Sunday, March 27, 2005

Triple threat forVOIP

There are three categories of VoIP threats, said Gary Coman, manager, IP Communications, Cisco Asia-Pacific.

The first one is confidentiality related. Confidentiality refers to the requirement that information must be kept private and secure. In a VoIP environment, information leaks in the case of eavesdropping. With much more points of access than traditional PBX systems, VoIP network is simply easier to tap.

To eavesdrop in a conventional phone network environment, a person needs to have physical access to a phone line or a switch, but in an IP scenario physical access is no longer a requirement.

Switch default passwords can also become the weakest link as switches usually have a default login/password such as admin/ admin or root/root.

An intruder with access to the switch administration interface can mirror all packets on one port to another, making interception of communications possible and unnoticed.

Something simple can be done to prevent this from happening, but enterprises must remind themselves to get that done—they need to change the default passwords from time to time.

In addition, remote access to the GUI should be disabled to stop interception of plain text administration sessions.

Another pressing security issue is integrity. This concerns whether information is altered by rogue users. Integrity not only applies to data such as bank account number and passwords but also system data and configuration.

Given the richness of features on the VoIP switches, an attacker who can compromise the system configuration can launch whatever assault he wants.

For instance, if an intruder masquerades as a legitimate user and accesses an operation port of the switch, he can use the permission level of that legitimate person to perform destructive acts like disclosing confidential data, crashing the switch, modifying the switch software, and even modifying the security log in order to remove traces of the attack.

DHCP (Dynamic Host Configuration Protocol) servers that automatically assign IP addresses to clients logging onto the TCP/IP network could also be used to change the configuration of IP phones. When the IP phone boots and requests a DHCP response, a rogue DHCP server can initiate a response with data fields containing false information.

This could result in attacks on both the phones and IP media gateway, the interface between circuit switched networks and IP network.

The third major risk is related to availability. Any network is vulnerable to denial-of-service (DoS) attacks achieved by overloading the capacity of the system, but the problem with VoIP could be particularly severe due to its sensitivity to packet loss.

Impenetrable walls?
Common security practices today for VoIP include the implementation of technologies such as firewall, encryption, authentication, and traffic segmentation for voice and data via virtual LAN.

These technologies are necessary because voice is now on the same network of data and exposed to the same set of vulnerabilities. Though they safeguard the networks and traffic, they do have their downside and impact the QoS.

The firewall can simplify security management by consolidating security measures at the firewall gateway.

Thus there is no need to require all end points to maintain up-to-date security policies. In other words, it takes the huge burden off the VoIP network infrastructure.

However, firewalls also pose problems for incoming calls because allowing signal traffic through a firewall from an incoming call means leaving several ports open that might get exploited by attackers.

In such a case, solutions such as a voice-aware firewall and Application Level Gateways (ALG) can be implemented.

Andrew Ma, head of solution & product marketing Asia-Pacific at Juniper Networks, said voice-aware firewalls understand the mechanisms of dynamic opening and closing of ports in VoIP.

Thus such products allow the opening of ports when a connection needs to be established only.

An alternative is to buy an ALG-embedded firewall. An ALG is a software that enables dynamic configuration based on application-specific information. Thus a firewall with a VoIP ALG can understand H.323 or SIP, and dynamically open and close the necessary ports.

Despite being a simple solution, there are performance and cost issues with ALG, according to the National Institute of Standards and Technology (NIST) in the US.

Since ALG is embedded in the firewall itself, the latency and throughput slowdown of all traffic traversing the firewall is aggregated and compounded by the VoIP call volume.

Such firewalls are also costly. Users would even need to get an upgrade or replacement when VoIP standards change.

Although firewalls can help keep attackers at bay, they cannot guard the networks against an internal hacker. So another layer of defence is needed at the protocol level.

Coded packets
In VoIP, as in data network, this can be done by encryption at the IP level using IPSec.

By having this deployed, packets will become unintelligible when someone on the network, authorised or not, intercepts the traffic not intended for them.

IPSec, however, can degrade voice traffic.

“IPSec encryption and decryption is so intensive that they cause delay,” Ma explained.

IPSec also increases latency by increasing the size of packets in VoIP. Usually large packet sizes boost throughput because large sizes mean a lower number of packets that the routers and firewalls need to look at.

Nevertheless, according to the NIST, the growth in packet size due to IPSec does not lead to a higher payload capacity. Instead, the increase is merely an increase in header size due to encryption and encapsulation of the old IP header and the introduction of the new IP header and encryption information.

Ma suggested that a voice-accelerated firewall be deployed to ease the delay situation.

Alternatively, the NIST advises users to do encryption and decryption only at end points such as the IP phone.

But of course, that means a computationally powerful end point is a must, which might be a cost issue for those who want to deploy them.

Despite drawbacks like hidden security costs, you should still consider VoIP if you are buying a new phone system. Ask vendors for customer references, and try to talk to the customers about security and other issues.

0 comments:

Blog Widget by LinkWithin