Security challenges for Voice over IP

Transcription

1 WHITE PAPER Security challenges for Voice over IP Even though Voice over IP technology has existed for several years, it is only recently that IP telephony systems have significantly taken off. Challenges and advantages of VoIP page 2 Facilitated by the maturity of the technology and Vulnerabilities of a VoIP system page 5 by lower cost, this expansion is also linked to the convergence of the data on telephony systems Security of a VoIP system page 12 with the data on information systems. Unfortunately, what follows the emergence of telephony over IP is the exploitation of the associated protocol and application vulnerabilities. It then becomes inescapable to set up a security system in order to protect telephony and information assets. The challenges and perspectives set out in the study Managing information infrastructures: challenges and perspectives conducted recently by EMC Corporation and NEURONES-IT are linked to the increase in the number of projects relating to IP telephony. Besides lowering the cost of the telephone bill and better optimizing the network infrastructure, voice-data convergence technologies are the cornerstone for the capitalization of such projects. This leads to a double interaction: The telephone system can exploit the data from the information system and as such ensure optimization of resources The information system can process telephone data in order to ensure control over telephony and the exploitation of the associated data Securing the telephone system is much more problematic than securing access to the information system. Due to the diversity of the number of possible attacks and the use of unified communications, a dedicated security policy would be required. Besides denials of service which may render servers or telephone terminals unreachable, an IP telephony system has to deal with various other threats, from identity spoofing to spam through the exploitation of software and/or protocol vulnerabilities. Furthermore, the convergence of the information system and the telephone system translates into a double security requirement: Security of the telephony system Securing access to the information system from the telephony system The setup of a security policy of an IP telephony system may be addressed by the use of good network infrastructure practices and by the deployment of a security appliance. In addition to network partitioning, the VoIP firewall provides an additional layer of security to protocol and application analyses. Vulnerability management is now an integral part of multi-function security devices. The challenge posed to vendors is the need to constantly provide new protection methods with their appliances in order to keep up with the evolution of threats. Indeed, the number of threats linked to the exploitation of a system s vulnerabilities, regardless of which system, has a direct relation to the multiplication of the deployment of such a system.

2 WP VoIP Security: Challenges and advantages CHALLENGES AND ADVANTAGES OF VOIP The evolution of IP technologies and high bandwidth links are the growth vectors of IP telephony systems. When paired up with a unified communication system, they provide businesses with new perspectives in terms of cost reduction, productivity and customer satisfaction. The challenges surrounding unified communication and Voice over IP are plenty and are eased by the technological maturity of these systems. Nonetheless, these engaging challenges are led by structuring projects in which the analysis of risks may identify the restrictions with regards to availability, confidentiality and even application vulnerabilities. THE CHALLENGES There are a multitude of reasons behind leading a Voice over IP deployment project or voice-data convergence project and all vary according to the individual enterprise. In certain cases, strategic reasons come into play, motivated by cost-cutting or increased productivity. In other cases, the reasons are more practical, such as the obsoleteness of appliances or the development of a new site. Increased productivity, which arises from more efficient management of employees communication means, accounts for one of the major profits in carrying out an IP convergence project. Indeed, a unified communication system offers better interaction between the various means of communication ( , telephone, cell phone, fax or instant messaging). As such, it strengthens the connection employees have with their company. For example, an employee on a working trip may himself send a fax from the mail client on his cell phone. Or, with the same mail client, he could check all his voic from a central point. This improvement to the connections also allows facilitating contact with existing clients and/or the company s prospective clients. The advantages of setting up a unified communication system are many. We could cite the following: presence-based applications, ease with call centers, cooperative work, remote presentations and meetings or even videoconferences. The challenges already being considerable with the current IP technology, the future and technical evolutions leave us to assume that there will be other areas of application. Deploying an IP-based unified communication system is not merely a change of technology. It involves leading an engaging project for the company that brings added value and positive change. This long-term undertaking leads to questions of sustainability and risk analysis. THE ADVANTAGES There are many advantages to IP telephony and unified communication, which participate in tackling companies challenges. Firstly, the democratization of optic fibers allows improved bandwidth and therefore allows transferring more data. Furthermore, the maturity of IP technologies enables intermingling of digital telephony devices, which, when associated with the use of applications that use IP traffic, will allow meeting companies expectations regarding the implementation of engaging projects on unified communication systems. 2

3 WP VoIP Security: Challenges and advantages The speed of information transfer has greatly increased over the past few years. The deployment of high-speed technologies such as optic fiber or 10-Gigabit technology enables the increase in the amount of information exchanged. The expansion of IP technology allows, at the same time, the interaction between applications and telephone systems, in particular for Voice over IP. It is possible, for example, to send or receive faxes from a mail client or even to take part in a cooperative task remotely. In the case of a call center, the management of calls can be configured according to employees presence and their activity time. The evolution of private automatic branch exchanges (PABX) enables the integration of circuitswitching telephony devices with an IP telephony system. These infrastructures, known as hybrids, are undeniably assets for easing the migration of a fleet of analog or digital cellular telephones to IP telephony and unified communication. UNIFIED COMMUNICATION The strength of IP technology is how it associates data, voice and video into a single communication channel. As such, the unification of data brings new features to telephony or video and also offers new perspectives, such as cooperative work. The simplification that comes with the use of IP technology for telephony allows attaining increased productivity. There are many advantages to it, such as the following: Simple configuration of a call transfer route (2 rings on my phone, then 2 rings on my assistant s phone, before switching to the voice mailbox) Voice messages on the mail client that would allow the user to check them from a central location even when travelling Management of the voice mailbox in order to listen to priority messages first (e.g. from a particular caller) Management of a call group that would ensure access availability Automatic numbering from an electronic address book Management of the presence of collaborators in a team, which would allow finding out who to speak to according to each person s availability. New possibilities are now available to all, thanks to unified communication, such as cooperative work and video. By pairing up both these systems, it is possible to imagine organizing a meeting by videoconference in which the participants are in different locations, even if they are abroad. Despite the distance, the participants would be able to know who is speaking, draw diagrams on a whiteboard or even exchange work documents. Moreover, this meeting may be recorded and sent to another person who was not present in order to share information. 3

4 WP VoIP Security: Challenges and advantages In the future, the multiplicity of communication methods will converge once more. By taking the example of recent technologies like WIMAX, LTE or UMB, it would be possible to reach a roaming user at a single telephone number. He would have more and more means of performing identical actions at his workplace. All services in a unified communication system that can be accessed from a workstation should be available regardless of where the user is. DRAWBACKS Without counting the problems relating to the investment in a new telephony infrastructure, there are two major drawbacks in adopting IP telephony and unified communication. The first relates to the use of the internet network to transport voice data, which may cause latency and jitter on communications. The second is linked to the security of the IP telephony system. In the context of a convergence of the voice network and information network, this drawback also affects information security. Latency and jitter on IP communications are two notions that take on full importance once data is transported in real time. Network latency refers to the time taken to transfer a data packet from one source to one destination. The high speed offered by the internet network allows lowering the scale of this problem. On the other hand, jitter is a phenomenon relating to digital transfers that cause fluctuations in the transported signal. Correcting this signal distortion may cause periods of silence of varying durations in the conversation. However, setting up Quality of Service (QoS) parameters would enable the reduction of the effects of latency and network jitter. The security of an IP telephony system requires taking an approach similar to that for information security, such as network partitioning, and management of availability and authentication, although specificities relating to the type of data transported have to be taken into account. Similar vulnerabilities are therefore found on an IP telephony system, such as identity spoofing, eavesdropping or even application flaws on the telephony server and terminals. In the context of a convergence of the telephone networks and information networks, the security of the telephone system must follow the usual information security rules. 4

5 WP VoIP Security: Vulnerabilities of a VoIP system VULNERABILITIES OF A VOIP SYSTEM Without broaching the issue of vulnerabilities due to the convergence of an IP telephony system and the information system, vulnerabilities relating to Voice over IP already cover a wide spectrum of the system itself (e.g.: availability) or its physical components (servers and terminals). These vulnerabilities can be classified under 6 families: Telephone spam Availability of the telephony system Confidentiality of exchanged data Identity spoofing Server application flaw Application flaws on terminals SPAM OVER TELEPHONY One of the leading threats to the availability of a Voice over IP system concerns telephone spam or even SPIT, for Spam Over Internet Telephony. This threat probably does not affect the resources of an IP telephony system but has a direct impact on the productivity of users who fall prey to these messages. Indeed, by engaging a user in an unsolicited telephone conversation (advertising or targeted information), the user will take the call and be disrupted in his work. Several such calls correlate to the phenomenon of unsolicited s (spam). The inconvenience of these s is already deemed very high. For a telephone call, there is no way to not notice the message. Telephone spam campaigns are not yet widespread but should increase in proportion to the deployment of IP telephony systems. AVAILABILITY The availability of a system is one of the leading risks identified as it has an impact that directly and instantaneously affects end users. In the example of a company that offers telephone services (e.g. a call center), the generation of income has a direct relation to the availability of the telephony system and therefore becomes a very critical risk. Two types of vulnerabilities have been identified with regards to availability denials of service and system breakdown and overload. The vulnerability to a denial of service is one of the main flaws of a Voice over IP system, which is usually connected to the internet. Just like a web server or mail server, the Voice over IP server may undergo a denial of service attack, thereby making it inaccessible for handling the management of telephone communications. Two types of denial of service attacks can be identified: Application denial of service which attempts to exploit an application flaw in order to make it unstable and unable to process communications. Protocol denial of service which consumes the server s network resources, thereby preventing it from managing Voice over IP communications. 5

6 In the case of an IP telephony system, there are specific denial of service attacks called call flooding. Consisting of resource consumption as usual, these specific attacks rely on: Registration flooding in which a large number of requests are sent, and may affect the server s performance. Call request flooding which requires the registration of a terminal in order to initiate a call, by launching this type of attack from one or several registered sources. Call control flooding which consists of sending a massive amount of control messages (SIP INFO, NOTIFY, Re-INVITE) once the call has been placed. Fault and load tolerance on the system may be addressed by setting up a load balancing system which, when necessary, will be able to ensure service continuity in the event of the breakdown of part of the system. Acquiring a system with strong fault tolerance also allows controlling the risk of unavailability. Other flaws relating to the availability of the IP telephony system may be identified but they are more closely related to application vulnerabilities of system components (servers and terminals). CONFIDENTIALITY The use of a circuit-switching network offers good protection for the confidentiality of conversations. Indeed, eavesdropping on a telephone conversation would require either access to the operator s infrastructure or the use of specific hardware. On the other hand, the transfer of telephone conversations over an IP network such as the internet represents a flaw for the confidentiality of communications. Recorded telephone conversations are another threat. This can be done with the use of packet analyzers ( sniffer ). Such an attack is commonly known as eavesdropping. Perhaps not all telephone communications are confidential, but access to even the most mundane conversations could provide information that might facilitate other attacks, especially social engineering. Furthermore, communications between two branches, between a head office and an agency or even with a technological partner, are considered assets, for which the risk of the breach of confidentiality is not to be ignored. Other types of attacks enable access to sensitive information on an IP telephony system (SQL injection). For example, they provide the possibility of getting data on all users registered on the system. These telephone directories may also be used or sold many times over. IDENTITY SPOOFING Risks linked to identity spoofing directly impact victims finances. In this context, two types of threats are identified: Call pricing fraud Caller identity fraud Call pricing fraud consists of placing a phone call using the ID of another telephone. The cost of this telephone call will then be billed to the holder of the ID instead of the person initiating the communication. This type of fraud also allows initiating telephone calls from a company to a premium rate number operated by the company placing these calls. 6

7 Other threats exist in the world of cybercrime with regards to identity spoofing, such as the use of any telephone ID to launch a spam campaign over IP telephony. This technique makes it all the more complicated to detect the initiator of this campaign. Another possible example consists of spoofing the telephone number of a company s IT department in order to obtain a user s network ID. The field of threats is wide and may even be as serious as the manipulation and deformation of information exchanged during an IP telephony communication. A combination of attacks is the last of the threats using identity spoofing. This involves, for example, combining telephone system attacks with a phishing campaign by . The attacker would send an inviting the reader to call a company in order to confirm his personal particulars. The victims, still unwary about this phishing method, would initiate a telephone call and transmit their information. These data may then be recorded for future malicious use. This type of identity spoofing attack on a telephony system is commonly known as vishing. APPLICATION SERVER IP telephony infrastructures are built around application servers that manage all communications. Like any application, these application servers are vulnerable to targeted attacks. Apart from denial of service attacks, the application vulnerability of the server managing communications may, in the event of a viral attack, lead to the unavailability of the server or cause it to be an attack vector when used. The presence of a virus or a denial of service on the communications management server may concern only the availability of the telephone system. However, a more sophisticated viral attack such as a Trojan horse may lead to other threats such as: A spread of the virus within the infrastructure, Disclosure of the ID database of the call management center, Use of a relay to dodge communication charges, The launch of telephone spam campaigns. More specifically, in the case of telephone operator servers, the attack may allow retrieving minutes of telephone calls. The cybercriminal can then resell these minutes on a parallel market. This type of attack is commonly known as phreaking. An SQL injection attack is a vulnerability on SIP application servers which manage databases. The principle of the attack is identical to the flaws more generally linked to web servers. Indeed, it consists of transporting SQL commands in the SIP header fields. These attacks may cause subscriber data to be deleted or even force registration requests to the accepted. Application and protocol vulnerabilities pose a threat to the telecoms management center. These vulnerabilities may be exploited and therefore represent a risk for the rest of the company s infrastructure. The management of risks relating to the vulnerabilities of the telecoms management center must be an integral part of the risk analysis process as soon as the telephony system becomes part of the infrastructure. 7

8 APPLICATION TERMINALS Telephone terminals on an IP telephony system are made up of software applications that provide users with a wealth of features, such as the telephone directory, call management (conferences, answering a second line, call hold, etc) or even access to voice mail. These terminals, whether hardware- or software-based, present application vulnerabilities. The following threats can also be identified: Denial of service Application attack Application attacks exploit several types of flaws, such as: Buffer overflow Management of challenge/response messages with the SIP proxy Analysis of DNS responses Management of crafted messages (ICMP and HTTP) In all cases, once the vulnerability has been exploited, the attacker may execute malicious code on the vulnerable appliance. Examples of these malicious codes are: Rebooting of the terminal Transmission of the address book Sending of a crafted SIP message in order to launch a denial of service attack on the SIP server A denial of service attack is launched on an application terminal with the aim of making it inoperative. Indeed, once it has been affected by a denial of service attack, it will no longer be capable of providing its call management service. TYPES OF ATTACKS There are two distinct attack families: Protocol attacks based on protocol vulnerabilities or message eavesdropping Application attacks that exploit vulnerabilities arising from applications Some attacks combine vulnerabilities from both families. For example, a crafted protocol message may convey a buffer overflow attack. Protocol attacks allow, for example, carrying out denial of service attacks or undermining the confidentiality of exchanges. Threats from identity spoofing are generally associated with hijacking attacks. Registration hijacking on SIP is a useful example for illustrating this type of attack. The aim of it is to use hijacked data in order to modify the registration data of a valid user. This involves associating the registered telephone ID with a new IP address the attacker s. 8

9 The list below describes how this attack is launched: 1. Disabling the registration of the valid user by performing one of the following operations: Executing a denial of service on the user s device Un-registering the user with another attack type. Generating a registration race during which the attacker would send several registration requests with the aim of taking over the legitimate user s place. 2. Sending out an SIP registration request (REGISTER) by indicating the attacker s IP address in the contact field. This request hijacking attack is possible for two reasons: 1) SIP signaling messages are sent in plaintext, thereby enabling an attacker to retrieve them in order to modify and replay them. 2) The implementation of the protocol does not provide a mechanism for checking message integrity. Please visit for more information on this type of attack. Application attacks consist of exploiting inherent software flaws. Most of them are based on the management of messages by applications and which result in buffer overflows. Buffer overflow attacks consist of transmitting a wrong or oversized data packet. There are several application flaws that have been linked to buffer overflows: Anomalies in the management of wrong data (crafted packet). The application does not recognize the data, and therefore sets off a system anomaly. Allocation of too much of a memory zone, causing a system crash. Delisting of a program counter to a value of NULL, causing a system crash Data transmission outside the allocated memory zone. The application copies received data in a memory zone which is not large enough. The excess data becomes an attack vector and may end up being used for the remote execution of code. There are 5 distinct types of results from the exploit: Reboot of the system which can be classified as a denial of service (CVE ) Crash of the system which can be classified as a denial of service (CVE , CVE et CVE ) Remote execution of code (CVE ) Retrieval of sensitive data such as the database of registered users (CVE ) Retrieval of privileges on the system (CVE ) 9

10 Vulnerabilities on protocol messages are vectors for buffer overflow attacks. The table below sets out examples of attacks that exploit them: Exploited message Description Result CVE identifier Flooding of NOTIFY messages that indicate the SIP-NOTIFY presence of a voice message which may lead to flooding of the server after being checked too many Denial of service CAN CAN times. Sequence of INVITE message transactions with SIP-INVITE missing username values in the Request-URI Denial of service CVE field. Series of SIP messages causing the terminal to SIP-INVITE reboot following an anomaly in the SIP stack status Reboot CVE host. DNS- Response A crafted DNS response indicates poor management of this message on SIP and SCCP terminals. Execution of code CVE A crafted challenge/response message may infect SIP-Challenge / Response terminals that have already been registered or which attempt to register. This attack requires either a check of the SIP proxy or a man-in-the- Execution of code CVE middle. SIP-MIME type An SIP message with crafted MIME data indicates an anomaly in the management of encoding MIME data. Execution of code CVE ICMP-echo request Sends a large ICMP-echo request message affecting SCCP terminals. Reboot CVE HTTP request Sends a crafted HTTP request message affecting SCCP terminals. Reboot CVE SIP- INVITE / SUBSCRIBE / REGISTER Sends several INVITE, SUBSCRIBE or REGISTER messages with different user name fields, which allow finding out which users have been registered, based on the response Sensitive information CVE

11 SQL injection attacks are more generally linked to web servers and HTTP. Even though the principle of sending SQL commands is the same, the attack vector in the case of SIP relies on the exploitation of the message headers. The main vulnerability comes from the fact that SIP message headers contain text-based information. The example below sets out the structure of the header of an SIP-INVITE message: INVITE SIP/2.0 To: Brown Alice From: Smith Bob CSeq: 2 INVITE Authorization: Digest username="bob", realm=" ", algorithm="md5", uri="sip: ", nonce="41352a56632c7b3d382b39e0179ca5f98b9fa03b", response="a6466dce70e7b098d cd57" Contact: <SIP: :9384>;> Content-Type: application/sdp SQL injection attacks can be launched using SIP messages that require authentication INVITE, SUBSCRIBE or REGISTER. Indeed, when sending out such a message, the sender will calculate the value of the Authorization field based on the user s registration information (identifier username and password). Upon receiving the message, the proxy or the SIP server will extract these data and execute a SQL query on the table of registered users. As such, the server will retrieve the data that corresponds to the user s information. Based on the previous example, it will then generate the following SQL query: Select password from subscriber where username= bob and realm= If a malicious SQL command is added either in the username section or the realm section of the Authorization field, the proxy or the SIP server will include this command in the SQL query sent to the database. In the example below: INVITE sip:robert@dummy.com SIP/2.0 To: Brown Alice <alice@dummy.com> From: Smith Bob <sip:bob@dummy.com>;tag=76341 CSeq: 2 INVITE Authorization: Digest username="bob", realm=" "; drop table subscriber, algorithm="md5", uri="sip: ", nonce="41352a56632c7b3d382b39e0179ca5f98b9fa03b", response="a6466dce70e7b098d cd57" Contact: <SIP: :9384>;> Content-Type: application/sdp The proxy or SIP server will generate the following SQL query: Select password from subscriber where username= bob and realm= ; Drop table subscriber Although this example is somewhat excessive, it will result in the deletion of all registered users. Please visit for more information on SQL injection attacks. 11

12 WP VoIP Security: Security of a VoIP system SECURITY OF A VOIP SYSTEM Managing the security of an IP telephony system requires the setup of specific actions that would allow having a secure and operational telephone system from one end to the other. Therefore, apart from deploying procedures and/or solutions against the vulnerabilities of and threats to an IP telephony system, security management will also take into account the telephone system s availability and quality of service. Firstly, setting up actions for securing an IP telephony system requires the use of good networking practices, such as partitioning and the management of quality of service. Next, these actions may be followed by the deployment of intrusion prevention and vulnerability management solutions in order to further enhance the level of security. NETWORK PARTITIONING The principle of partitioning a network consists of fragmenting an infrastructure into sub-networks, each being in charge of a department in the information system. Partitioning enables the restriction of access between these departments, and as such, makes it possible to contain a threat within a sub-network so that it does not spread throughout the whole infrastructure. Network partitioning must also include internet access, thus restricting external access to devices on the information system. A unified communication system requires the setup of communications between sub-networks. A firewall will therefore be configured in order to allow only traffic necessary for the unified communication system. So in the case of a compromised sub-network, the firewall will reject dangerous traffic, thereby preventing the spread of the threat. Advanced firewall features provided on certain appliances such as VLAN management or the transparent network mode, allow very flexible configurations and curb the risk of deployment on operational application traffic. When VLANs are used, access to listening on telephone terminals becomes more difficult and therefore lowers the risk of eavesdropping. The new generation of security appliances, known as application firewalls, provide dedicated Voice over IP features. These appliances are able to treat both types of traffic relating to Voice over IP: control traffic and telephone communication traffic (data). Therefore, depending on the data transported over the control channel, they will automatically configure in real time the communication ports used for transporting voice. Furthermore, the research efforts made by the vendors of these new-generation appliances will allow other security solutions to be added for Voice over IP systems. 12

13 INTRUSION PREVENTION Intrusion prevention requires the deployment of a security appliance, which may be a dedicated solution or built into a multi-function firewall. Two types of analyses have been identified for intrusion prevention systems: Signature analysis, enabling the identification of a threat and the rejection of the malicious message Protocol and behavioral analysis, enabling the detection of abnormal behavior during the exchange of messages Signature analysis allows detecting viruses, worms or even SQL injection attacks. This analysis method requires the update of the signature database and therefore needs constant attention in order to counter new attacks and their variants. Some intrusion prevention systems offer generic signatures that detect all attacks of the same type. For example, with a single signature, an intrusion prevention system may detect several types of SQL injection attacks. For this, the system has to be very resistant to false alerts, which is why many solutions set up one signature per attack, making the telephony system vulnerable as long as the protection signature is missing. Behavioral protocol analysis consists of finely analyzing protocol messages and identifying abnormal behavior. This type of analysis allows in particular, protecting an IP telephony system from attacks linked to challenge/response messages with SIP, to the analysis of DNS responses and to crafted ICMP and HTTP messages. PERFORMANCE AND SECURITY The performance of an IP telephony system takes on full importance with regards to the real-time data transported. Apart from the availability of the system as a whole, latency and network jitter are two parameters that could lead to distortions in telephone conversations. These parameters may be amplified by the presence of security equipment. Quality of Service (QoS) parameters allow controlling the impact on the IP telephony system in terms of availability and service provided. The setup of prioritized traffic through QoS parameters makes it possible to guarantee fluid communication even when the network is saturated. These parameters can be spread in the headers of messages exchanged by the IP telephony systems in order to ensure a quality of service from one end to the other. The impact of security on the system s performance can be measured by 2 main criteria: The speed with which communications are established The fluidity of voice exchanges A multi-function protection appliance is necessary for an IP telephony system and must offer in particular features for sharing and configuring quality of service. The matter of the speed of treatment is directly related to the hardware and software architecture of the firewall. Taking into account QoS parameters in a multi-function firewall allows scheduling filter and intrusion prevention treatments. Real-time traffic can therefore be analyzed and treated as a priority. 13

14 The typical selection criteria for choosing such devices (outgoing throughput and simultaneous connections) are not enough. Indeed, these criteria are generally measured on test benches that do not at all reflect the reality of an IP telephony system. As data on such traffic is not available, it is recommended that these devices be tested under actual conditions. However, it is possible to rely on the characteristics of the protection device with its security functions enabled. RISK AND VULNERABILITY MANAGEMENT The management of application vulnerabilities requires the setup of an adequate procedure. Indeed, a vulnerability audit at any given moment will list the vulnerability appliances and possibly the bug fixes to be applied. Only these appliances will be vulnerable to other threats in the future and setting up a procedure will allow tracking vulnerabilities over time. Several solutions allow detecting vulnerabilities on an information system and measuring the associated level of risk. Two types of solutions have been identified: Active scanners, which gather information by connecting to the appliances to be tested and keep this information. They therefore need to schedule the collection of data and do not allow efficient management of client workstations. The generated traffic can also affect server resources. Passive scanners, which offer the advantage of gathering information in real time on any type of appliance that generates traffic, with no risk whatsoever to server resources. On the other hand, it can only detect active appliances and some of these products do not memorize information, settling only for one-at-a-time detection. An IP telephony system is sensitive at several levels fluid communication, availability and vulnerability management. The setup of a vulnerability detection solution has to guarantee that the infrastructure is free from disruptions. In order to do so, the system administrator has to monitor vendor websites to stay informed of available updates. He may also use a solution that automates the vulnerability search by relying on the traffic of active appliances. NETASQ s APPROACH With more than 50,000 products sold worldwide to date via a distribution channel of more than 300 partners spread out in more than 30 countries, NETASQ has made a name for itself as a major player in the information security field. NETASQ solutions efficiently meet the needs that enterprises have for a unified form of protection from network threats and spam. Application firewalls, NETASQ s unified protection solutions, offer advanced features that efficiently address the security issues of an IP telephony system. In terms of network partitioning, the transparent network mode, VLAN management and application filtering make it possible to more accurately meet the security needs of a Voice over IP system. Multi-function appliances restrict the internal spread of a possible threat and reduce the risk of eavesdropping. NETASQ s intrusion prevention system, available on all its unified protection appliances, is one of the most powerful on the market. It combines protocol and behavioral analyses with zero-day protection which in particular integrates several preventive signature databases. As such, NETASQ s intrusion 14

15 prevention engine ensures optimum protection from known threats as well as those to foresee from an IP telephony system by countering the vulnerabilities on challenge/response messages, DNS queries or even SQL injections. The impact of security solutions on the performance of an information system is a constant subject of NETASQ s research ever since its creation. This is why the intrusion prevention engine is enabled in its factory configuration. Lastly, the management and configuration of quality of service parameters provide a response to the problems posed by latency and network jitter. The vulnerability detection service offered on NETASQ s unified protection solutions combines the advantages of the active scanner with that of the passive scanner. Built on an innovative and patented engine, it also benefits from the synergies with the intrusion prevention engine for detecting vulnerabilities present on all the active components of an information system. The use of specific reports, the ease with which vulnerable appliances are detected and the suggestion of fixes enable the setup of an effective procedure for managing the risk level of the vulnerabilities on an IP telephony system. Learn more: 15