Copyright Security-Assessment.com 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005.

Slides:



Advertisements
Similar presentations
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Advertisements

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Secure Mobile IP Communication
CANTO – 2006 Information Security and Voice over IP (VoIP) Robert Potvin, CISSP VP - Strategic Consulting June 21st, 2006.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
Guide to Network Defense and Countermeasures Second Edition
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.
Copyright Security-Assessment.com 2005 Voice over IP What You Don’t Know Can Hurt You by Darren Bilby.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
Introducing VoIP Networks Chapter 01 Components of a VoIP Network.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Voice over Internet Protocol (VoIP) Training and Development.
5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
COEN 252: Computer Forensics Router Investigation.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.
Virtual Private Network
Common Misconceptions Alan D. Percy Director of Market Development The Truth of Enterprise SIP Security.
Securing your IP based Phone System By Kevin Moroz VP Technology Snom Inc.
Presence Applications in the Real World Patrick Ferriter VP of Product Marketing.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.
Lab #2 CT1406 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
Ingate & Dialogic Technical Presentation SIP Trunking Focused.
SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Applied Communications Technology Voice Over IP (VOIP) nas1, April 2012 How does VOIP work? Why are we interested? What components does it have? What standards.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Remote Connectivity and VoIP Hacking
Voice over IP by Rahul varikuti course instructor: Vicky Hsu.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Securing Open Source Enterprise VoIP Christian Stredicke/snom.
MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.
Security fundamentals Topic 10 Securing the network perimeter.
Voice and Video over IP.
Chapter 6 Remote Connectivity and VoIP Hacking Last modified
Track A: Network Security 9AM-10AM May 6, 2004 Security And Next Generation VoIP George G. McBride Senior Manager, Security Practice Lucent Technologies.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.
Voice Over IP (VoIP): Internet Telephony. Chapter Objectives.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Security fundamentals
Fortinet VoIP Security June 2007 Carl Windsor.
VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.
IP Telephony (VoIP).
Virtual Private Networks
SIX MONTHS INDUSTRIAL TRAINING REPORT
Wireless Network Security
Security of a Local Area Network
Remote Connectivity and VoIP Hacking
Network hardening Chapter 14.
Introduction to Network Security
Presentation transcript:

Copyright Security-Assessment.com 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005

Copyright Security-Assessment.com 2005 Security-Assessment.com – Who We Are NZ’s only pure-play security firm Largest team of security professionals in NZ Offices in Auckland, Wellington and Sydney Committed to research and improving our industry Specialisation in multiple security fields – Security assessment – Security management – Forensics / incident response – Research and development

Copyright Security-Assessment.com 2005 What is VoIP? Voice over Internet Protocol “A method for taking analog audio signals, like the kind you hear when you talk on the phone, and turning them into digital data that can be transmitted over the Internet. “ Also known as: – Voice over Packet (VoP) – IP Telephony (IPT)

Copyright Security-Assessment.com 2005 VoIP Trends VOIP becoming more popular and will increase in future Many ISPs and Telco’s starting to offer VoIP services Like most other phone calls, it is presumed to be confidential Original protocols designed by telephone people with trusted networks in mind

Copyright Security-Assessment.com 2005 Different Types of VoIP There are many different implementations of VoIP: – MSN – Firefly – Skype – Office Phone Replacements – Push to Talk – Ihug Connect – Slingshot iTalk Different technologies, but most of these do not have security built-in.

Copyright Security-Assessment.com 2005 Components of a VoIP Implementation Client Voice Gateway Support Servers – Voic , Management Servers

Copyright Security-Assessment.com 2005 VoIP Clients Hard Phone Soft Phone Analog Telephone Adaptor (ATA)

Copyright Security-Assessment.com 2005 Protocols and Acronyms

Copyright Security-Assessment.com 2005 Protocols and Acronyms Signaling Protocol – Create, modify, and terminate sessions with participants – Conferences – Proxies – Authentication Transport Protocol – Manages the actual voice data

Copyright Security-Assessment.com 2005 Protocols and Acronyms ITU H.323 – One of the earliest sets of VoIP standards – Handles voice, video, and data conferencing – Some limitations, but most VoIP traffic utilises this today Session Initiation Protocol (SIP) – Signaling protocol – RFC 3261 – Currently most favored protocol for new systems Realtime Transport Protocol (RTP/RTCP) – Used for media transfer by other protocols – Fast, scaleable and efficient – RTCP manages the call – RTP is the voice data

Copyright Security-Assessment.com 2005 Protocols and Acronyms SCCP (Skinny) – Cisco signaling and control protocol – Open standard IAX/IAX2 – Signaling and control protocol – Designed by Asterisk open source project – Handles NAT and Firewalls cleanly MGCP (Media Gateway Control Protocol) – Signaling and control protocol – Reduce traffic between gateways

Copyright Security-Assessment.com 2005 Why is VoIP Security a Problem? Eavesdropping and Recording Phone Calls Track Calls Stealing Confidential Information Modifying Phone Calls Making Free Phone Calls Faking Caller ID Board Room Bugging Spam over IP Telephony (SPIT) Another Network Entry Point

Copyright Security-Assessment.com 2005 The Problems We See With VoIP Insecure Servers Insecure Clients Insecure Protocols Insecure Protocols on Insecure Networks Badly Written Protocols Implementation Flaws There is nothing new under the sun!

Copyright Security-Assessment.com 2005 VoIP Security Scenarios

Copyright Security-Assessment.com 2005 Scenario 1 – Industrial Information Gathering Employee uses the VOIP network to listen to the managing director’s phone calls Gains access to personal details Forwards information about business deals to competitors

Copyright Security-Assessment.com 2005 Demo Cain - Ettercap – Ethereal – Vomit -

Copyright Security-Assessment.com 2005

Scenario 2 – The Fraud Employee uses ARP redirection in a large office to record all voice conversations Leaves it recording and logging for a week Then uses DTMF decoder to get access to other employees bank details, voice mailboxes etc Phone banking Voice Mail

Copyright Security-Assessment.com 2005 Scenario 3 – The Industrial Spy Evil Russian hacker is hired by a competitor to gain knowledge of business strategies. Hacker sends secretary a link to FunnyGame.exe, pretending to be an associate. Hacker sets boardroom IP phone in speakerphone mode, and calls a phone he controls thus recording boardroom meetings.

Copyright Security-Assessment.com 2005 Scenario 4 – Hacking Phones with IE Phones are standard IP devices – HTTP, Telnet, SNMP There are vulnerabilities in these devices Password security Hacker scans the Internet looking for vulnerable phones Hacker then uses the phones to call 0900 numbers which she gets paid for

Copyright Security-Assessment.com 2005 Demo

Copyright Security-Assessment.com 2005

Scenario 5 - Caller ID Spoofing While most good systems have changed, CID is still used as authentication Do you respond differently to internal calls? Call the helpdesk from the CIO’s cell phone

Copyright Security-Assessment.com 2005 Caller ID Demo

Copyright Security-Assessment.com 2005 SMS Spoofing

Copyright Security-Assessment.com 2005 Okay… So How Do We Secure It? Secure the Devices Network Segregation Encrypt the Traffic Intrusion Detection

Copyright Security-Assessment.com 2005 Secure the Devices

Copyright Security-Assessment.com 2005 Secure the Devices Don’t expose anything to the Internet that doesn’t need to be! Patch and secure VoIP servers Patch phones Train your telephony staff in security practice This is a really bad idea!

Copyright Security-Assessment.com 2005 Got Patches? July Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to DoS attacks, and or arbitrary code being executed. July – Multiple vendor weakness in SIP Notify handling. Denial of Service (DoS) March – Grandstream BudgeTone DoS March – Ustar ATA remote access vulnerability Has the vendor had independent security testing done?

Copyright Security-Assessment.com 2005 Network Segregation

Copyright Security-Assessment.com 2005 Threats to the LAN CAM Overflow ARP Poisoning VLAN Hopping Spanning Tree Attacks DHCP Rogue Server DHCP Starvation CDP Attacks HSRP Attacks Layer 2 is a dangerous place to live!!!

Copyright Security-Assessment.com 2005 Network Segregation Problem: Malicious devices can sniff voice traffic ↓ Use switches ↓ Hacker can use ARP redirection or MAC overflow to turn switch into HUB ↓ Use separate Voice and Data VLANS – Management overhead ↓ Put a HUB in the phone ↓ Now we can’t VLAN ↓ Make phone smarter, teach it about VLAN’s ↓ Hacker can now attack any VLAN from his phone port. But safe from remote attackers

Copyright Security-Assessment.com 2005 Network Segregation

Copyright Security-Assessment.com 2005 Network Segregation Try to stop malicious connections to your network – Disable switch ports not in use – Restrict access to switch by MAC address – Implement Sticky MAC All have management overhead and are not really secure

Copyright Security-Assessment.com 2005 Network Segregation SIP Firewalls Firewalls, Routers and Smart Switches Use Voice VLAN Implement VLANs securely! Only allow the required traffic from one interface to another Reduce DoS risk Integrated solutions eg Cisco

Copyright Security-Assessment.com 2005 Encrypt the Traffic

Copyright Security-Assessment.com 2005 Encrypt the Traffic Wrap an insecure protocol in a secure one – IPSEC – Other VPN Use a secure protocol – Secure Call Setup eg SIP TLS – SRTP – Cisco designed protocol for encrypting RTP traffic

Copyright Security-Assessment.com 2005 SRTP - Secure Real-time Transport Protocol RTP/RTCP extension End to End Designed by Cisco IETF RFC 3711 Adds – Confidentiality (AES128) – Message authentication (HMAC-SHA1) – Replay protection Doesn’t effect compression or QoS Scales well

Copyright Security-Assessment.com 2005 Encryption Requires Authentication SRTP Does not define authentication – Pre Shared Keys – Custom SIP headers – MIKEY (Multimedia Internet KEYing) – Certificates preloaded on phones

Copyright Security-Assessment.com 2005 SRTP – Can I Use It? Currently known support by Sipura, Zultys, Avaya and Cisco Cisco support on Call Manager 4.0 Currently only high end phones 7940, 7960 and 7970

Copyright Security-Assessment.com 2005 Intrusion Detection

Copyright Security-Assessment.com 2005 Intrusion Detection Benefits of VLAN – IDS monitoring can be accurate – Very limited traffic on the network ARP Inspection at a minimum

Copyright Security-Assessment.com 2005 Securing VoIP Summary Secure Phones and Management Devices Segregate your network using VLANs and firewalls Only buy devices that support SRTP and push your vendors for support Use Intrusion Detection where possible Consider VoIP security overhead before deciding

Copyright Security-Assessment.com 2005 Good Sites For Learning More Some good links for learning more about VoIP – Voip-Info.org – VoP Security – Cain and Abelhttp:// – Vomit – VoipSAhttp://

Copyright Security-Assessment.com 2005 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.