Voice over IP Security

Transcription

1 Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana USA

2 vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with VoIP 5 VoIP Benefits 6 VoIP Disadvantages 8 Sources of Vulnerability 10 IP-Based Network Infrastructure 10 Open or Public Networks 11 Open VoIP Protocol 11 Exposed Interface 11 Real-Time Communications 11 Mobility 11 Lack of Security Features and Devices 11 Voice and Data Integration 12 Vulnerable Components 12 Myths Versus Reality 14 Legacy Versus VoIP Systems 14 Protecting Networks Using Strict Authentication and Encryption 14 Protecting Networks Using a Data Security Infrastructure 15 Summary 15 End Notes 16 References 16 Chapter 2 VoIP Threat Taxonomy 19 Threats Against Availability 20 Call Flooding 20 Malformed Messages (Protocol Fuzzing) 22 Spoofed Messages 24 Call Teardown 25 Toll Fraud 26 Call Hijacking 26 Registration Hijacking 27 Media Session Hijacking 27 Server Impersonating 28 QoS Abuse 29

3 VIII Threats Against Confidentiality 30 Eavesdropping Media 30 Call Pattern Tracking 32 Data Mining 33 Reconstruction 34 Threats Against Integrity 34 Message Alteration 35 Call Rerouting 35 Call Black Holing 36 Media Alteration 37 Media Injection 37 Media Degrading 38 Threats Against Social Context 38 Misrepresentation 39 Call Spam (SPIT) 39 IM Spam (SPIM) 40 Presence Spam (SPPP) 41 Phishing 42 Summary 43 End Notes 44 References 44 Chapter 3 Security Profiles in VoIP Protocols 47 H Overview 48 Components 49 Basic Call Flow 50 Security Profiles 52 H.235 Annex D (Baseline Security) 54 H.235 Annex E (Signature Security) 55 H.235 Annex F (Hybrid Security) 56 SIP 57 Overview 58 Components 58 Basic Call Flow 60 Session Setup Example 61

4 ix Security Profiles 67 Digest Authentication 68 Identity Authentication 69 Secure/Multipurpose Internet Mail Extensions (S/MIME) 70 Secure RTP 71 TLS 71 IPSec 73 MGCP 74 Overview 74 Basic Call Flow 75 Security Profiles 75 Summary 78 End Notes 79 References 80 Chapter 4 Cryptography 83 Symmetric (Private) Key Cryptography 84 DES 85 3DES 87 AES 89 SubBytes 89 ShiftRows 90 MixColumns 91 AddRoundKey 92 Asymmetric (Public) Key Cryptography 92 RSA 93 Digital Signature 95 Hashing 96 Hash Function (MD5) 97 SHA 98 Message Authentication Code 99 MAC Versus Digital Signature 100 Key Management 100 Key Distribution 101 Summary 103 End Notes 104 References 104

5 X Chapters VoIP Network Elements 107 Security Devices 108 VoIP-Aware Firewall 108 NAT 109 Session Border Controller 113 Lawful Interception Server 114 Service Devices 116 Customer Premise Equipment 116 Call Processing Servers 117 PAP Versus CHAP 119 RADIUS Versus TACACS+ 120 Summary 120 End Notes 121 References 122 Part II VoIP Security Best Practices 125 Chapter 6 Analysis and Simulation of Current Threats 127 Denial of Service 128 Intentional Flooding 129 Simulation 129 Analysis 135 Mitigation 137 Unintentional Flooding 138 Analysis 139 Mitigation 141 Malformed Messages 143 Simulation 144 Analysis 150 Mitigation 154 Sniffing/Eavesdropping 154 Simulation 154 Analysis 158 Mitigation 161 Spoofing/Identity Theft 162 Simulation 162 Prespoofing Scan 162 Identity Theft 163 Analysis 164 Mitigation 165

6 xi VoIP Spam 165 Voice Spam 165 IM Spam 167 Presence Spam 167 Mitigation 168 Content Filtering 168 Turing Test 168 Reputation System 169 Address Obfuscation 170 Limited-Use Address 171 Consent-Based Black/White List 171 Summary 172 End Notes 173 References 173 Chapter 7 Protection with VoIP Protocol 175 Authentication 175 User-to-Proxy Authentication 176 User-to-User Authentication 179 Encryption 182 Message Encryption (S/MIME) 183 S/MIME Certificates 184 S/MIME Key Exchange 185 Formatting S/MIME Bodies 186 Media Encryption 188 Key Derivation 188 SRTP Packet Processing 190 SRTPTest 191 Transport and Network Layer Security 193 Transport Layer Security 194 IPSec (Tunneling) 195 Threat Model and Prevention 195 Registration Hijacking 195 Impersonating a Server 196 Tearing Down Sessions 196 Denial-of-Service and Amplification 197 Limitations 198 Digest Authentication Limitations 198 S/MIME Limitations 198 TLS Limitations 199 SIPS URI Limitations 199

7 XII Summary 200 End Notes 200 References 201 Chapter 8 Protection with Session Border Controller 203 Border Issues 204 Between Access and Core Networks 206 Between Core and Peer Networks 207 Access and Peer SBCs 208 SBC Functionality 208 Network Topology Hiding 208 Example of Topology Hiding 209 DoS Protection 213 Policy-Driven Access Control 213 Hardware Architecture 215 Overload Prevention 216 Registration Timer Control 217 Ping Control 220 Load Balancing 220 NAT Traversal 222 Lawful Interception 224 Other Functions 226 Protocol Conversion 226 Transcoding 226 Number Translation 227 QoS Marking 228 Service Architecture Design 228 High Availability 229 Active-Standby 230 Active-Active 231 Network Connectivity 232 Service Policy Analysis 234 Virtualization 237 Optimization of Traffic Flow 239 Deployment Location 239 Media Control 240 Summary 245 End Notes 246 References 246

8 Protection with Enterprise Network Devices 249 Firewall 249 ASA and PIX Firewalls 251 Routed Mode 251 Transparent Mode 252 TLS Proxy Feature 253 Configuration Example 254 FWSM Firewall 256 Routed Mode 256 Transparent Mode 256 Configuration Example 257 Limitations 258 Unified Communications Manager Express 259 Access Control 259 Phone Registration Control 261 Secure GUI Management 263 Class of Restriction 264 After-Hours Call Blocking 266 Unified Communications Manager 267 Security Features and Certificates 267 Integrity and Authentication 269 Image Authentication 270 Device Authentication 270 File Authentication 270 Signaling Authentication 271 Digest Authentication 271 Authorization 272 Encryption 273 Signaling Encryption 273 Media Encryption 274 Configuration File Encryption 275 Configuration Guideline 275 Access Devices 277 IP Phone 278 Switch 278 Mitigate MAC CAM Flooding 278 Prevent Port Access 279 Prevent Network Extensions 280 Prevent Fraudulent DHCP Server 280 Mitigate DHCP DoS Attacks 281 Limit ARP Responses 282

9 xiv VLAN ACL 282 Deployment Example 284 Summary 286 End Notes 287 References 287 Part III Lawful Interception (CALEA) 289 Chapter 10 Lawful Interception Fundamentals 291 Definition and Background 292 Requirements from Law Enforcement Agents 293 Reference Model from an Architectural Perspective 294 AF (Access Function) 295 DF (Delivery Function) 295 CF (Collection Function) 296 SPAF (Service Provider Administration Function) 297 LEAF (Law Enforcement Administration Function) 297 Request and Response Interfaces 297 Operational Considerations 300 Detection by the Target Subscriber 300 Address Information for Call Content Interception 301 Content Encryption 302 Unauthorized Creation and Detection 303 Call Forwarding or Transfer 303 Capacity 304 Summary 304 End Notes 305 Chapter 11 Lawful Interception Implementation 307 Intercept Request Interface 308 SIP P-DCS Header 309 Intercept Process Flow for Outbound Call 310 Intercept Process Flow for Inbound Call 311 Cisco Sil 313 Device Interfaces 314 Intercept Process Flow for Standard Call 316 Intercept Process Flow for Forwarding Call 319 Intercept Process Flow for Conference Call 322 Predesign Considerations 325 Security Considerations 326 Configuration Example 327

10 XV Index 345 Call Data and Content Connection Interfaces 329 Call Content Connection Interface 330 Call Data Connection Interface 333 CDC Messages 333 Interface Between MD and LEA 339 Summary 341 End Notes 342 References 342