VoIP Security regarding the Open Source Software Asterisk

Enterprises and organizations improve their business processes and drop their infrastructure cost by using Voice-over-IP (VoIP) technology. However, security aspects are often neglected. With the increasing merge of application data and speech data within IP networks new challenges arise for overall network and system security. VoIP packets are being transmitted over a shared medium", i.e., via a network which is shared by numerous subscribers with different profiles and for different services. Under certain conditions attackers can sniff data on the communication path and record VoIP conversations. This article will demonstrate existing security risks regarding the VoIP technology and present viable solutions and concepts. In this context VoIP standards will be analyzed with respect to their security mechanisms. Because of its growing prevalence especially the open source VoIP solution Asterisk" will be analyzed and evaluated against typical security requirements.