Home >  Articles > Finding a secure voice over the net

•  
•  
•  
•  

The increasing uptake of VoIP has uncovered security risks that need to be taken into account when considering implementation. Alan Harstein reports on these vulnerabilities and how to plug the gaps.

The ability to make phone calls over the internet using voice over internet protocol (VoIP) technology, where traditional public switched telephone networks (PSTN) are merged with IP and wireless systems, has opened up a huge range of possibilities for end users. Not only are vastly cheaper phone calls, both local and international, now possible, but there is also the potential to save vast amounts in network support and administration. Add the possibilities for merging all voice, video and data over the one central network architecture and the possibilities for productivity improvements seem limitless.

However, as is becoming increasingly more apparent with the accelerated pace of end-user uptake, VoIP has also brought with it a potential Pandora's Box of security risks. Would-be hackers can now exploit both old and new network vulnerabilities operating over the one network, and risks that had previously only been associated with traditional data IP technologies have been inherited by voice networks. What this effectively means is that VoIP security over the public internet is now only as safe as that provided for traditional web traffic and email.

"Like data networks, security vulnerabilities in VoIP can be susceptible to common targets for viruses, worms, trojans etc, which previously didn't exist in traditional PSTN phone systems," Sydney-based IP telephony services provider Allcom Networks director, Andrew Leigh said. IP PBXs (private branch exchanges) are now far less secure than traditional PBXs because traditional PBXs are connected to a telephony provider, whereas IP PBXs are connected to both the telephony provider and the open internet.

Furthermore, whilst a new set of protocols supporting VoIP technology are still in the process of being developed, new vulnerabilities are continuing to emerge. As a consequence, threats to security will continue to appear both from existing internet vulnerabilities and the old telephone network, as hackers attempt to exploit whatever vulnerabilities may come their way. So where does that leave end users, equipment vendors and service providers and what sorts of threats are likely to emerge over the next few years?

Cisco Australia's unified communications manager, Peter Hughes believes the nature of VoIP security has changed over the last few years, because the higher uptake has led to more frequent and vicious attacks over IP networks in general and, as voice is part of those networks, it too has been subject to those attacks.

Erik Rudin, VoIP solutions specialist at security and systems management software vendor NetIQ, said that while VoIP or IP telephony has created new targets for security attacks, the traditional objectives of hackers have remained the same. "Whether you run a TDM or IPT phone system, the attacker has common goals; hurt the carrier, disrupt or degrade service (eg, deny dial tone), steal service (eg, toll fraud), hurt the subscriber, identity fraud (eg, use a stolen phone, access card), steal information (eg, eavesdrop) or compromise information (eg, change voicemail)."

Colin Lim, ANZ regional sales manager for security vendor Fortinet, said that as with all new technologies, once adoption rates improve, attackers also begin to focus their interests on the technology. "New threats evolve from old threats, and this is certainly true of VoIP." Evidence of this, Lim added, could be seen in the evolution of 'spit', or voice spam and phishing attacks using a bogus voicemail system rather than a bogus website.

The nature of the threats

As VoIP converts voice signals from the telephone into digital signals (data packets) that travel over the internet, from a security perspective it is just as vulnerable to other data traversing the internet. This has opened it up to a range of old data network threats.

As Lim pointed out, since VoIP involves placing IP handsets on the LAN, the attacks that plague all other LAN connected hosts will apply. "This means that DoS, virus/worm, trojans, spam, phishing, eavesdropping, spoofing and MITM attacks are all capable of finding their way into VoIP deployments as attackers begin turning their attention to it," Lim said.

VoIP technology has also added many new devices and components to a standard IP network. Each of these has brought with it potential operating system, application and configuration vulnerabilities. As a consequence, new targets have emerged, such as exploiting IPT operating systems on phones, attacking IPT infrastructure, exploiting IPT servers (gateways, call managers) and exploiting media servers (eg, voicemail). Spying, theft and data manipulation can also give a savvy hacker the opportunity to potentially gain access to user account information, including IDs and passwords. This can then be potentially used to make unauthorised network modifications, from changing profiles to altering calling plans and even listening to voice messages, making eavesdropping a major VoIP security concern.

As Rudin said, in many organisations, a lot of focus, time and money are directed towards 'hardening' the perimeter so that intruders can't get inside the enterprise network. "Firewalls do a good job of protecting the perimeter. However, many times the real security threats to an organisation are internal. This means an employee or contractor could intentionally sabotage or accidentally bring down your VoIP service."

Agreeing to new standards

Another challenge with VoIP has to do with technology protocol adoption within the marketplace. The best example of this is the SIP signalling protocol used by VoIP devices to set up a call between endpoints.

Session initiation protocol (SIP) is a signalling protocol for IP telephony. SIP voice protocols provide a standard for authenticating users, a critical component of VoIP security, and are also used to set up conferencing, telephony, multimedia and other types of communication sessions on the internet. SIP protocol is rapidly becoming the dominant VoIP standard for device integration, though it still lacks strong authentication mechanisms, which could lead to identity theft.

Security solutions provider Firewall Systems director Nick Verykios was also quick to point out that there are no security standards embedded into VoIP systems. "What we do have now are technologies to mitigate security risk such as products that secure SIP traffic. So to this end, very little has been made available," he said.

Another major impediment to the rapid uptake of VoIP, Lim said, was that current network address translation (NAT) technology, which is used almost universally by organisations to prevent unauthorised access to private corporate networks from the internet, is incompatible with VoIP technology. "This means that the widespread use of VoIP is at odds with conventional security technology. The limitations of these technologies represent a significant roadblock to the rapid, broad rollout of converged voice and data services. Network-level devices, such as NAT gateways, often lack the intelligence to recognise and properly process the critical signalling protocols that enable VoIP calls to be established and managed," he said.

Tips for new adopters

As Rudin pointed out, when it comes to VoIP over the public internet, hackers already have a big head start, using techniques that they've developed and fine-tuned over years of attacks on data networks.

The size of the potential threat is also potentially now much greater, as "hackers who break into your computing systems now have the ability to not only bring the entire network down but also rob authorised users of their phone service".

Businesses contemplating a move to an IP telephony environment need to therefore monitor critical vulnerabilities and patch systems as needed, particularly with IP PBX systems. Because most VoIP deployments rely on a server platform, it is also important that operating systems patches and virus protection are kept up to date.

In addition, as the number of devices and the complexity of a computing system increase, a VoIP deployment is only as secure as its weakest link. It is therefore essential to ensure consistent compliance with security policies, perform periodic, scheduled vulnerability scans, use notification and advisory services offered by security vendors, keep software patches up to date and implement general practices like controlling who has access to key systems and using properly configured firewalls. Vulnerability scans are particularly important, Rudin said, though they can be difficult to implement because fixes typically lag behind the reporting of the vulnerability.

Crystal ball gazing

As network convergence and VoIP uptake continue unabated, new threats will continue to challenge end users, vendors and service providers alike. With regards to convergence, Verykios pointed out that central to most VoIP systems is a call server. If the call server goes down, everything is down. "These deployments today may be independent VoIP deployments, but in the future we will see more unified messaging systems bringing together the desktop, voicemail and email, as a productivity initiative. That also comes with massive risk if not secured properly," he said.

Rudin said the possibilities for future attacks could be boundless and may consist of attacks to both endpoints and VoIP infrastructure. These may include: packet floods, OS and 'stack' DOS exploits, IP fragmentation attacks, IPT implementation exploits, IPT viruses and endpoint admin privilege exploits, to name but a few. Possible VoIP infrastructure attacks may include: media (application) servers, call managers, gateways, packet floods and DOS attacks, IPT application implementation exploits, IPT call redirection, address spoofing and exploits against listening services.

Leigh said that VoIP security vulnerabilities were likely to develop hand in hand with vulnerabilities that develop over data networks, which meant that it was becoming increasingly more vital to have an all-inclusive, integrated security policy that enables organisations to provide as comprehensive an end-to-end solution as possible.

One of the hottest topics at the moment is the threat of spit (IP telephony spam), a natural progression from spam and spim, where voicemail boxes are filled with unsolicited messages. Unprotected endpoint or voice application servers are likely to become the subject of a variety of attacks over the next few years, including SIP spam/spit, impersonation and identity spoofing, eavesdropping, voicemail bombing and session hijacking. According to Rudin, VoIP-specific DoS attacks (such as SIP Invite message floods) and worms that penetrate VoIP technology will likely emerge, with each of these being extremely difficult to mitigate. "The best way to protect against these is to have a distributed architecture with security throughout the LAN, WAN and at the perimeter, since most threats are blended threats (able to use multiple methods of traversal; email, web, instant messaging and, in the future, VoIP)."

Verykios also claimed that in the future, traditional network firewalls would simply not suffice. "It's no good to hold the voice traffic and analyse it before releasing it by using the old method of 'when we get hit, this is what we do with the data'. It's more an issue of just don't get hit in the first place," he said. As a consequence, intrusion prevention, as opposed to mere intrusion detection, technologies would need to be further developed, Verykios said.

• Share this Article:
• digg this
• add to del.icio.us
• StumbleUpon
• RSS Feeds