VoIP : a corporate governance approach to avoid the risk of civil liability
- Authors: Gerber, Tian Johannes
- Date: 2012
- Subjects: Internet telephony -- Security measures , Telecommunication policy -- South Africa , Computer network protocols -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9812 , http://hdl.handle.net/10948/d1016272
- Description: Since the deregulation of Voice over Internet Protocol (VoIP) in 2005, many South African organizations are now attempting to leverage its cost saving and competitive values. However, it has been recently cited that VoIP is one of the greatest new risks to organizations and this risk is cited to increase Information Security insurance premiums in the near future. Due to the dynamic nature of the VoIP technology, regulatory and legislative concerns such as lawful interception of communications and privacy may also contribute to business risk. In order to leverage value from the VoIP implementation, an organization should implement the technology with knowledge of the potential risk of civil liability. This is further highlighted by the King III Report which indicates that the Directors of an organization should be ultimately responsible for Corporate Governance and, therefore, IT Governance and Information Security Governance. The report goes further to say that any newly implemented technology, such as VoIP, should comply with all South African legislation and regulations. This responsibility encourages the practice of both due care and due diligence. However, recent trends exercised by Information Security professionals, responsible for drafting Information Security policies and related procedures, often neglect the regulatory requirements and choose to only implement international best practices with no consideration of the risk of civil liability. Although these best practice frameworks may inadvertently comply with existing local legislation, a chance of an oversight is possible. Oversights may not only result in criminal sanctions, but also civil action due to losses or damages suffered. With regard to implementing VoIP, good Corporate Governance could potentially be ensured through the use of both identified regulations and relevant international best practices. This dissertation aims to aid organizations in avoiding or at least mitigating the risk of civil liability to better leverage VoIP’s value, through good Corporate Governance practices. This should aid in the exercise of due care and due diligence when implementing VoIP as a means of conducting business communication.
- Full Text:
- Date Issued: 2012
Securing media streams in an Asterisk-based environment and evaluating the resulting performance cost
- Authors: Clayton, Bradley
- Date: 2007 , 2007-01-08
- Subjects: Asterisk (Computer file) , Computer networks -- Security measures , Internet telephony -- Security measures
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4647 , http://hdl.handle.net/10962/d1006606 , Asterisk (Computer file) , Computer networks -- Security measures , Internet telephony -- Security measures
- Description: When adding Confidentiality, Integrity and Availability (CIA) to a multi-user VoIP (Voice over IP) system, performance and quality are at risk. The aim of this study is twofold. Firstly, it describes current methods suitable to secure voice streams within a VoIP system and make them available in an Asterisk-based VoIP environment. (Asterisk is a well established, open-source, TDM/VoIP PBX.) Secondly, this study evaluates the performance cost incurred after implementing each security method within the Asterisk-based system, using a special testbed suite, named DRAPA, which was developed expressly for this study. The three security methods implemented and studied were IPSec (Internet Protocol Security), SRTP (Secure Real-time Transport Protocol), and SIAX2 (Secure Inter-Asterisk eXchange 2 protocol). From the experiments, it was found that bandwidth and CPU usage were significantly affected by the addition of CIA. In ranking the three security methods in terms of these two resources, it was found that SRTP incurs the least bandwidth overhead, followed by SIAX2 and then IPSec. Where CPU utilisation is concerned, it was found that SIAX2 incurs the least overhead, followed by IPSec, and then SRTP.
- Full Text:
- Date Issued: 2007
Securing softswitches from malicious attacks
- Authors: Opie, Jake Weyman
- Date: 2007
- Subjects: Internet telephony -- Security measures , Computer networks -- Security measures , Digital telephone systems , Communication -- Technological innovations , Computer network protocols , TCP/IP (Computer network protocol) , Switching theory
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4683 , http://hdl.handle.net/10962/d1007714 , Internet telephony -- Security measures , Computer networks -- Security measures , Digital telephone systems , Communication -- Technological innovations , Computer network protocols , TCP/IP (Computer network protocol) , Switching theory
- Description: Traditionally, real-time communication, such as voice calls, has run on separate, closed networks. Of all the limitations that these networks had, the ability of malicious attacks to cripple communication was not a crucial one. This situation has changed radically now that real-time communication and data have merged to share the same network. The objective of this project is to investigate the securing of softswitches with functionality similar to Private Branch Exchanges (PBX) from malicious attacks. The focus of the project will be a practical investigation of how to secure ILANGA, an ASTERISK-based system under development at Rhodes University. The practical investigation that focuses on ILANGA is based on performing six varied experiments on the different components of ILANGA. Before the six experiments are performed, basic preliminary security measures and the restrictions placed on the access to the database are discussed. The outcomes of these experiments are discussed and the precise reasons why these attacks were either successful or unsuccessful are given. Suggestions of a theoretical nature on how to defend against the successful attacks are also presented.
- Full Text:
- Date Issued: 2007