VoIP has finally arrived as a mainstream application. IP PBX equipment sales topped $1 billion in 2005, for the first time outpacing traditional TDM PBXs, according to Dell' Oro Group.
In fact, analysts predict that IP PBXs will account for more than 90% of the market by 2009. Before you deploy VoIP, however, you need to be aware of the security risks and the countermeasures that you can take. Security is important in every context, but especially when you're replacing the world's oldest, largest and most resilient and available communications network. While no individual security measure will eliminate attacks against VoIP deployments entirely, a layered approach can meaningfully reduce the probability that attacks will succeed.
The threats
Enterprise VoIP customers and service providers are vulnerable to many of the same impersonation-based attacks "phreakers" attempt against traditional telephone and cellular services. The goals - identity and information theft and toll fraud - are the same.
Many attacks focus on VoIP endpoints. The operating systems, Internet protocols, applications and management interfaces of VoIP hard phones and computers running softphones are vulnerable to unauthorized access, viruses and worms, and many denial-of-service (DoS) attacks that exploit common Internet protocols and VoIP protocols themselves.
VoIP uses the IETF Session Initiation Protocol (SIP) and the Real-time Transport Protocol (RTP) for call signaling and voice-message delivery. These and complementing session description and RTP control protocols (SDP, RTCP) do not provide adequate call-party authentication, end-to-end integrity protection and confidentiality measures on call signaling and call data (such as media streams containing compressed and encoded speech). Until these security features are implemented and put into service, attackers have many vectors to exploit.
Today, SIP and RTP protocols do not encrypt call-signaling packets and voice streams, so identities, credentials and SIP Uniform Resource Identifiers (phone numbers) of callers can be captured using LAN and wireless LAN (WLAN) traffic-collection tools (sniffers).
An attacker can use captured account information to impersonate a user to a customer representative or self-service portal, where he can change the calling plan to permit calls to 900 numbers or to blocked international numbers. He also can access voice mail or change a call forwarding number.
Impersonation attacks commonly are used to perpetrate toll fraud, but financially motivated attackers also can capture voice conversations and later replay them to obtain sensitive business or personal information.
Flooding VoIP targets with SIP call-signaling messages (e.g., Invite, Register, Bye or RTP media stream packets) can degrade service, force calls to be dropped prematurely and render certain VoIP equipment incapable of processing calls entirely. VoIP equipment also may be vulnerable to DoS attacks against such Internet protocols as TCP SYN, ping of death and the recent DNS distributed DoS amplification attacks.
VoIP systems also can be disrupted by media-specific attacks, such as Ethernet broadcast storms and Wi-Fi radio jamming. Operating systems and TCP/IP stacks used in new VoIP hardware may be susceptible to implementation-specific attacks that exploit programming flaws. This can cause the system to cease operating or provide the attacker with remote administrative control of the system.
VoIP softphones pose a unique and thorny problem. Softphone applications run on user systems (PCs, PDAs) and thus are vulnerable to malicious code attacks against data and voice applications. IT administrators must consider the possibility that an attacker may try to evade conventional PC malware protection by injecting malicious code via a VoIP softphone application.
Spam often harbors spyware and remote administration tools. Spam over Internet telephony can carry unsolicited sales calls and other nuisance messages, and programs downloaded to softphones could include hidden malware.
Even this partial description should cause IT managers to assess the risk of introducing VoIP, and to develop a policy and an implementation plan to reduce the risks using security technology at hand.
No comments:
Post a Comment