copyright security-assessment.com 2005 voip 2 is free too expensive? by darren bilby and nick von...
TRANSCRIPT
Copyright Security-Assessment.com 2005
VoIP 2
Is free too Expensive?
by Darren Bilby and Nick von Dadelszen
Copyright Security-Assessment.com 2005
Different Types of VoIP• There are many different implementations of IP
telephony:
– Skype– MSN– Firefly– Cisco Office– Asterix
Copyright Security-Assessment.com 2005
VoIP Technology• Each type of VoIP uses different technology:
– Skype – Proprietary– MSN – SIP– Firefly – IAX– Cisco – H.323, Skinny– Asterix – SIP, IAX2– Others – MGCP
• Most of these do not have security built-in so rely on network controls
Copyright Security-Assessment.com 2005
Attacks Against VoIP
• Multiple attack avenues:
– Standard traffic capture attacks– Traffic manipulation– Dynamic configuration attacks– Phone-based vulnerabilities– Management interface attacks
Copyright Security-Assessment.com 2005
Consequences of Attacks
• Eavesdropping and recording phone calls• Active modification of phone calls• Call Tracking• Crashing phones• Denying phone service – Slammer?• VoIP Spamming• Free calls• Spoofing caller ID
Copyright Security-Assessment.com 2005
Capturing VoIP Data
• Ethereal has built-in support for some VoIP protocols
• Has the ability to capture VoIP traffic• Can dump some forms of VoIP traffic directly to
WAV files.• Point and click hacking!
Copyright Security-Assessment.com 2005
VoIP Security Solutions• You must protect the network traffic
– Separate data and voice traffic – VLANs– Ensure IPSEC or other VPN technology used over WAN
links– IDS monitoring on the network – ARP inspection– Host Security– VOIP enabled firewalls– Excellent guidelines in Cisco SAFE documentation
• Or wait for more secure protocols
Copyright Security-Assessment.com 2005
Skype – What Is It?
• Proprietary VOIP system for calls over the Internet• Free and simple to use• Developed by the creators of KaZaA• Relies on P2P technology• Over 29 million users worldwide• Allows connections to regular phones through
SkypeOut
Copyright Security-Assessment.com 2005
Skype Connection Details
• Listens on a random port, 80 and 443• Connects to known Supernodes stored in the
registry• Must establish connection with login server to
authenticate• NAT and Firewall traversal• Any Skype client with an Internet IP address and
suitable bandwith/CPU may become a Supernode
Copyright Security-Assessment.com 2005
Skype Architecture
Ref: "An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol“Salman A. Baset and Henning Schulzrinne
Copyright Security-Assessment.com 2005
Skype Call Security
• Skype claims to encrypt all voice traffic with 128-bit or better encryption
• The encryption implementation used is proprietary and closed-source
• It is unknown whether the Skype organisation has the ability to decrypt all voice traffic
Copyright Security-Assessment.com 2005
Other Skype Security Concerns
• Same developers as KaZaA, known for spyware• Cannot stop client becoming a Supernode• Client allows file transfer, even through firewalls,
an access path for malicious code, information leakage
• Login server reliance
Copyright Security-Assessment.com 2005
Should You Use Skype?
• If you can answer yes to four questions:
– Are you willing to circumvent the perimeter controls of your network?
– Do you trust the Skype developers to implement security correctly (being closed-source)?
– Do you trust the ethics of the Skype developers?
– Can you tolerate the Skype network being unavailable?
Copyright Security-Assessment.com 2005
Other VoIP Issues – Commercial Caller ID Spoofing
• Multiple companies are now offering caller ID spoofing:
- CovertCall - PI Phone- Star38 - Us Tracers- Camophone - Telespoof
• Makes Social Engineering a lot easier• Many systems authenticate on CID
Copyright Security-Assessment.com 2005
Other VoIP Issues – New Attack Tools
• New tools make finding vulnerabilities easier
– SIP Bomber– PROTOS Test-Suite– SiVuS