An exclusive gaming industry community targeted
to, and designed for Professionals, Businesses
and Students in the sectors and industries
of Gaming, New Media and the Web, all closely
related with it's Business and Industry.
A Rich content driven service including articles,
contributed discussion, news, reviews, networking, downloads,
and debate.
We strive to cater for cultural influencers,
technology decision makers, early adopters and business leaders in the gaming industry.
A medium to share your or contribute your ideas,
experiences, questions and point of view or network
with other colleagues here at iVirtua Community.
I saw this over at techrepublic blogs
http://blogs.techrepublic.com.com/security/?p=252
Quotes below are from the above article.
One of the most well-known VoIP hacking tools is VOMIT, which stands for Voice Over Misconfigured Internet Telephones. But it doesn’t actually capture the VoIP packets. For that, you’ll need a “sniffer” program (such as Ethereal/Wireshark ( http://www.wireshark.org/ ) or Angst ( http://freshmeat.net/projects/angst )) or “dumping” tools such as pcapsipdump ( http://sourceforge.net/projects/psipdump ).
Another popular VoIP hacking utility is VoIPong ( http://oreka.sourceforge.net/ ). This tool detects VoIP calls on a network and creates .wav files of conversations.
Quote:
Like VOMIT, VoIPong runs on Linux and other UNIX-based operating systems. But it processes VoIP packets regardless of the VoIP protocol, so you can use it to hack SIP and H.323 VoIP transmissions as well as Cisco’s Skinny-based ones. VoIPong is open source software freely distributed under the GNU General Public License.
is a popular sniffer that can capture and crack passwords; it captures many types of traffic along with VoIP calls. It extracts audio conversations that use the SIP and RTP protocols and supports a number of different codecs, including G711, GSM, DVI, LPC, and many more.
So to prevent the use of those tools....
Keep the VoIP network separate from the data network. Although this does negate some advantages of VoIP — such as simplified administration through convergence — it also provides a smaller attack surface and exposes the VoIP network to fewer threats.
You can use virtual LAN (VLAN) technology to create a logical separation if you don’t want to go with a full-fledged physical separation.
Use authentication to ensure that those connecting to the VoIP network from the outside are really who they purport to be.
Use encryption so that if hackers manage to capture VoIP packets, they won’t be able to easily decipher them.
Use VoIP-aware firewalls and an intrusion detection system/intrusion prevention system (IDS/IPS).
Yes. When you call another Skype user your call is encrypted with strong encryption algorithms ensuring you privacy. In some cases your Skype communication may be routed via other users in the peer-to-peer network. Skype encryption protects you from potential eavesdropping from malicious users.
Why are Skype calls encrypted?
Skype is encrypted end-to-end because it uses the public Internet to transport your voice calls and text messages and sometimes these calls are routed through other peers. Skype encryption ensures that no other party can eavesdrop on your call or read your instant messages.
What type of encryption is used?
Skype uses AES (Advanced Encryption Standard) – also known as Rijndael – which is also used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.