VoIP Security Voice over Internet Protocol

1
VoIP Security(Voice over Internet Protocol)

• Brian Martin
• Matt Protacio
• February 28, 2007

2
History of VoIP

• First internet phone service offered in 1995 by
  a company called Vocaltec
• Most people didnt yet have broadband, and most
  soundcards were half duplex.
• First PC to phone service in 1998, followed by
  phone to phone service. Cisco, Nortel, and
  Lucent develop hardware VOIP switches (gateways).
• VOIP traffic exceeded 3 of voice traffic by 2000

3
History of VoIP (Continued)

• Around 2004 began mass marketing for digital
  phone service bundled with broadband arranged so
  calls would be received over regular phones.
• Digital phone services use an adaptor from the
  modem to a phone jack so there is almost no
  difference between that and regular phone
  service. Other services use software clients
  requiring a computer with a microphone.

4
VoIP vs. Old Phones

• Benefits
• More efficient bandwidth usage
• Only one type of network required, data
  abstraction in the network
• Criticisms
• 911 localization doesnt always work
• Phones arent useable in a power outage, unless
  UPS are deployed
• Fax machines might not work

5
Common VoIP Security Threats

• VoIP Security Alliance, founded in 2005
• Threat Taxonomy
• Forums, Articles
• Caller misrepresentation, caller id spoofing
• Unwanted calls, spam or stalking

6
Common VoIP Security Threats (Continued)

• Traffic Capture
• Eavesdropping
• Interception
• Alteration (conversion quality, content)
• Black holing
• Call Hijacking
• SIP (Session Initiation Protocol) register
  hijacking
• DoS

7
SIP registration hijacking with SiVuS and a botnet

• SIP
• Session Initiation Protocol
• Application layer control protocol for initiating
  VOIP sessions
• Control messages were not encrypted and had no
  mechanism to verify integrity
• So even if registration requires authentication,
  it can be sniffed easily

8
The basic attack plan

• Both Callers must register with a registrar
  server before a call may be initiated
• DoS the receiver with zombie minions
• Deregister him with the registrar
• Falsify his registration with SiVuS
• Anyone planning to call him will not know and you
  can try to claim you are the legitimate call
  receiver.
• Chances are the intended call receiver will not
  notice either

9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
Good Ideas

• If using SIP use TLS
• Transport Layer Security (encryption, basically)
• The text based messages of SIP are considered a
  feature though
• If only VoIP appliances are connected to the the
  network, then no PCs are available to launch
  attacks from.
• Segregate data and voice to their own Virtual
  Lans (VLANs)
• Encrypt!!!
• Prevents voice injections and casual
  eavesdropping
• Redundant network to deal with DoS.
• Secure IP-PBX and gateway boxes

13
VoIP Popularity

• VoIP use has more than doubled in the past year,
  according to Telegeography Research, and experts
  expect the growth to continue.
• New York Daily News, Februray 26, 2007

14
Popular VoIP Services

• Enterprise
• Cisco CallManager
• Home
• Vonage
• Skype
• Cable Companies (Time Warner, Insight, Comcast,
  etc.)

15
Cisco CallManager

• Enterprise VoIP Product
• Marketed towards companies and organizations
  looking to replace legacy PBX (Private Business
  Exchange) systems or install a new IP telephony
  based system

16
Cisco CallManager System Design

• Phones
• Deskphones, model 7960
• Ethernet, PoE (Power over Ethernet)
• Software Phone
• IP Communicator
• Popular for using across a VPN

17
Software Phone IP Communicator
18
Cisco CallManager System Design (continued)

• Servers
• CallManager Subscribers and Publishers
• Windows or Linux Servers running Cisco Software
• Process all calls
• Interface with existing PBX systems

19
CallManager Security

• Multiple VLANs
• Separate VLANs for Voice and Data
• Higher Security by isolating voice on separate
  VLAN
• Primary Protocols
• SIP
• H.323

20
H.323 Attack

• Attacker can exploit the open standard protocol
  to establish malicious phone calls
• Microsoft Netmeeting can be used to initiate an
  H.323 Phone Call
• Malicous phone calls can be established to make
  international calls
• Threat can be eliminated by not allowing
  international dialing on lines from telephone
  company

21
IP Phone Tap

• Capture IP packets from Phone
• Use Ethereal network sniffer
• Extract audio from packets
• Export audio file of phone call

22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
Prevent Phone Tapping

• Encrypt voice traffic
• Prevent attacker from capturing traffic out of a
  phone
• Lock down access to network switch phone is
  connected to

28
Conclusion

• VoIP is established as the future of telephones
• Security is critical when designing and
  maintaining VoIP systems
• Questions?