IDS mailing list archives
RE: Voice over IP applications vulnerabilites/attacks ?
From: Keith Stewart <kstewart () cisco com>
Date: Thu, 02 Jan 2003 14:03:58 -0800
<VendorHat = on>Cisco produced a White Paper on IP Telephony Security as a part of its SAFE Security Blueprints.
www.cisco.com/go/safe/It's more directed at the secure network design side of the question than the actual intrusions/attacks side. A lot of it boils down to Security 101 - people are going to try and attack your systems, so put some appropriate security policies in place to try and mitigate the risk. The good thing with the SAFE docs is the recommendations have all been heavily tested, and the docs include the Cisco configs for the recommendations.
<VendorHat = off>As far as actual attacks against the systems, AFAIK, there's been no significant reported attack against an IP Telephony installation. In a large part, that's because existing installations are typically self-contained enterprise or SMB installations, and thus the entire system is protected from external aggressors by your enterprise firewalls (i.e. no conduits in/out for VoIP ports, phones on un-NATed address spaces, etc.), and because VoIP protocols are still relatively unknown by people outside the industry (i.e the most commonly deployed protocol is still H.323, and 323 messages are ASN.1 encoded - security through obfuscation, anyone?). But as there's more and more deployments, and the protocols are around longer, it becomes more and more important to make sure security is designed into a VoIP deployment.
Keith At 12:02 PM 1/2/2003 -0600, Paul D. Scallan, Jr. wrote:
I am going to assume that you are talking VOIP in the "phone to phone" sense (although the following can apply to any application of VOIP). I think you will find that certain phones themselves are prone to certain vulnerabilities. See: http://www.eweek.com/article2/0%2C3959%2C373289%2C00.asp Mostly the problem with the phones themselves are: they contain remote-accessible code which can be exploited to cause a denial of service, and possibly leak information and the phones are also weak in ways that facilitate man-in-the-middle attacks directed at intercepting telephone traffic. Also, There are three main vulnerabilities to IP networks and these result from its benefits. While in the traditional voice network one has to tap into a specific circuit to eavesdrop, in an IP network any equipment connected to the corporate LAN can identify, store and playback the VoIP packets that traverse that LAN. The use of shared media by VoIP systems opens the door to some uncertainty as to the source of a call, and may require authentication. The anonymity of an unprotected, unauthenticated IP network makes it susceptible to hostile use, such as prank calls, sending computer viruses or flooding the network. Despite the above, the vulnerability of an authenticated, protected VoIP network to internal abuse does not markedly differ from traditional telephone networks. Since there is no such thing as a secure IP network, only secure computing - one must secure the telephones, conversations, computers, and servers. Set up a chain of trust for authentication (encryption), control access (passwords and firewalls), encrypt for privacy, and employ call accounting software to establish accountability. One can achieve some measure of security by strategically allocating sub-nets, and choosing to use IP Switches instead of IP Hubs. However, security considerations should not override routing and traffic accommodations. Firewalls can and should be used to protect segments of a network from hostile traffic. This does not relieve each network device from protecting itself and filtering out undesired communications. Physical and network access to any VoIP server that is used to authenticate users, that controls access to the public telephone network, or that contains potentially confidential information should be locked down and treated with the same security precautions as any server with a confidential database. Further, another good article: http://www.eetimes.com/story/OEG20021014S0072 PAUL D. SCALLAN, JR. IT/IS/Production Manager - Paralegal KAUFMAN & ASSOCIATES, INC., VOICERITE! and SCALLAN SERVICES The Moss Building 109 East Vermilion, Suite 200 Lafayette, Louisiana 70501 337-237-4434 (main) 800-503-2274 (toll-free) 337-234-0715 (facsimile) 337-247-4486 (24 hour mobile) depo () kaufmanandassociates com http://www.kaufmanandassociates.com http://www.voicerite.net http://www.scallanservices.com -----Original Message----- From: Avi Chesla [mailto:avic () V-Secure com] Sent: Thursday, January 02, 2003 11:14 AM To: 'focus-ids () securityfocus com' Subject: Voice over IP applications vulnerabilites/attacks ? Hi, Is anyone familiar with Voice over IP vulnerabilities/Intrusions, floods etc ? I heard Checkpoint has some new protection capabilities concerning the issue. Avi
Current thread:
- Voice over IP applications vulnerabilites/attacks ? Avi Chesla (Jan 02)
- RE: Voice over IP applications vulnerabilites/attacks ? Paul D. Scallan, Jr. (Jan 02)
- RE: Voice over IP applications vulnerabilites/attacks ? Paul D. Scallan, Jr. (Jan 02)
- Message not available
- RE: Voice over IP applications vulnerabilites/attacks ? Keith Stewart (Jan 02)
- RE: Voice over IP applications vulnerabilites/attacks ? Paul D. Scallan, Jr. (Jan 02)
- RE: Voice over IP applications vulnerabilites/attacks ? Keith Stewart (Jan 02)
- RE: Voice over IP applications vulnerabilites/attacks ? Brennen Reynolds (Jan 03)
- Re: Voice over IP applications vulnerabilites/attacks ? Talisker (Jan 06)
- <Possible follow-ups>
- RE: Voice over IP applications vulnerabilites/attacks ? Avi Chesla (Jan 15)