CANTO – 2006 Information Security and Voice over IP (VoIP) Robert Potvin, CISSP VP - Strategic Consulting June 21st, 2006.

Slides:



Advertisements
Similar presentations
Computer Networks TCP/IP Protocol Suite.
Advertisements

Virtual Trunk Protocol
Ethernet Switch Features Important to EtherNet/IP
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Ivan Gaboli, Virgilio Puglia.
Communicating over the Network
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
Introducing VoIP Voice Over Internet Protocol. What is VoIP? Hardware and Software that enables users to use Internet as a transmission medium for telephone.
1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Chapter 1 Data Communications and NM Overview 1-1 Chapter 1
Presented By:- Yash Jariwala Paras Patel Deep Amrutiya.
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
Chapter 1: Introduction to Scaling Networks
Packetizer ® Copyright © 2007 A Concept for the Advanced Multimedia System (AMS) Paul E. Jones Rapporteur ITU-T Q12/16 July 30, 2007.
Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.
Technical Track Securing EtherNet/IP Networks Presented by: Paul Didier - Cisco Eddie Lee - Moxa.
1 Authentication Applications Ola Flygt Växjö University, Sweden
Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.
IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 ETHERNET Derived From CCNA Network Fundamentals – Chapter 9 EN0129 PC AND NETWORK TECHNOLOGY.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA TCP/IP Protocol Suite and IP Addressing Halmstad University Olga Torstensson
Connecting LANs, Backbone Networks, and Virtual LANs
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.
TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.
Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security Awareness: Applying Practical Security in Your World
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.
Internet Protocol Security (IPSec)
Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.
By: Christopher Henderson.  What is VoIP?  How is it being used?  VoIP’s main Security Threats.  Availability of Service  Integrity of Service 
IT Expo SECURITY Scott Beer Director, Product Support Ingate
Common Misconceptions Alan D. Percy Director of Market Development The Truth of Enterprise SIP Security.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.
Ingate & Dialogic Technical Presentation SIP Trunking Focused.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
VoIP Security Assessment: Methods and Tools H. Abdelnur, V. Cridlig, R. State and O. Festor Madynes, LORIA-INRIA.
Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Appendix A UM in Microsoft® Exchange Server 2010.
Remote Connectivity and VoIP Hacking
Voice over IP by Rahul varikuti course instructor: Vicky Hsu.
Bridging Two Worlds Parting Is Such Sweet Sorrow: Adding IP Telephony to Existing "Big Iron" Mike Robinson CTO
Chapter 6 Remote Connectivity and VoIP Hacking Last modified
Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.
VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.
Remote Connectivity and VoIP Hacking
Ingate & Dialogic Technical Presentation
Presentation transcript:

CANTO – 2006 Information Security and Voice over IP (VoIP) Robert Potvin, CISSP VP - Strategic Consulting June 21st, 2006

Copyright Above Security Voice over IP is popular! More VoIP PBXs are now being sold than circuit-switched PBXs Businesses are deploying VoIP for all sorts of reasons: -Security is probably not one of them Voice over IP security

Copyright Above Security Why worry about voice security? Telephone access is business-critical in almost all organisations Confidential information passes over the phones Emergency response often involves phone systems (911) Long distance fraud (Miami – 10M calls) PBX is now in the hands of IT (we use to worry about its security) Voice over IP security

Copyright Above Security VOIP State of the market Report Major Concerns - Distributed Networking Associates Identity Management / Authentication Spoofed Voice Server or IP-Pbx Voice conversation intercepted (Lan, Wan and Internet) Increase Toll Fraud Availability (DoS) Voice over IP security

Copyright Above Security Security knowledge is being lost In the seventies, some people would make long distance calls for free (or bill them to innocent victims) by using blue boxes to inject MF tones during call setup In the eighties and nineties, voice networks migrated to digital voice transmission and ISDN-like transport One of the less well-known goals of this migration was to separate the control signals from the voice traffic -If the user has no access to the control channel, the user cannot hack the phone system Voice over IP security

Copyright Above Security So we go back to the seventies Much of the Voice over IP setups mixes control and data traffic Blue box tone generators get replaced with Ethernet sniffer programs and other PC-based malware Same problems, but with a new twist: attacks can be automated Voice over IP security

Copyright Above Security A typical (simplified) VoIP configuration Voice over IP security

Copyright Above Security Let us not forget the previous users Voice over IP security

Copyright Above Security And the un-intended users… Voice over IP security

Copyright Above Security There are other un-intended users… Voice over IP security

Copyright Above Security And still other un-intended users! Voice over IP security

Copyright Above Security More…. Voice over IP security

Copyright Above Security VOIP Threats DoS -Packet and Data Flood -Endpoint (PIN change) -QoS -VLAN Theft and Fraud -Sniffing (eavesdropping) -Spoofing (mac, IP, arp, ANI, ect..) -Toll and Voic (and maybe ) “text to speech” Voice over IP security

Copyright Above Security The Voice over IP protocol landscape Several different protocols in use at the same time -Some are used to communicate call information data (signalling) -Some transport the actual voice and/or video streams -Some do both -Some are standardized, some are proprietary And then there are the extensions… -Multiple competing extensions to the same protocol -Multiple security extensions to the same protocol Wireless integration Voice over IP security

Copyright Above Security Base protocols for IP phones Voice over IP security

Copyright Above Security Issues about base protocols and phones Most of these protocols do not have security protection features Even if they do, the IP phones typically do not support them The phones (depending on brand and model) also have other network vulnerabilities: -Remote management access to the phone (SNMP), sometimes in read/write, sometimes with a fixed community name -Remote login access to the phone -VxWorks debug access to the phone Voice over IP security

Copyright Above Security Network layer 2 attacks: MAC address spoofing An attacker equipment can modify its MAC address at will -and impersonate other equipments (including phones) The attacker can generate many packets with many different source MAC addresses -this can cause the network to crash -or allow the attacker to listen to traffic he/she should not be able to access Voice over IP security

Copyright Above Security Network layer 2 attacks: ARP cache poisoning ARP is the protocol used to associate Ethernet and IP addresses dynamically Supports broadcast and unicast communication methods Attacker can use ARP attacks to reroute IP traffic, including voice Voice over IP security

Copyright Above Security Network layer 2 attacks: VLAN boundary crossing Virtual LANs are used to group network switch ports into zones -Communication between VLANs must go over a router or gateway -Groups of VLANs can be transported over a single physical link between switches on a VLAN trunk On some network switches, VLAN trunk setup is automatic -This feature is enabled by default -A client system can convince the switch that a user port should become a trunk by sending the right packets to it -Ports that become trunks make all VLANs accessible by default -Attackers can use this to access other VLANs Voice over IP security

Copyright Above Security VoIP signalling protocol attacks Voice over IP security

Copyright Above Security H.323 protocol components security By default, no protection is built in the protocols -Everything is in cleartext, with nothing signed, no replay protection, etc. -An attacker with enough access can listen to/alter the messages at will Cisco recommends protecting the protocol with IPSEC -Requires X.509 certificates and public key certificate servers in order to scale H.323 transports IP addresses and port numbers in the application stream -In cleartext, it is already difficult to pass H.323 over NAT gateways -Forget it once H.323 is encrypted -Implies the H.323 NAT box must be an endpoint, decrypt the traffic, and re-encrypt it before forwarding Voice over IP security

Copyright Above Security SIP protocol security By default, no protection is built in the protocol (like H.323) -Everything is in cleartext, with nothing signed, no replay protection, etc. -An attacker with enough access can listen to/alter the messages at will SIP can be protected with TLS or IPSEC -Requires X.509 certificates and public key certificate servers in order to scale SIP also transports IP addresses and port numbers in the application stream -SIP is designed to go over proxies -It may be difficult to maintain end-to-end security when communicating with points outside the organization Voice over IP security

Copyright Above Security SIP Vulnerabilities INVITE -Vulnerabilities in message exchange between 2 SIP endpoints during call setup SIP proxy server -Cisco ASN.1 -Decoding error in SSL implementation (also in H.323) Voice over IP security

Copyright Above Security VoIP transport protocol attacks Voice over IP security

Copyright Above Security Voice transport protocol issues RTP (Real Time Protocol) and RTCP (Real Time Control Protocol) are used to transport the actual voice in both H.323 and SIP configurations -By default, all voice traffic is in cleartext and can be captured with already existing attack tools SRTP (Secure Real Time Protocol) -Can encrypt and authenticate the voice traffic -Relies on the Mikey protocol -Needs an X.509 certificate infrastructure in order to scale Voice over IP security

Copyright Above Security DOS TLS Connection Reset -By sending a crafted packet, you can force a reset on the signalling channel between the phone and the server Packet replay -Out of sequence packets can add delay and degrade QoS Services -DoS on DHCP, DNS, TFTP…. Wireless -Jamming Voice over IP security

Copyright Above Security Call Hijacking and/or eavesdropping ARP Spoofing -Duplicate an end-point or a gateway Registration (UA) -Redirect incoming calls Proxy -Intercept SIP messages Toll -Rogue devices can be used to place long distance call on PSTN ANI -Caller ID spoofing Voice over IP security

Copyright Above Security Security Pathway Architecture -Switches, VLANs, Nat and Firewall -Encryption -Mac Filtering -Services (DHCP, TFTP…ect..) Hardening -PBX -Gateway -Accounting (call data) -Voice Mail -SoftPhones Voice over IP security

Copyright Above Security Security Pathway Authentication -SIPS = HTTPS -Certificates -MAC Filtering -Radius Physical security -PBX, Gateway…..ect… -Switches (heat on Power Over Ethernet) -Sniffers Voice over IP security

Copyright Above Security Security Pathway Logging and Monitoring -Centralize logs -Synchronize logs -IDS -Vulnerabilities Pen-Test often -External -Internal -Wireless Voice over IP security

Copyright Above Security Questions and Contact Robert Potvin, CISSP #2108 Voice over IP security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.