http://www.whitedust.net/article/30/VoIP%20Security:%20Uncovered/
VoIP Security: Uncovered
By Mark Anderson (Tue, 26 Jul 2005 18:56:42 +0100)
VoIP, short for Voice Over IP, is an umbrella term used for thesoftware,the
hardware devices and the networking protocols that allowusers to make
telephone calls over a computer network, or over theinternet.
For some more introductory information about VoIP - click here
(http://www.voip-info.org/tiki-index.php).
There seems little doubt amongst industry experts, that VoIP usage willonly
grow over the next five to ten years. All public estimates put thegrowth
ofthe VoIP market in the billions over the coming decade.
Considerating the stability and reliability of the tradional
telephonynetworks - a product of decades of work - it seems fool hardy
toreplace it. But the main selling point of VoIP is the low cost, so
it'sroll out is most likely inevidable.
Needless to say, the majority of your long distance calls are already
handled as VoIP traffic.
Of particular relevence to most is the security of the new VoIP networks
that are beginning to spring up. This article will attempt tocover all the
most pressing security concerns regarding VoIP and it'simplementation.
Security Through Obscurity
The most obvious security issue with VoIP is the issue ofavailability, with
regards software, protocols and devices. Access tothis kind of telecom
information is rather rare and at times quiteimpossible. Security through
obscurity may be an unfavourable idea inthe IT security arena, but it has
proved very effective for telecomeproviders over the last 50 years. IP
networks are easily accessible,and receive a much higher amount of unwanted
attention that any phonenetwork ever has. This tends to make IP networks
into 'soft targets'.
Learning From The Past: PSTN
Back in the early 70's public knowledge about the traditional phonenetwork
was sparse. The telcos maintained a high degree of securitythrough
obscurity. But hobbiests (later to be called pheakers) werelearning slowly
and sharing information.
At the time, telephone voice and signaling data were transmitted acrossthe
same wires. This fact was used to lever open the telco systems aspeople
(CaptainCrunch) began to play prerecorded signalling tonesthrough their
telephone handsets to take control of telecom trucklines using everything
from plastic toy whistles to complex electronicboxs (see: red box, bluebox,
brown box, etc). Soon enough, the telco'slearned about the vulnerability
and some frantic redesigning of theproprietary protocols started.
Now days, for security reasons, all modern phone networks (PSTN:
PublicSwitching Telepone Network) seperate voice and data to
physicallyindividual network loops. This means thataccess toa telephone
does notpermit access to the signaling data. Duetothefact that VoIP sends
bothvoice and signaling data across the same network makes it a much
largertarget for hackers and pheakers.
The PSTN design facilitates physical security as the majority
ofintelligence is centrally located. Whereas with VoIP, the
intelligenceresides at the end points, either with a VoIP handset or the
soft phonesoftware.
Resiliance
When a call is placed across the PSTN, a single trunk line is setup
andbecomes dedicated to that phone call. This type of dedicated
switchingprovides a very high degree of resilience. VoIP traffic, on the
otherhand, must pass through (in most cases) several different
networkscontrolled by several distinct organizations. Certainly any
trafficbeing sent across the open Internet will have several hops
beforereaching it's destination. As Quality Of Service (QoS) cannot
beguaranteed a cross physically seperate networks, the stability andindeed
quality of VoIP calls can be easily distrupted.
While VoIP protocols attempt to smooth out problems such as audio delayor
jitter,they are certainly no match against very the most redumentaryDoS tools.
'Unacceptable speech quality is an availability problem, which jeopardizes
the critical infrastructure tag IP telephony has.'
-Ofir Arkin, Sys-Security Group
As VoIP must share network space with tradional IP and as it actuallysits
ontop of the IP protocol, it is inherently linked with thevulnerabilities
of the IP protocol. VoIP protocols by their nature areheavily time
dependant, any attempted denial of service is likely tohave a highdegree of
success.
TCP/IP Insecurity
The fact that VoIP operates across standard networks makes itvulnerable to
all manner of IP hacking - including man in the middleattacks, sniffing,
session hijacking, etc. Eaves dropping on callsignaling packets exchanged
between VoIP servers/routers and softphones may expose to attackers
valuable networking data such as useridentities or VoIP phone numbers. This
could allow an attacker to stealthe identity of the original caller.
If no traffic encryption is in place, an attacker could easily log theVoIP
traffic and relay (or evenresend) the voice data at a later date.Possibly
after doctoring it. Encrypting VoIP traffic can alliviate somerisk, and has
now been written in the protocol revisions. Of course,encyption is still a
luxury in the world of VoIP as the additionalcycles needed can of ten
affect audio quality. And where possible,encryption will always be turned
off by users infavour of call clarity.
You could consider segmenting standard network traffic from VOIPtraffic
using a virtual LAN. This can limit the threat posed bysniffing tools and
the like. VLANs can of course, also affect callquality especially across
the open internet.
The Weakest Link
Any system will be vulnerable to the architecture it's built on.This is
true ofVoIP traffic using the IP protocol, and is also true ofVoIP devices
running on top of vulnerable OS's. For instance, the CiscoCall Manager is
typically installed on Windows 2000 and the Avaya CallManager on Linux,
which means those products are vulnerable toallWindows and Linux exploits.
Originally email was trusted byallwho used it. Then it became a badidea to
open unexpected attachments. Next it became dangerous to evenopen email
from an unknowns ource. VoIP insecurity will most likelyprogress to the
point where answering an incoming call could infectyour OS with a VoIP
enabled virus.
Voice Spam
The ability to place free phone calls over IP networks willbecome automated
(soonerrather than later). This will faciliate voicespam. The medium of
email has become essentially useless for importantcommunication, due to
viruses and spammers. Unless appropriatemeasuresare developed into the core
of VoIP at this early stage, theseplagues will spread to infect the new
voice/data networks that willemerge.
VoiceSpam has already coined it's own acronym - SPIT (Spam overInternet
Telephony). And SPIT will become an issue because VoIP lacksthe inbuilt
authentication that are required to fend off such simpleattacks. This point
harks back to 'learning from the past'.
Specific Attacks
Of course, on top of the insecurities present in the design
andimplementation of VoIP networks, there are individual
vulnerabilitiespresent in VoIP devices and software.
* A model of Avaya IP phone can be rendered unstable by bombarding it
with specific IP traffic.
* Alcatel,Avaya and Cisco phones arereportedlyvulnerable to a DoS that
can betriggered by sending fragmented UDPpackets, and TCP ACK flood.
* Anydenialof service vulnerability in theunderlying Cisco IOS running
on a Gateway device could potentially beexploited to disrupt the VoIP
network. There is a variety of knowndenial of service vulnerabilitie sand
corresponding public exploits forCisco IOS.
* Inarecent test, valuable information was gatheredfrom an Avaya IP
phoneby using SNMP queries with the "public" communityname.
These are just some of the already known vulnerabilities,
experiencesuggests there are plenty more vulnerabilities in VoIP devices
andsoftware waiting to be discovered.
Somebody Call 911
Companies have learnt to accept that occasionally IP networks godown, but
heads still roll every time they do. When phone networks godown, company
executives want blood. Telephone access is certainly apart of any companies
critical infrastructure. But unlike standardtelephone systems, VoIP is
dependant both on internet access and alsoon thepower supply.
Telephones still ring in a black out (unless you use a PBX), but
inemergency situations when power goes down VoIP systems will also
fail.This of course, means that will the standard telephone networks
canroute emergency 911/999 calls - VoIP networks cannot.
Conclusion: Security Is A Process
Security for VoIP must be end-to-end. The security of theoriginating system
must be as secure as the routers and servers thatthe call must pass
through. Authentication, tunnelling, trust zones,firewalls and others
ecurity precautions can help but as discussed canalso hinder.
Ultimately I think we have the experience to hopefully learn from
themistakes ofthe past, but most likely will not. VoIP is coming, now isthe
time to worry about it's security, not after it has becomewidespread. But
do weever learn?
Further Reading
http://www.sans.org/rr/whitepapers/telephone/318.php
http://www.sys-security.net/index.php?page=voip
http://www.voipsa.org/
http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf
---
You are currently subscribed to telecom-cities as: archive@mail-archive.com
To unsubscribe send a blank email to [EMAIL PROTECTED]
To set DIGEST mode and only receive one list message per day with all the daily
traffic, please visit the list website at
http://www.informationcity.org/telecom-cities
