Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the...
Transcript of Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the...
![Page 1: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/1.jpg)
VOIP Technology, Security Threats &
Countermeasures
GISFI # 2, Allahabad, September 17, 2010
Jaydip Sen
Innovation Lab
Tata Consultancy Services, Kolkata
Email: [email protected]
![Page 2: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/2.jpg)
Migration to the Integrated World
Mobile Voice
Fixed VoiceConverged Voice
End-to-end Solutions (IP)
GISFI # 2, Allahabad, September 17, 2010
Data Communications
End-to-end Solutions (IP)
Time
![Page 3: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/3.jpg)
What is IP (Internet Protocol) ?
• IP is the language that computers use to communicate over the Internet
• IP is the transmission mode that is expected to be used in the future for both voice and data
• IP enables today’s services to be implemented over the same access (e.g. telephony and Internet access)
GISFI # 2, Allahabad, September 17, 2010
• IP enables multiple services to share the one network
![Page 4: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/4.jpg)
Broadband (IP) Telephony
• Broadband telephony is speech/voice that is packaged and transmitted partly or entirely over IP-based networks
• The concept of broadband telephony is the sum of:– Voice Over IP– Internet telephony– Related value-added services
• Full-featured broadband telephony uses IP technology both for
GISFI # 2, Allahabad, September 17, 2010
• Full-featured broadband telephony uses IP technology both for voice transmission and for value-added services
• Broadband telephony is in the first place a follow-on product of data communications solutions
• Broadband telephony requires a broadband connection
![Page 5: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/5.jpg)
Evolution of Voice Telephony Products
Fixed access
Digital
IP– Broadband telephony
IP– 3G
GISFI # 2, Allahabad, September 17, 2010
Mobile access
Analog– AGF
Digital– AXE
Digital– GSM
Analog– NMT
IP– GPRS
![Page 6: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/6.jpg)
Convergence of Fixed and Mobile Voice
POTS = access line
VOIP = SIP server account Mobile = HLR account
VOIP
SIP- client =
Mobile
SIM card
GISFI # 2, Allahabad, September 17, 2010
“IP coverage” “Radio coverage”
All devices can or will be wireless
=
![Page 7: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/7.jpg)
Prerequisites, Business Model, Time Frame
• Prerequisites– Broadband penetration
– Established standards
– Customer needs
• Business model– IP will generate a new logic over time
– Start from where you are — convergence may be
GISFI # 2, Allahabad, September 17, 2010
– Start from where you are — convergence may be the best of both worlds
• Time frame– It may be a long time before IP takes over completely
![Page 8: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/8.jpg)
Broadband vs. Conventional Telephony
• Reliability– Prioritization of voice packets– Combining different networks
• Power dependency– Broadband telephony doesn’t work if the power is off
at the customer
• Ability to reach alarm numbers
GISFI # 2, Allahabad, September 17, 2010
• Ability to reach alarm numbers– Position information
• Standards– Terminals– Services/networks
![Page 9: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/9.jpg)
Business People Needs Integrated Services
Communicate with other people
• Telephone
• Voice-mail
• E-mail, sms, mms
Plan and organize your work
• Telephone
• Calendar
• Contacts
GISFI # 2, Allahabad, September 17, 2010
Collaborate with other people
• Telephone meeting
• Video meeting
• e-meeting
• Project management tools
Do business• Telephone
• E-business
• CRM
• Supply Chain mgmt
• …
Stay informed
• Telephone
• Web search
• News, …
![Page 10: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/10.jpg)
The VOIP Funnel – Business Customers
• Business case
• Standards
Branch office (where to start)
2003
2005 2006
2002
2004
• Network management
Lab Full scale
GISFI # 2, Allahabad, September 17, 2010
First pilots
First full implementations
Scale up to corporate level• Network management
• QoS
Classic Centrex IP Centrex
TRENDS
Classic PBX IP PBX
![Page 11: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/11.jpg)
Individual Customer Needs
Connectivity with control• Need to be in touch• Voice is still the “killer application”• Need to control accessibility• Want to be reachable but need to control
access based on user situationsNeed to stay informed
GISFI # 2, Allahabad, September 17, 2010
Need to stay informed• Need to know what is going on around them
– E.g. after 9/11, increased need for security
Greater capabilities for:• Personal telephony• Communications• Mobility
![Page 12: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/12.jpg)
Broadband Telephony
SIP (Session Initiation Protocol)– A standard that is establishing itself– Other parties can provide services
Functionality– Telephony as software in a PC– Simple to download– Adapter or separate phone required to talk via
receiver– Personal phone number 0751121441
GISFI # 2, Allahabad, September 17, 2010
– Personal phone number 0751121441– SIP address [email protected] which
can be an email address
Capabilities– Call control – Availability information– Chat– Video calls
![Page 13: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/13.jpg)
What is VoIP ?
• A suite of IP-based communications services
• Provides multimedia communications over IP networks
• Based on open IETF and ITU standards
• Operates over any IP network (not just the Internet)
• Utilizes separate paths for signaling and media
• Low-cost alternative to PSTN calling
GISFI # 2, Allahabad, September 17, 2010
• Low-cost alternative to PSTN calling
![Page 14: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/14.jpg)
The Business Value of VoIP
Cost• Toll bypass for on-net calling• Reduced network costs• Lower move/add/delete (MAD) costs• Reduced site preparation time• Network convergence
Functionality• Enterprise directory integration
GISFI # 2, Allahabad, September 17, 2010
• Enterprise directory integration• Unified Messaging• Call center applications• Interactive Voice Response (IVR)• IP Video• Instant Messaging
Mobility• Location services (Find-Me/Follow-Me routing)• Wider array of service providers• Ubiquitous access
![Page 15: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/15.jpg)
PSTN vs VoIP
Public Switched Telephone Network (PSTN)• SS7 signaling protocol
• Circuit-switched network (ATM/Frame Relay)
• Expensive infrastructure
• Reliable quality
Voice Over IP (VoIP)
GISFI # 2, Allahabad, September 17, 2010
Voice Over IP (VoIP)• SIP, H.323, SCCP, MGCP, or MegaCo signaling protocol
• RTP media protocol
• Packet switched network
• Converged infrastructure
• Unreliable quality
![Page 16: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/16.jpg)
VoIP ProtocolsSIP
• RFC 3261• “The Session Initiation Protocol (SIP) is an
application-layer control (signaling) protocol for creating, modifying and terminating sessions with one or more participants.”
• Text based messaging• Modeled on HTTP • Uses URI to address call flow
components • sip:[email protected]
INVITE sip:[email protected] SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds Max-Forwards: 70 To: Bob <sip:[email protected]> From: Alice <sip:[email protected]>;tag=1928301774 Call-ID: [email protected] CSeq: 314159 INVITE Contact: <sip:[email protected]> Content-Type: application/sdp Content-Length: 142
GISFI # 2, Allahabad, September 17, 2010
• sip:[email protected]• sip:[email protected]
• Versatile and open with many applications• Voice• Video• Gaming• Instant Messages• Presence• Call-Control
![Page 17: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/17.jpg)
• INVITE: create a session
• BYE: terminates a session
• ACK: acknowledges a final response for an INVITE request
• CANCEL: cancels an INVITE request
• REGISTER: binds a public SIP URI to a Contact address
• OPTIONS: queries a server for capabilities
• SUBSCRIBE: installs a subscription for a resource
SIP Methods
GISFI # 2, Allahabad, September 17, 2010
• NOTIFY: informs about changes in the state of the resource
• MESSAGE: delivers an Instant Message
• REFER: used for call transfer, call diversion, etc.
• PRACK: acknowledges a provisional response for an INVITE request
• UPDATE: changes the media description (e.g. SDP) in an existing session
• INFO: used to transport mid-session information
• PUBLISH: publication of presence information
![Page 18: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/18.jpg)
SIP Components
•User Agents• Clients – Make requests
• Servers – Accept requests
•Server types• Redirect Server
• Proxy Server
GISFI # 2, Allahabad, September 17, 2010
• Proxy Server
• Registrar Server
• Location Server
•Gateways
![Page 19: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/19.jpg)
Session Description Protocol (SDP)
SDP• IETF RFC 2327
• “SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation.”
v=0 o=mhandley 2890844526 2890842807 IN IP4 126.16.64.4 s=SDP Seminar i=A Seminar on the session description protocol u=http://www.cs.ucl.ac.uk/staff/M.Handley/sdp.03.ps [email protected] (Mark Handley) c=IN IP4 224.2.17.12/127t=2873397496 2873404696 a=recvonly m=audio 49170 RTP/AVP 0 m=video 51372 RTP/AVP 31
GISFI # 2, Allahabad, September 17, 2010
session initiation.”
• SDP includes:• The type of media (video, audio,
etc.)• The transport protocol
(RTP/UDP/IP, H.320, etc.)• The format of the media (H.261
video, MPEG video, etc.)• Information to receive those media
(addresses, ports, formats, etc)• Crypto keys
m=video 51372 RTP/AVP 31 m=application 32416 udp wb a=orient:portrait
![Page 20: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/20.jpg)
Media Protocols
RTP• Real-time Transport Protocol
• RFC 3550• Standardized packet format for delivering audio and video over IP• Frequently used in streaming media systems
CODECs• GIPS Enhanced G.711
GISFI # 2, Allahabad, September 17, 2010
• 8kHz sampling rate• Voice Activity Detection• Variable bit rate
• G.711• 8kHz sampling rate• 64kbps
• G.729• 8kHz sampling rate• 8kbps• Voice Activity Detection
![Page 21: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/21.jpg)
SIP Call Flow
Outbound Proxy Inbound Proxy
INVITE
INVITE
INVITE
100 Trying 180 Ringing
100 Trying
180 Ringing180 Ringing 200 OK
200 OK
200 OK
BYE BYE
BYE
GISFI # 2, Allahabad, September 17, 2010
BobAlice
200 OK
RTP VoiceAlice Calls Bob
Steve answers Bob’s phone
Is Bob there?
Sorry, no, can I help you
No. I need Bob.
Thanks. Bye.
ACK
Hello.
![Page 22: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/22.jpg)
SIP Standards
A sampling of SIP RFCs…• RFC3261 Core SIP specification – obsoletes RFC2543• RFC2327 SDP – Session Description Protocol• RFC1889 RTP - Real-time Transport Protocol• RFC2326 RTSP - Real-Time Streaming Protocol• RFC3262 SIP PRACK method – reliability for 1XX messages• RFC3263 Locating SIP servers – SRV and NAPTR• RFC3264 Offer/answer model for SDP use with SIP
GISFI # 2, Allahabad, September 17, 2010
• RFC3264 Offer/answer model for SDP use with SIP• RFC3265 SIP event notification – SUBSCRIBE and NOTIFY• RFC3266 IPv6 support in SDP• RFC3311 SIP UPDATE method – eg. changing media• RFC3325 Asserted identity in trusted networks• RFC3361 Locating outbound SIP proxy with DHCP• RFC3428 SIP extensions for Instant Messaging• RFC3515 SIP REFER method – eg. call transfer
![Page 23: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/23.jpg)
Complexities of VOIP Architecture
GISFI # 2, Allahabad, September 17, 2010Copied from NSA Security Guidance for Deploying IP Telephony Systems, Report Number: I332-016R-2005
![Page 24: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/24.jpg)
VOIP Security Threats
GISFI # 2, Allahabad, September 17, 2010
Robert Wood
![Page 25: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/25.jpg)
Most Common VOIP Security Mistakes
1. Treating VOIP security the same way as Network security2. Not treating VOIP security the same way as Network
Security
How it’s the Same
• Uses mostly the same protocols• Uses mostly the same Operating
How it’s Different
• Some unique protocols• Traditional Security devices
GISFI # 2, Allahabad, September 17, 2010
• Uses mostly the same Operating Systems
• Many of the same threats
• Traditional Security devices (IDS/Firewalls can disrupt service)
• People treat it like the old phone system!
What we Commonly See
• Segmentation without monitoring• Improperly configured systems• Little device hardening• Little understanding of privacy threats• No regular security assessments ON the
VOIP segment
![Page 26: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/26.jpg)
VoIP Threats
VOIP Threat Taxonomy• Social Threats
• Misrepresentation• Identity• Authority• Rights• Content
• Theft of Services
GISFI # 2, Allahabad, September 17, 2010
• Theft of Services• Unwanted Contact
• Harassment• Extortion• Unwanted Lawful Content (spam and other offensive material)
• Eavesdropping• Call Pattern Tracking• Traffic Capture
• Number Harvesting• Call Reconstruction (voice, video, fax, text, voicemail)
![Page 27: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/27.jpg)
VoIP ThreatsVOIP Threat Taxonomy
• Interception and Modification• Call Black Holing• Call Rerouting• Fax Alteration• Conversation Alteration• Conversation Degradation• Conversation Impersonation and Hikacking• False Caller Identification
• Service Abuse
GISFI # 2, Allahabad, September 17, 2010
• Service Abuse• Denial of Service• VoIP Specific DoS
• Request Flooding• Malformed Requests and Messages• QoS Abuse• Spoofed Messages• Call Hijacking
• Network Services DoS• Underlying Operating System/Firmware DoS• Distributed DoS (DDoS)
• Physical Intrusion
![Page 28: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/28.jpg)
VoIP Threats
VOIP Threat Taxonomy• Other Disruptions of Service
• Loss of Power• Resource Exhaustion• Performance Latency and Metrics
GISFI # 2, Allahabad, September 17, 2010
![Page 29: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/29.jpg)
Summary of VOIP Risks?
•Service Disruption or Denial of Service
•Theft of Service or Data
•Infrastructure Attacks
•Voice SPAM (Vishing, Mailbox Stuffing, Unsolicited Calling)
GISFI # 2, Allahabad, September 17, 2010
Stuffing, Unsolicited Calling)
•Call Hijacking and Spoofing
•Call Eavesdropping or recording
•Voicemail Hacking
Every other network and system vulnerability not unique to VOIP!
![Page 30: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/30.jpg)
Threat Model for VOIP Systems
Supporting Applications Layer
VOIP Application Layer
VOIP Environment
VOIPVOIP
Voice Mail
Gateway
GISFI # 2, Allahabad, September 17, 2010
HW Platform, OS
Facility/Infrastructure
VOIP Protocol LayerSignaling and Transfer Protocols
Configuration DatabasesNetworkNetwork
IP PhonesFirewall
Call Manager Servers
Fax
SBC
![Page 31: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/31.jpg)
What are the Threat Vectors?
•OS Exploits
•Signaling Attacks
•Endpoint Admin Privilege Exploits
•Proxy Impersonation
•Real Time Protocol (RTP) Attacks
•VoIP Wiretapping
GISFI # 2, Allahabad, September 17, 2010
•VoIP Wiretapping
•VoWiFi Attacks
•DoS Attacks
•Spam for Internet Telephony (SPIT)
•IP PBX and Telephony Server Exploits
•Vishing (VoIP Phishing)
![Page 32: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/32.jpg)
Who are You Protecting Against?
Malicious Attack
GISFI # 2, Allahabad, September 17, 2010
Unintentional Exposure Intentional Exposure
Malicious Attack
“Risk is Irrelevant of Intent”
![Page 33: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/33.jpg)
Specialized Hacking Tools
•SIPScan - enumerate SIP interfaces•TFTPBrute - TFTP directory attacking•UDP and RTP Flooder - DoS tools•hping2 – TCP session flooding•Registration Hijacker - tool to take over H.323 session•SIVUS - SIP authentication and registration auditor
GISFI # 2, Allahabad, September 17, 2010
•Vomit - RTP Playback•VOIP HOPPER – IP Phone mimicing tool•LDAPMiner - collect ldap directory information•Dsniff - various utilitarian tools (macof and arpspoof)•Wireshark (Ethereal) / tcpdump - packet capture and protocol analysis
![Page 34: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/34.jpg)
Hardware Can be Gussed
"Your call is being answered by Audix. [USER'S NAME] {is not available ... to leave a message wait for the tone, is busy ... to leave a message wait for the tone}."
"[USER'S NAME] {is on the phone, is unavailable}
GISFI # 2, Allahabad, September 17, 2010
"[USER'S NAME] {is on the phone, is unavailable} Please leave your message after the tone. When done, hang up or press the pound key."
"Record your message at the tone. When you are finished, hang up or hold for more options."
![Page 35: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/35.jpg)
DDoS Attack
?
GISFI # 2, Allahabad, September 17, 2010
call
![Page 36: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/36.jpg)
Toll Fraud
GISFI # 2, Allahabad, September 17, 2010
Hacker sells your company calling information
Your company gets the bill
![Page 37: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/37.jpg)
Call Manager OS
GISFI # 2, Allahabad, September 17, 2010
![Page 38: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/38.jpg)
Call Manager OS
?
GISFI # 2, Allahabad, September 17, 2010
![Page 39: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/39.jpg)
Call Forwarding/Spoofing
?
GISFI # 2, Allahabad, September 17, 2010
call
?
![Page 40: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/40.jpg)
Expose Private Conversations
!
GISFI # 2, Allahabad, September 17, 2010
call
!
![Page 41: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/41.jpg)
Block Certain Calls
555-1212999-1213
?
GISFI # 2, Allahabad, September 17, 2010
999-1213987-6543
![Page 42: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/42.jpg)
Log Call Activity
GISFI # 2, Allahabad, September 17, 2010
call
![Page 43: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/43.jpg)
Hijacking/Injection Attack
GISFI # 2, Allahabad, September 17, 2010
call
![Page 44: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/44.jpg)
Call Forwarding/Spoofing
GISFI # 2, Allahabad, September 17, 2010
call
![Page 45: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/45.jpg)
Call Forwarding/Spoofing
call
GISFI # 2, Allahabad, September 17, 2010
call
![Page 46: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/46.jpg)
Eavesdropping
Outbound Proxy Inbound Proxy
Kevin
SIP
GISFI # 2, Allahabad, September 17, 2010
BobAliceRTP
YakYak
•DTMF intercept•IM snooping•Call pattern analysis•Number harvesting•Network discovery
•Voice reconstruction•Fax reconstruction•Video reconstruction
![Page 47: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/47.jpg)
Spoofing
Outbound Proxy Inbound Proxy
BYE
SIP
BYE
GISFI # 2, Allahabad, September 17, 2010
BobAliceRTP
Kevin
Kevin forges a BYE from Alice
Hello?Hello?Yak Yak
![Page 48: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/48.jpg)
Recording
GISFI # 2, Allahabad, September 17, 2010
call
![Page 49: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/49.jpg)
Interception
Outbound Proxy Inbound Proxy
REFER
202 Accepted
REFER
202 Accepted
202 AcceptedSIP
INVITE
BYE
BYE
BYEINVITE
200 OK
GISFI # 2, Allahabad, September 17, 2010
BobAliceRTP
Kevin
REFER
Kevin forges a REFER from Bob
Hello?Yak
Yak
Yak
INVITE
200 OK
![Page 50: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/50.jpg)
Key Mitigation Strategies
•Create VOIP Specific Security Policies
•Segmentation as appropriate– Restrict logical network access to critical servers and VoIP call
processors
– Utilize separate VLANs for voice and data
•Device Hardening– Do not use default passwords
GISFI # 2, Allahabad, September 17, 2010
– Turn off unnecessary services
– Apply vendor supplied patches in a timely manner
– Perform vendor installation security checklist to h arden applications
•Perform Security Assessments on and against the VOIP infrastructure
•Apply Appropriate Encryption
![Page 51: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/51.jpg)
Key Mitigation Strategies
•Utilize VoIP aware Firewalls, Intrusion Prevention Systems (IPS) and Session Border Controllers (SBC) when possible
•Utilize end-to-end QoS
•Continue to protect against traditional system attacks (Toll Fraud, Modem Security, Social Networking Attacks & etc.)
GISFI # 2, Allahabad, September 17, 2010
![Page 52: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/52.jpg)
Security Solutions
GISFI # 2, Allahabad, September 17, 2010
Robert Wood
![Page 53: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/53.jpg)
Network Solutions: Security Policy
• Establish a corporate security policy
– Acceptable Use Policy– Analog/Dial-in/ISDN Line Policy– Anti-Virus Process– E-mail Policy
• Automatic Forwarding• Usage
GISFI # 2, Allahabad, September 17, 2010
• Retention– Ethics Policy– Password Protection Policy– Patch Management Process– Router Security Policy– Server Security Policy– Risk Assessment Policy– VPN Security Policy– Wireless Security Policy
http://www.sans.org/resources/policies/#template
![Page 54: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/54.jpg)
Security Solutions: Network
GISFI # 2, Allahabad, September 17, 2010Network Design by Cisco Systems
![Page 55: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/55.jpg)
Security Solutions: DoS & DDoS
• Provide redundancy through:– Mesh Corporate WAN design
– Utilizing multiple ISPs
– Fallback PSTN Gateway(s)
– Uninterruptible Power Supplies
• Negotiate QoS agreements
GISFI # 2, Allahabad, September 17, 2010
![Page 56: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/56.jpg)
Security Solutions: Hacking
• Segment networks into separate VLANs– Voice network
– Data network
– Monitoring and control network
GISFI # 2, Allahabad, September 17, 2010
![Page 57: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/57.jpg)
Security Solutions: Hacking
• Maintain VoIP application server updates– Call manager server(s)
– Voicemail server(s)
– Gateway server(s)• Install current Operating System patches• Install current application software patches
GISFI # 2, Allahabad, September 17, 2010
![Page 58: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/58.jpg)
Security Solutions: Spoofing
• Eliminate unknown devices– DHCP Snooping
– DAI: Dynamic Address Resolution Protocol Inspection
– IP Source Guard
• Eliminate unknown software– Digital Signatures
GISFI # 2, Allahabad, September 17, 2010
![Page 59: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/59.jpg)
Security Solutions: Threats
• Manage and prevent threats via:– Stateful Firewalls
– Virus Filters
– Intrusion Detection (NIDS)
– Intrusion Prevention (HIPS)
– Filter unnecessary ports on:
GISFI # 2, Allahabad, September 17, 2010
– Filter unnecessary ports on:• Routers• Switches• PCs• IP Telephones• Firewalls
![Page 60: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/60.jpg)
Security Solutions: Complete
GISFI # 2, Allahabad, September 17, 2010
![Page 61: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/61.jpg)
Network Diagram Legend
GISFI # 2, Allahabad, September 17, 2010
![Page 62: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/62.jpg)
Summary of Countermeasures
Authentication and Encryption
• Digest Authentication• Used during UA registration• Authenticates UA to SIP proxy• Similar to HTTP digest from web browser to web server• Cannot be used between proxies
GISFI # 2, Allahabad, September 17, 2010
• Transport Layer Security (TLS)• Used to secure signaling path• Authenticates each endpoint on a link• Provides encrypted path between each link• Non-transitive trust• Can be used between proxies• Requires X.509 certificates
![Page 63: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/63.jpg)
Summary of Countermeasures
Authentication and Encryption
• Secure RTP (SRTP)• Used to secure the media path• Provides end-to-end security• Requires X.509 certificates
GISFI # 2, Allahabad, September 17, 2010
• Zphone (ZRTP)• Used to secure the media path• Provides end-to-end security• IETF draft written by Phil Zimmermann• Requires no X.509 certificates• Relies on OSI layer 8 authorization
![Page 64: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/64.jpg)
Summary of Countermeasures
Physical Security• VoIP equipment in secured datacenter
• Lock wiring closet doors
• VoIP VLANs = Good
• Separate VoIP network = Better
• Separate VoIP network + Authentication + Encryption = Best!
GISFI # 2, Allahabad, September 17, 2010
Logical Security• CIS Benchmarks applied to all host platforms
• Regular patching and assessments
• Network IDS
• Firewall and NAT protection of gateway and proxies
![Page 65: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/65.jpg)
Conclusion• VOIP will lead to convergence of voice and data into a common
infrastructure for wiring, routers, network connectivity.• Companies will be able to deploy, manage and maintain one network to
serve all communication needs, saving on infrastructure costs and resources.
• With VoIP the Internet becomes the backbone of a company’s phone network. This leads to a number of threats:– Hackers
GISFI # 2, Allahabad, September 17, 2010
– Worms– Viruses– DoS attacks
• “The challenge of VoIP security is not new. History has shown that advances and trends in information technology typically outpace the corresponding realistic security requirements. Such requirements are often tackled only after these technologies have been widely adopted and deployed” – Cable Datacom News
![Page 66: Technology, Security Threats & Countermeasures · What is IP (Internet Protocol) ? • IP is the language that computers use to communicate over the Internet • IP is the transmission](https://reader034.fdocuments.in/reader034/viewer/2022042306/5ed18cda1620a61280272388/html5/thumbnails/66.jpg)
Thank You!
GISFI # 2, Allahabad, September 17, 201066
Thank You!