security in voip
TRANSCRIPT
![Page 1: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/1.jpg)
VoIP Security(Voice over Internet Protocol)
Brian Martin
Matt Protacio
February 28, 2007
![Page 2: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/2.jpg)
History of VoIP
• First “internet phone” service offered in 1995 by a company called Vocaltec– Most people didn’t yet have broadband, and
most soundcards were half duplex.
• First PC to phone service in 1998, followed by phone to phone service. Cisco, Nortel, and Lucent develop hardware VOIP switches (gateways).
• VOIP traffic exceeded 3% of voice traffic by 2000
![Page 3: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/3.jpg)
History of VoIP (Continued)
• Around 2004 began mass marketing for “digital phone” service bundled with broadband arranged so calls would be received over regular phones.
• “Digital phone” services use an adaptor from the modem to a phone jack so there is almost no difference between that and regular phone service. Other services use software clients requiring a computer with a microphone.
![Page 4: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/4.jpg)
VoIP vs. Old Phones
• Benefits:– More efficient bandwidth usage
– Only one type of network required, data abstraction in the network
• Criticisms:– 911 localization doesn’t always work
– Phones aren’t useable in a power outage, unless UPS are deployed
– Fax machines might not work
![Page 5: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/5.jpg)
Common VoIP Security Threats
• VoIP Security Alliance, founded in 2005– Threat Taxonomy– Forums, Articles
• Caller misrepresentation, caller id spoofing
• Unwanted calls, spam or stalking
![Page 6: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/6.jpg)
Common VoIP Security Threats (Continued)
• Traffic Capture• Eavesdropping• Interception• Alteration (conversion quality, content)• Black holing• Call Hijacking
– SIP (Session Initiation Protocol) register hijacking
• DoS
![Page 7: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/7.jpg)
SIP registration hijacking with SiVuS and a botnet
• SIP– Session Initiation Protocol– Application layer control protocol for
initiating VOIP sessions– Control messages were not encrypted and
had no mechanism to verify integrity• So even if registration requires authentication, it
can be sniffed easily
![Page 8: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/8.jpg)
The basic attack plan
• Both Callers must register with a registrar server before a call may be initiated– DoS the receiver with zombie minions– Deregister him with the registrar– Falsify his registration with SiVuS– Anyone planning to call him will not know and you
can try to claim you are the legitimate call receiver.– Chances are the intended call receiver will not
notice either
![Page 9: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/9.jpg)
![Page 10: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/10.jpg)
![Page 11: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/11.jpg)
![Page 12: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/12.jpg)
Good Ideas
• If using SIP use TLS– Transport Layer Security (encryption, basically)– The text based messages of SIP are considered a feature though
• If only VoIP appliances are connected to the the network, then no PCs are available to launch attacks from.
• Segregate data and voice to their own Virtual Lans (VLANs)
• Encrypt!!!– Prevents voice injections and casual eavesdropping
• Redundant network to deal with DoS.• Secure IP-PBX and gateway boxes
![Page 13: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/13.jpg)
VoIP Popularity
• “VoIP use has more than doubled in the past year, according to Telegeography Research, and experts expect the growth to continue.”– New York Daily News, Februray 26, 2007
![Page 14: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/14.jpg)
Popular VoIP Services
• Enterprise– Cisco CallManager
• Home – Vonage– Skype– Cable Companies (Time Warner, Insight,
Comcast, etc.)
![Page 15: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/15.jpg)
Cisco CallManager
• Enterprise VoIP Product
• Marketed towards companies and organizations looking to replace legacy PBX (Private Business Exchange) systems or install a new IP telephony based system
![Page 16: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/16.jpg)
Cisco CallManager System Design
• Phones– Deskphones, model 7960
• Ethernet, PoE (Power over Ethernet)
– Software Phone• IP Communicator• Popular for using across a
VPN
![Page 17: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/17.jpg)
Software Phone: IP Communicator
![Page 18: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/18.jpg)
Cisco CallManager System Design (continued)
• Servers– CallManager Subscribers and Publishers
• Windows or Linux Servers running Cisco Software
• Process all calls• Interface with existing PBX systems
![Page 19: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/19.jpg)
CallManager Security
• Multiple VLANs– Separate VLANs for Voice and Data– Higher Security by isolating voice on
separate VLAN
• Primary Protocols– SIP– H.323
![Page 20: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/20.jpg)
H.323 Attack
• Attacker can exploit the open standard protocol to establish malicious phone calls
• Microsoft Netmeeting can be used to initiate an H.323 Phone Call
• Malicous phone calls can be established to make international calls
• Threat can be eliminated by not allowing international dialing on lines from telephone company
![Page 21: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/21.jpg)
IP Phone Tap
• Capture IP packets from Phone– Use Ethereal network sniffer
• Extract audio from packets
• Export audio file of phone call
![Page 22: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/22.jpg)
![Page 23: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/23.jpg)
![Page 24: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/24.jpg)
![Page 25: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/25.jpg)
![Page 26: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/26.jpg)
![Page 27: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/27.jpg)
Prevent Phone Tapping
• Encrypt voice traffic
• Prevent attacker from capturing traffic out of a phone– Lock down access to network switch phone
is connected to
![Page 28: Security in VoIP](https://reader035.vdocument.in/reader035/viewer/2022062300/555bd964d8b42ae4478b556e/html5/thumbnails/28.jpg)
Conclusion
• VoIP is established as the future of telephones
• Security is critical when designing and maintaining VoIP systems
Questions?