Threat Mitigation for VoIP



Similar documents
Best Practices for Securing IP Telephony

Securing SIP Trunks APPLICATION NOTE.

Session Border Controllers in Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise

Recommended IP Telephony Architecture

VOICE OVER IP SECURITY

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP and Firewalls

Voice over IP Security

Multi-layered Security Solutions for VoIP Protection

An outline of the security threats that face SIP based VoIP and other real-time applications

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

2010 White Paper Series. Top Ten Security Issues Voice over IP (VoIP)

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

SIP Trunking Configuration with

Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud Supervisor: Prof.Dr. Shawkat K.Guirguis

VOIP Security Essentials. Jeff Waldron

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

Basic Vulnerability Issues for SIP Security

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

Security and Risk Analysis of VoIP Networks

VOIP TELEPHONY: CURRENT SECURITY ISSUES

VoIP Security regarding the Open Source Software Asterisk

SIP Trunking The Provider s Perspective

Business Phone Security. Threats to VoIP and What to do about Them

Voice over IP (VoIP) Vulnerabilities

Oracle s Unified Communications Infrastructure Solution. Delivering Secure, Reliable, and Scalable Unified Communications Services

VoIP / SIP Planning and Disclosure

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

How To Support An Ip Trunking Service

PETER CUTLER SCOTT PAGE. November 15, 2011

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

Challenges and opportunities for Open Source solutions

Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2

Strategies to Keep Your VoIP Network Secure

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

VoIP Security. Customer Best Practices Guide. August IntelePeer

SangomaSBCs Keeping Your VoIP Network Secure. Simon Horton Sangoma

Intrusion Prevention: The Future of VoIP Security

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011

Security & Reliability in VoIP Solution

VoIP Security: How Secure is Your IP Phone?

Recommendations for secure deployment of an IP-PBX

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

Oracle Enterprise Communications Solutions for Microsoft Lync. Migrate seamlessly to Microsoft Lync while reducing cost and complexity

VoIP Time to Make the Call? Abstract

VoIP Trunking with Session Border Controllers

TLS and SRTP for Skype Connect. Technical Datasheet

Securing Unified Communications for Healthcare

Key Elements of a Successful SIP Device Provisioning System

Just as the ecommerce companies have

VOIP SECURITY ISSUES AND RECOMMENDATIONS

Technology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

Session Control Applications for Enterprises

SIP Trunking with Microsoft Office Communication Server 2007 R2

SIP SECURITY JULY 2014

TECHNICAL CHALLENGES OF VoIP BYPASS

SBC WHITE PAPER. The Critical Component

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Securing Converged Networks

VoIP Security. Threats and Countermeasures. Eric Chen NTT Information Sharing Platform Laboratories & VOIPSA Technical Board of Advisors

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Oracle Enterprise Communications Solutions for Microsoft Lync. Migrate seamlessly to Microsoft Lync while reducing cost and complexity

Villains and Voice Over IP

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Presenter. Zane Ryan. Director Dot Force

Chapter 9 Firewalls and Intrusion Prevention Systems

CE Advanced Network Security VoIP Security

Securing the Small Business Network. Keeping up with the changing threat landscape

Industrial Firewalls Endpoint Security

OpenScape UC Firewall and OpenScape Session Border Controller

DEPLOYING VoIP SECURELY

Avaya SBCE 6.3 Security Configuration and Best

BITEK INTERNATIONAL INC PRESENTS: MANAGING VOIP

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Cisco Advanced Services for Network Security

Transcription:

Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006

Overview Basics VoIP Security Impact Examples of real vulnerabilities VoIP Security Functional areas Why Threat Mitigation? Components Additional Considerations Further work

VoIP Security is Different IP VoIP Services Business Communications Enabling Applications Network Protocols Network Infrastructure PSTN Networks Wireless Networks VoIP spans: Business-critical operational boundaries IP network infrastructure Converged-network boundaries VoIP is a real-time, mission-critical service: Requires high reliability Extremely sensitive to delay, packet loss and jitter that can be caused by worms, viruses and DoS attacks Voice-specific malicious activities can threaten the viability of VoIP services: Toll fraud, service theft Voice spam (SPIT) Identity theft VoIP presents new vectors of attack: Hundreds of VoIP application-specific features and options can be attacked and exploited New protocols (SIP, H.323, Skinny, Unistim, RTP, RTCP) create new ways for intruders to attack VoIP services and infrastructure Open network boundaries present challenges to security infrastructure: VoIP interaction with PSTN networks (e.g. SIP SS7 Wireless VoIP

Impact of VoIP Security Attacks Service Providers Worms and virus attacks causing service disruption resulting in SLAs not being met For service providers providing public services such E-911, even the smallest disruption could have significant or even catastrophic consequences Enterprises Attacks on VoIP equipment result in multi hour or day outages, call centers shut down, quality of customer service impacted Leakage of sensitive corporate information through eavesdropping, resulting in loss of revenue Government Intercept or masquerading resulting in third parties gaining access to information related to national security, citizen s private information, etc. Consumers Eavesdropping attacks resulting in identity theft, scams, etc. Service outages resulting in no 911 services, no access to critical services

Example of Vulnerabilities Vendor A VoIP implementation: Vulnerability 0032 - by sending a crafted phone registration packet, PBX will reset a phone Vulnerability 0033 - in certain modes, PBX will allow a user to get the username/password belonging to other users Vulnerability 0038 - In certain modes, some information and firmware can be easily downloaded from PBX due to the fact that the IIS VD is unprotected. Vendor B VoIP implementation: Vulnerability 01000 - PBX crashes during UDP port scan. Vulnerability 01001 - sending a crafted message with duplicated IP address to PBX will reset IP phone Vulnerability 01002 - sending a crafted message with duplicated MAC address to PBX will reset IP phone Vulnerability 01003 - sending a crafted UDP payload message will reset PBX SIP Vulnerability 05000 sending crafted SIP packet to SIP/PSTN gateway resets the device

Documented VoIP Outages Newsfactor Network A major consumer product company deployed 1,000 VoIP endpoints over an 18-month time period. The company was plagued by problems related to the firewall and patches resulting in a number of QoS issues, as well as outages. A farm equipment manufacturer left live jacks which were then internally hacked. The result was a multi-hour outage disrupting data and voice services. Merrill Lynch Todd Goodyear, VP and manager of voice product development at Merrill Lynch & Co., said his VoIP network was taken down by a worm. Brokers were unable to place or receive calls for several hours. Service Provider Outages Wanadoo (Feb 2006):The UK s largest VoIP provider suffered an outage leaving calls from landlines or mobiles being unable to connect to Wanadoo's internet telephony service British Telecom (Jan 2006): BT Group admitted on Friday that its Broadband Voice service crashed this week, leaving thousands of customers without their Internet telephony connections. Vonage (August 2005): Users had a dial tone, but could not make calls. Source: www.voipsa.org and http://voip-outage.blogspot.com

Where Does Threat Mitigation Fit In? VoIP requires a comprehensive approach to security protection, prevention and mitigation Prevention Identify and fix threats before they can become an issue VA for VoIP enables the assessment of VoIP equipment and applications prior, during and following deployment Works at the systems level to identify vulnerabilities across the entire VoIP network Protection Ongoing protection of VoIP services from security threats during their life cycle Must be VoIP aware so they do not impact VoIP service quality and reliability. Multi-layer security infrastructure that provides both perimeter as well as internal network protection. Consists of a number of security devices and host-based applications Session Border Controllers (SBCs), VoIPspecific IPS and IDS, AAA servers, encryption engines Must be coordinated via a higher level application to provide service providers with a unified view of entire VoIP system Mitigation Keeps VoIP services running in the presence of security threats already developing on the VoIP infrastructure

Why Threat Mitigation? Prevention and Protection are not enough we have to consider the situations where the threat bypassed existing security infrastructure and is impacting VoIP Currently, a combination of human intervention and security management tools are being used to mitigate the impact of data security attacks. In many cases the downtime is measured in hour or days what about 5 minutes downtime a year? VoIP is the first of the many new services that will force us to implement near real-time mitigation systems

Elements of VoIP Threat Mitigation System VoIP threat mitigation involves three core elements: Detection Threat must be identified as soon as possible using signature independent approaches such as anomaly based detection. False/positive ratio is a problem here. Correlation: Once the threat is detected, it must then be correlated to known information on that device(s) such as known vulnerabilities, topology, additional information from the security infrastructure such as IPS, Firewall, SBC, etc. Near real-time requirements and extremely low false/positive ratios are needed VoIP specific rules and knowledge base Response: Automated approach is the only options Policy driven The system must then respond in near real-time

Additional Considerations VoIP Application Layer (Call Manager, Call Center ) VoIP Protocol Layer Singling Protocols (SIP, H323, SS7 ) Transport Protocols (RTP, UDP, ) VoIP Supporting Services Layer (DNS, NAT, QoS, AAA ) OS and Network Layer (Linux, Unix, Windows, ARP, MAC, IP ) Hardware Layer (Server, IP Phone, PDA, Server, Intel, Motorola, ) End-to-end, layered view of VoIP networks is required to address the entire VoIP network including the OS, protocols, etc.

Conclusions and Further Work VoIP reliability requirements very demanding Near real-time, automated mitigation system needed Minimize false/positive ratios Near-real time correlation is difficult Automated response is a new concept

Conclusion Questions? Thank you Contact: bmaterna@voipshield.com 1 613 224 4443 www.voipshield.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information