Security Basics mailing list archives
Re: Seeking Information regarding VoIP security Assessment
From: "J. Oquendo" <cisa () e-fensive net>
Date: Wed, 14 Oct 2009 14:14:17 -0400
Abhishek Kumar wrote:
Really very helpful suggestions and resources. Actually I have been given a task to write 2-3 page writeup on VoIP Security and how we can do VoIP security assessment. regards abhi
Depends on what your goal(s) is/are. For example, snooping (eavesdropping) is accomplished by sniffing the wire and recompiling the audio (RTP or other protocol used http://www.ietf.org/rfc/rfc3550.txt?number=3550) which would affect confidentiality. With any kind of packet injection tool and knowledge of SIP (if SIP is targeted) you could do some interesting things. Because most VoIP equipment are using a client server set-up and almost ALL VoIP based phones have a web interface, they're DoSable, prone to the same attacks as any other HTTP server. Imagine the following: Using curl being able to reset variables. Not a big deal at first glimpse, however imagine this: Scenario1: You change your caller ID as that of an employee. Call IT and tell them "reset my X (voicemail, email, etc.) password" Because the IT guy wants to validate you he uses caller ID and does so. Scenario2: You change your caller ID as that of an employee. Call IT and tell them "reset my X (voicemail, email, etc.) password" Because the IT guy wants to validate you he refuses to use caller ID and tells you he will call you right back. At this point if you DoS'd the phone it wouldn't receive calls hence them going into voicemail. In comes perl, curl or whatever packet builder you prefer... Perform a POST to the phone or server, depending on your craftiness and time, reset the voicemail PIN. Go into the user's voicemail, instant pentesting gratification. There are plenty of ways to abuse VoIP - the facts are facts though - it's just data. From a sniffing/PITA perspective, you could snoop calls, splice together audio and create your own soundboard WITH that person's voice - perhaps bypassing voice recognition. Sky's the limit when you have a focus on what it is you want to do. So ask yourself that first... What is it you want to do... Capture data, manipulate data, etc. I know quite a few revisions of firmware on certain phone vendors that I can re-write POSTS and reset phones, passwords, change names, insert a call forward argument. It all boils down to what is it you're trying to accomplish. In the case of an assessment, the approach for me would be to start at the ground up. Test the security of the phone application itself (HTTP scanner), test if any ports are open and why - which means you'd have to have literature from the manufacturer, test the tamperability of the connection (can you sniff the wire, any vlans (VLAN hopping), can you perform posts/injections, etc). Follow the same steps you would for any client server. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Lim Ming Wei (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Jon Kibler (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment Nikhil Wagholikar (Oct 14)
- RE: Seeking Information regarding VoIP security Assessment SOC (Oct 14)
- Message not available
- Re: Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment J. Oquendo (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Ivan . (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Rick Zhong (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment DiPo (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment J. Oquendo (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment DiPo (Oct 15)