1. Track A: Network Security 9AM-10AM May 6, 2004 Security And Next Generation VoIP George G. McBride Senior Manager, Security Practice Lucent Technologies Professional Consulting Lucent Worldwide Services Security Practice

2. 2 Lucent Technologies – Copyright 2004 Secure Network Infrastructure VoIP Security Issues: –As Dr. Bagchi and Mr. Thermos have illustrated, VoIP infrastructure is based on traditional data networks –The same issues that affect data networks will affect VoIP infrastructures –Total Vulnerabilities = Vulnerabilities(Data Network) + Vulnerabilities(VoIP) But there is hope!

3. 3 Lucent Technologies – Copyright 2004 The vulnerabilities are real… Cisco 7900 Series phones running the default Skinny (SCCP) protocol for messaging, can be easily crashed by sending malformed messages. Cisco 1760 VoIP enabled router is also vulnerable by sending a message of 50,000 characters+ to port 2000 (the TCP port used by the router to communicate with the phones) to cause every VoIP phone on the network to reboot or lock-up, completely disrupting communications. Cisco 7900 is vulnerable to an ARP attack on a target phone which draws the RTP data stream through the attacker’s computer. As most conversations are transmitted in the clear, eavesdropping is trivial.

4. 4 Lucent Technologies – Copyright 2004 Vulnerability Sources Human – Issues such as malicious insiders, the use of “hacker” tools on the corporate network, as well as corporate and end-user security policies are all part of the human factor. Physical – Often overlooked in network security vulnerability assessments, the physical security and protection of equipment, hosts, resources, back- up tapes, etc, all contribute to the VoIP infrastructure’s security posture. Network Infrastructure – Firewalls, network segmentation and isolation, Virtual Local Area Networks (VLAN)s, and network architecture are some of the issues that also affect security vulnerabilities. Equipment and Host Security – Systems, VoIP equipment, gateways, and other networked hosts contribute to overall security risk of VoIP. Protocols – While the VoIP protocols use TCP or UDP to transmit data and thus have all of the vulnerabilities associated with those protocols, other newer protocols can also contribute vulnerabilities to the VoIP architecture.

5. 5 Lucent Technologies – Copyright 2004 Easy Steps to mitigate VoIP Risks Perform a thorough Risk Assessment including identification of critical assets and vulnerabilities Understand the new VoIP protocols. Make sure that the voice personnel know data and make sure that the data personnel know voice. Update all equipment (BIOS, Firmware, Applications) prior to deployment, and regularly afterwards.

6. 6 Lucent Technologies – Copyright 2004 Mitigating Risks Enable the security functionality that you can. SIPS, H.235, SRTP, STRCP provide security enhancements to the VoIP infrastructure Segment networks to minimize the risk of compromise and to limit exposure when it does occur Enable SIP aware intrusion detection and network monitoring at each of the segments

7. 7 Lucent Technologies – Copyright 2004 Mitigating Risk Utilize SIP aware firewalls. –Application Layer Gateways Fast, Easy to Deploy Encryption is difficult and ALG attacks not detected –Deep Packet Inspection (Stateful Inspection +) Detects Application Layer attacks and May impact performance, application specific –Proxy Based Firewalls Proven scalability, can detect Application Layer attacks Application specific and can provide encryption services

8. 8 Lucent Technologies – Copyright 2004 Contact Information Please feel free to contact me with any questions or comments: Lucent Technologies Bell Labs Innovations Lucent Technologies Inc. Room 2N-611J 101 Crawfords Corner Road Holmdel, NJ 07733 Phone: +1.732.949.3408 E-mail: gmcbride@lucent.com George McBride, CISSP Security Practice Lucent Worldwide Services