Due to the general architecture of Internet Telephony a protection concept to avoid spam over Internet Telephony is necessary.
A common misconception is that VoIP systems are more vulnerable to receiving SPIT than non-VoIP systems, but this is not true. SPIT leverages VoIP on the sending side, not the receiving side, because VoIP allows SPIT senders to “power-spam” any telephone number including POTS destinations.
The current best practice for preventing SPIT in a VoIP system is to enforce device authentication and authorization of user endpoint devices, and to provide limiting of excessive call traffic from a single source. Lotus Sametime Unified Telephony provides multiple layers of defense against SPIT. SIP phones (optiPoint and OpenStage) provides for IEEE 802.1x layer-2 authentication to the customer's network, which allows an 802.1x-capable LAN switch to enforce an access control policy against the device. The Lotus Sametime Unified Telephony system then applies SIP Digest Authentication to prevent against registration hacking, malicious impersonation and unauthorized access to the telephone environment. Lotus Sametime Unified Telephony also supports built-in traffic rate monitoring and limiting to protect against a single source from generating excessive call traffic. Furthermore, Lotus Sametime Unified Telephony employs network-based calling party identification (P-Asserted ID) to prevent against caller ID spoofing, so that the called user can positively identify the caller.
Parent topic: Defending DOS (Denial of Service) Attacks