AS IP TELEPHONY BECOMES
the standard of communications for both business and residential users, understanding and mitigating the security risks associated with it become even more paramount. It is important to understand the various threats and how to mitigate each one.
In their default configurations, many of the IP telephony devices may have a variety of exposed TCP and UDP ports. The default services running on the open ports may be vulnerable to distributed denial-of-service (DDoS) attacks, buffer overflows or weak passwords, which may result in compromised IP telephony devices. If any of the open services are not password-protected or have an easily discernible password, an attacker may gain unauthorized access to that device. The Simple Network Management Protocol (SNMP) services offered by the devices also may be vulnerable to reconnaissance attacks or buffer overflows. Many IP telephony devices are constructed to periodically download a configuration file from a server through Trivial File Transfer Protocol (TFTP) or other mechanisms. An attacker potentially could divert or spoof this connection and trick the device into downloading a malicious configuration file instead.
Fuzzing May Not Be Friendly.
Functional protocol testing also referred to as fuzzing is a technique for finding bugs and other vulnerabilities by creating different types of packets that contain data that pushes that protocols specifications to the point of breaking them.
These specially crafted, anomalous packets are subsequently sent to an application, operating system or hardware device that is capable of processing that protocol. The results are monitored for any abnormal behavior such as a crash or irregular resource consumption. A wide variety of DoS and buffer overflow vulnerability discoveries in vendor implementations of IP telephony products that use H.323 and SIP have already occurred because of functional protocol testing.
Blocking Unwanted Third Parties.
A variety of IP telephonyspecific attacks can be performed at the application level to disrupt or manipulate service. By spoofing his or her identity, an attacker may cause a DoS in SIP-based IP telephony networks by sending a CANCEL or BYE message to either of the communicating parties, ending the call. An attacker also can spoof a SIP response, indicating to the caller that the called party has moved to a rogue SIP address, and hijack the call. Using a tool named VOMIT (voice over misconfigured Internet telephones), an attacker with local access to the IP telephony LAN also may eavesdrop the network traffic and decipher the voice conversations. The attacker may be able to conduct a man-in-the-middle attack and modify the original communication between two parties. That person also could impersonate a valid user/IP phone and use the IP telephony network to make free long-distance calls.
Several techniques exist in order to combat the numerous risks of attack associated with IP telephony. Because of the integration of voice and data in a single network, establishing a secure IP telephony network overlay on an existing or new IP network is a process that requires careful thought to engineering concerns. One procedure is to develop the appropriate IP network architecture that is, separate voice and data on logically different networks via VPN or tagging technology, if feasible. If at all possible, different subnets with separate address blocks ought to be used for voice and data traffic, with separate DHCP servers for each, to simplify the incorporation of intrusion detection. At the voice gateway, which interfaces with the PSTN or other traditional voice networks, strong authentication and access control is required. Strong authentication of IP telephony endpoints and components through access-control mechanisms and policy enforcement is key to creating a secure IP telephony network.
A mechanism to allow IP telephony traffic through firewalls is required depending on which protocols are utilized. For a large amount of IP telephony traffic, a separate add-on to the firewall that can offload IP telephony traffic from the main firewall itself is suggested. While stateful packet filters can track the state of connections and deny packets that are not part of a properly originated call, the benefits may not be realized since components of H.323 call signaling may not be supported. Moreover, if transport layer security (TLS) is used to protect SIP signaling, stateful packet filters may not work. IPsec or secure shell (SSH) ought to be used for any remote management functions.
In an IP telephony environment, physical controls are particularly important and should not be overlooked. Anyone with physical access to the office LAN potentially could connect network-monitoring tools and tap into telephone conversations unless the packetized voice is encrypted. Though conventional telephone lines also can be monitored when physical access is obtained, in most offices, there are many more points to connect with a LAN. Even if encryption is used, physical access to IP telephony servers and gateways could allow an attacker to do traffic analysis.
Just as a well-run security policy is required in any IT infrastructure today, up-to-date policies for IP telephony are a required component in any VoIP project deployment. Which specific tools and techniques will prove to be the best deterrent for security issues that threaten IP telephony only can be discovered over time given that every IP network and IP telephony deployment has unique characteristics. However, it is essential to form proactive deterrents to security threats to IP telephony, rather than attempt to battle them as the technology continues to evolve. It is important to remember that security is a process. Companies should be prepared to constantly change and evolve to address the shifting threat landscape, rather than implement a point solution to be deployed once and forgotten.
Bob Decker is director, Managed and Professional Services Sales Overlay for NextiraOne North America, a Houston-based provider of integrated enterprise network, IP telephony, data, voice and converged solutions for businesses. Decker, a Certified Information Systems Security Professional, leads the companys services field sales and marketing team.
|NextiraOne North America www.nextiraone.com|