER, and OPTIONS methods.SIPVicious Tool Suite svmap, svwar, svcrack svmap is a sip scanner. It lists SIP devices found on an IP range. svwar identifies active extensions on a PBX. svcrack is an online password cracker for SIP PBXSiVuS A SIP Vulnerability Scanner.SMAP SIP Stack Fingerprinting ScannerVLANping VLANPing is a network pinging utility that can work with a VLAN tag. VoIPAudit VoIP specific scanning and vulnerability scanner.VoIP Fuzzing ToolsAsteroid this is a set of distorted SIP methods (INVITE, CANCEL, BYE, etc.) that can be crafted to send to any phone or proxy.Codenomicon VoIP Fuzzers Commercial versions of the free PROTOS toolsetFuzzy Packet Fuzzy packet is a tool to manipulate messages through the injection, capturing, receiving or sending of packets generated over a network. Can hairs-breadth RTP and includes built-in ARP poisoner.Interstate Fuzzer VoIP FuzzerMu Dynamics VoIP, IPTV, IMS Fuzzing Platform Fuzzing appliance for SIP, Diameter, H.323 and MGCP protocols.ohrwurm ohrwurm is a small and simple RTP fuzzer.PROTOS H.323 Fuzzer a java tool that sends a set of malformed H.323 messages designed by the University of OULU in Finland.PROTOS SIP Fuzzer a java tool that sends a set of malformed SIP messages designed by the University of OULU in Finland.SIP Forum Test Framework (SFTF) SFTF was created to allow SIP device vendors to test their devices for common errors. And as a result of these tests improve the interoperability of the devices on the market in general.Sip-Proxy Acts as a proxy between a VoIP UserAgent and a VoIP PBX. Exchanged SIP messages pass through the application and can be recorded, manipulated, or fuzzed.Spirent ThreatEx a commercial protocol fuzzer and ribustness tester.VoIPER VoIPER is a security toolkit that aims to allow developers and security researchers to easily, extensively and automatically test VoIP devices for security vulnerabilties.Differences in how security countermeasures are appliedDiscussionThe Advantages and Disadvantages of VoIPVoIP has many advantages over a regular phone service. However, like any emerging technology, there are still a few kinks in the system. However, as standards are certain it becomes more reliab