"attacks against voip"
TRANSCRIPT
![Page 1: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/1.jpg)
1 of 62 © 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
VoIP VoIP Security Behind the dialtoneSecurity Behind the dialtoneVulnerabilities, Attacks and CountermeasuresVulnerabilities, Attacks and Countermeasures
Peter Thermos
Principal Consultant
Tel: 732 835 0102
![Page 2: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/2.jpg)
2 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
BackgroundBackground
Education MS,CS Columbia University
Consulting Government and commercial organizations, consulting on information security and assurance,
InfoSec program development and management, vulnerability assessments, security architecture, NGN/VoIP/IMS.
Research Principal investigator on research tasks, in the area of Internet MultimediaInternet Multimedia and Next Generation Next Generation
Networks (VoIP)Networks (VoIP) and security, that were are funded by government organizations such as NIST (National Institute of Standards and Technology), DARPA (Defense Advanced Research Agency), NSF (National Science Foundation) and others. In addition he has been working with domestic and foreign Telecommunications carriers and Fortune 500 companies on identifying security requirements for IMS/NGN and VoIP, conducting vulnerability assessments and product evaluations.
Member of IETF/IEEE/ACM.
![Page 3: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/3.jpg)
3 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
OutlineOutline
Intro – Present and Future The Converged Network
VoIP Architectures Components & Protocols Security
ThreatsVulnerabilitiesAttacks
VoIP Firewalls Assessment Tools Approaches to secure VoIP/NGN networks Conclusions Further Research
![Page 4: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/4.jpg)
4 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Present and Future Present and Future (Summary)(Summary)PSTN NetworkPSTN Network Closed therefore
“secure” High availability
(99.999%) Limited connection to
IP (OSS provisioning, management)
IP NetworkIP Network Access is not
restricted. Best effort Connected to
accessible IP networks.
“There is one safeguard known generally to the wise, which is an advantage and security to all,
but especially to democracies as against despots. What is it? Distrust. ”.
Demosthenes (c. 384–322 B.C.), Greek orator. Second Philippic, sct. 24 (344 B.C.)
“There is one safeguard known generally to the wise, which is an advantage and security to all,
but especially to democracies as against despots. What is it? Distrust. ”.
Demosthenes (c. 384–322 B.C.), Greek orator. Second Philippic, sct. 24 (344 B.C.)
![Page 5: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/5.jpg)
5 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
VoPSecurity.org Forum – surveyVoPSecurity.org Forum – surveyTop Economic and Technical Challenges for VoIP Deployment
- Which are the most critical?
0.00% 10.00% 20.00% 30.00% 40.00%
ConsumerSubscription
Development/Deployment
Revenue Assurance
Taxation
QoS
Standards (IETF, ITU,ANSI/ATIS)
E911
Security
Lawful Surveillance
![Page 6: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/6.jpg)
6 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Intro – Present and FutureNGN/ The Converged Network Components & ProtocolsSecurity
ThreatsVulnerabilitiesAttacks
VoIP FirewallsAssessment ToolsApproaches to secure NGN networksConclusionsFurther Research
OutlineOutline
![Page 7: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/7.jpg)
7 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Carrier VoIP Architectures – Packet CableCarrier VoIP Architectures – Packet Cable
![Page 8: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/8.jpg)
8 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
The Converged NetworkThe Converged Network
![Page 9: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/9.jpg)
9 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Carrier VoIP Architectures - IMSCarrier VoIP Architectures - IMS
![Page 10: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/10.jpg)
10 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Enterprise VoIP ArchitectureEnterprise VoIP Architecture
![Page 11: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/11.jpg)
11 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Skype ArchitectureSkype Architecture
![Page 12: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/12.jpg)
12 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Intro – Present and FutureNGN/ The Converged Network Components & ProtocolsSecurity
ThreatsVulnerabilitiesAttacks
VoIP FirewallsAssessment ToolsApproaches to secure NGN networksConclusionsFurther Research
OutlineOutline
![Page 13: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/13.jpg)
13 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Components and Signaling Components and Signaling ProtocolsProtocols
![Page 14: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/14.jpg)
14 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
ProtocolsProtocols
![Page 15: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/15.jpg)
15 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Dive in to the Stack – SIP ExampleDive in to the Stack – SIP Example
INVITE sip:[email protected] SIP/2.0Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK77dsMax-Forwards: 70To: Bob <sip:[email protected]>From: Alice <sip:[email protected]>;tag=1928301774Call-ID: [email protected]: 314159 INVITEContact: <sip:[email protected]>Content-Type: application/sdpContent-Length: 142v=0 o=user 29739 7272939 IN IP4 pc33.atlanta.coms= c=IN pc33.atlanta.comk=clear:3b6bssiGao7Vv8Jo7sgBaLLkbrm=audio 49210 RTP/AVP 0 12m=video 3227 RTP/AVP 31a=rtpmap:31 LPC/8000
SIP
SDP
Format :
k=<method>:<encryption key>
Method=clear, base64, uri, prompt
![Page 16: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/16.jpg)
16 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Dive in to the Stack – SRTP ExampleDive in to the Stack – SRTP Example
Image from IETF proceedings, Aug. 2001
![Page 17: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/17.jpg)
17 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Example – SIP CallExample – SIP Call
![Page 18: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/18.jpg)
18 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Intro – Present and FutureNGN/ The Converged Network Components & ProtocolsSecurity
ThreatsVulnerabilitiesAttacks
VoIP FirewallsAssessment ToolsApproaches to secure NGN networksConclusionsFurther Research
OutlineOutline
![Page 19: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/19.jpg)
19 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
What are the Threats?What are the Threats?
ThreatThreat Target(s)Target(s)Service disruption (amplification attacks DoS/DDoS)
Network Owners, Service Providers, Subscribers
Eavesdropping (including traffic analysis)
Network Owners, Service Providers, Subscribers
Fraud (including service and intellectual assets, confidential information)
Network Owners, Service Providers
Unauthorized access (compromise systems with intentions to attack other systems or exploit vulnerabilities to commit fraud and eavesdropping).
Network Owners, Service Providers, Subscribers
Annoyance (e.g. SPIT) Subscribers
![Page 20: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/20.jpg)
20 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
11stst Case of VoIP Fraud Case of VoIP Fraud FBI arrests two for VoIP Fraud Pena, Moore
http://www.foxnews.com/story/0,2933,198778,00.html Duration 8 months Revenue/Fraud $2M Attack Objective: Compromise service VoIP service
providers and enterprise networks that support VoIP to route unauthorized VoIP traffic originating from Telecom carriers.
Upstream provider pays fraudster, downstream provider doesn’t know.
![Page 21: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/21.jpg)
21 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Where are the vulnerabilities?Where are the vulnerabilities?Threat model, vulnerabilities originate from the difficulty
to foresee future threats (e.g. Signaling System No.7)
Design & specification vulnerabilities come from errors or oversights in the design of the protocol that make it inherently vulnerable (e.g., SIP, MCGP, 802.11b)
Implementation vulnerabilities are vulnerabilities that are introduced by errors in a protocol implementation
Architecture, network topology and association (e.g. routing) with other network elements.
![Page 22: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/22.jpg)
22 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Attacks (lab-experimentation)Attacks (lab-experimentation) DoS
Against phones, proxies, routers SIP/MGCP/H.323/RTP
Call Hijacking Flood target phone Spoof registration Calls are routed to the location described in
the new registration
Eavesdropping and traffic analysis
![Page 23: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/23.jpg)
23 of 62 © 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Attacks - Attacks - Spoofing Caller-IDSpoofing Caller-ID
![Page 24: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/24.jpg)
24 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Companies that offer Caller-ID Companies that offer Caller-ID SpoofingSpoofing
https://connect.voicepulse.com/
http://www.nufone.net/
http://www.spooftel.net/
![Page 25: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/25.jpg)
25 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Spoofing Caller-ID using SiVuSSpoofing Caller-ID using SiVuS Manipulate the FROM header information Send and INVITE to a phone
![Page 26: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/26.jpg)
26 of 62 © 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Lab Exercise #4Lab Exercise #4
Presence Hijacking/Masquerading Attack using SIP
![Page 27: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/27.jpg)
27 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Presence Hijacking using Presence Hijacking using SiVuSSiVuS The objective is to spoof a REGISTER
request The REGISTER request contains the
“Contact:” header which indicates the IP address of the SIP device.
![Page 28: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/28.jpg)
28 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Presence Hijacking using SiVuS – Presence Hijacking using SiVuS – Regular Register RequestRegular Register Request
![Page 29: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/29.jpg)
29 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
The AttackThe Attack
![Page 30: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/30.jpg)
30 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Manipulated REGISTER request Manipulated REGISTER request propertiesproperties
REGISTER sip:216.1.2.5 SIP/2.0Via: SIP/2.0/UDP 192.168.1.6;branch=xajB6FLTEHIcd0From: 732-835-0102 <sip:[email protected]:5061>;tag=5e374a8bad1f7c5x1To: 732-835-0102 <sip:[email protected]:5061>Call-ID: [email protected]: 123456 REGISTERContact: 2125550102 <sip:[email protected]:5061>;Digest username="12125550102",realm="216.1.2.5",nonce="716917624",uri="sip:voip-service-provider.net:5061",algorithm=MD5,response="43e001d2ef807f1e2c96e78adfd50bf7"Max_forwards: 70User Agent: 001217E57E31 VoIP-Router/RT31P2-2.0.13(LIVd)Content-Type: application/sdpSubject: SiVuS TestExpires: 7200Content-Length: 0
IP address of the VoIP device on which a
POTS phone is attached
IP address that calls will be
routed to (attacker)
Authentication MD5 digest can beintercepted
and used to replay messages
![Page 31: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/31.jpg)
31 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Presence Hijacking using SiVuS – Presence Hijacking using SiVuS – The REGISTER MessageThe REGISTER Message
![Page 32: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/32.jpg)
32 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
The ExerciseThe Exercise Using SiVuS craft a REGISTER request In the “Contact” header insert your IP
address Send the registration request to the SIP
proxy Make a phone call to the user you
spoofed to see if the call is diverted.
![Page 33: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/33.jpg)
33 of 62 © 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Attacks - EavesdroppingAttacks - EavesdroppingDecoding communications with EtherealDecoding communications with Ethereal
![Page 34: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/34.jpg)
34 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Ethereal capture and decode to Ethereal capture and decode to .au file (1 of 3).au file (1 of 3)
![Page 35: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/35.jpg)
35 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Ethereal capture and decode to Ethereal capture and decode to .au file (2 of 3).au file (2 of 3)
Analyze a session will automatically re-assemble the selected session which can be save to an audio file.
![Page 36: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/36.jpg)
36 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Ethereal capture and decode to Ethereal capture and decode to .au file (3 of 3).au file (3 of 3)
Analyzed sessions can be save to a .au (audio) file.
![Page 37: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/37.jpg)
37 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
The resultThe result
![Page 38: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/38.jpg)
38 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Intro – Present and FutureNGN/ The Converged Network Components & ProtocolsSecurity
ThreatsVulnerabilitiesAttacks
VoIP FirewallsAssessment ToolsApproaches to secure NGN networksConclusionsFurther Research
OutlineOutline
![Page 39: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/39.jpg)
39 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
VoIP and FirewallsVoIP and FirewallsProblems NAT traversal SIP spam Various attacks,
including DoS
Current solutions Application Layer Gateways
(ALGs) Session Border Controllers ICE – Interactive
Connectivity Establishment (STUN, TURN, MIDCOM)
![Page 40: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/40.jpg)
40 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Intro – Present and FutureNGN/ The Converged Network Components & ProtocolsSecurity
ThreatsVulnerabilitiesAttacks
VoIP FirewallsAssessment ToolsApproaches to secure NGN networksConclusionsFurther Research
OutlineOutline
![Page 41: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/41.jpg)
41 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
ToolsTools Eavesdropping
Ethereal Vomit (vomit - voice over misconfigured internet telephones)
http://vomit.xtdnet.nl/ VoIPong - http://www.enderunix.org/voipong/
Assessment SIVuS – The VoIP Vulnerability Scanner –
www.vopsecurity.org
![Page 42: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/42.jpg)
42 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Tool – Attack TrendTool – Attack Trend
More tools are being developed
![Page 43: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/43.jpg)
43 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Vulnerability Assessment Vulnerability Assessment
SiVuS
![Page 44: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/44.jpg)
44 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
SiVuS – Message GeneratorSiVuS – Message Generator
![Page 45: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/45.jpg)
45 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
SiVuS - DiscoverySiVuS - Discovery
![Page 46: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/46.jpg)
46 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
SiVuS – configurationSiVuS – configuration
![Page 47: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/47.jpg)
47 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
SiVuS – Control PanelSiVuS – Control Panel
![Page 48: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/48.jpg)
48 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
SiVuS – ReportingSiVuS – Reporting
![Page 49: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/49.jpg)
49 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
SiVuS – Authentication AnalysisSiVuS – Authentication Analysis
![Page 50: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/50.jpg)
50 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Intro – Present and Future NGN/ The Converged Network Components & Protocols Security
ThreatsVulnerabilitiesAttacks
VoIP Firewalls Assessment Tools Approaches to secure VoIP/NGN networks Conclusions Further Research
OutlineOutline
![Page 51: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/51.jpg)
51 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
How do we secure NGN networks?How do we secure NGN networks?
Page 51
SECURITY is NOT a product, it’s a PROCESS !SECURITY is NOT a product, it’s a PROCESS !
Fro
m t
he
gro
un
d u
pF
rom
th
e g
rou
nd
up
Ass
ess
and
Ver
ify
Ass
ess
and
Ver
ify
![Page 52: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/52.jpg)
52 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Intro – Present and FutureNGN/ The Converged Network Components & ProtocolsSecurity
ThreatsVulnerabilitiesAttacks
VoIP FirewallsAssessment ToolsApproaches to secure NGN networksConclusionsFurther Research
OutlineOutline
![Page 53: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/53.jpg)
53 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Conclusions (1 of 2)Conclusions (1 of 2) Security is not a product, it’s a process! Can we have adequately secure VoIP networks?
Yes, but at what cost? -> Performance (e.g., There is a performance impact when using
IPSec point to point for signaling) Time and expertise. It requires appropriate resources and time
to secure out of the box products. We need to ask vendors to have baseline security requirements for VoIP products.
Is voice quality degraded with encryption? Not really
![Page 54: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/54.jpg)
54 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Conclusions (2 of 2)Conclusions (2 of 2) How’s security in VoIP products today?
Poor to average security controls are not mature not implemented in deployments Implementations inherit traditional vulnerabilities
(e.g. Buffer Overflows) We need better developed software that do not maintain
poor security standards. Security controls/features to enforce stronger security
posture (protocol, user and administrative) Define and impose baseline security requirements for
product vendors
![Page 55: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/55.jpg)
55 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Intro – Present and FutureNGN/ The Converged Network Components & ProtocolsSecurity
ThreatsVulnerabilitiesAttacks
VoIP FirewallsAssessment ToolsApproaches to secure NGN networksConclusionsFurther Research
OutlineOutline
![Page 56: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/56.jpg)
56 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Distributed VoIP Security TestbedDistributed VoIP Security Testbed
NSF funding, $600K http://www.nsf.gov/news/news_summ.jsp?cntn_id=106828
Research areas Denial of Service (DoS) and Distributed DoS (DDoS) Spam and “Spit” Social Networks Identity Management Quality of Service (QoS) and Security Mechanisms
![Page 57: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/57.jpg)
57 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Testbed conceptual viewTestbed conceptual view
![Page 58: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/58.jpg)
58 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
VoP Security ForumVoP Security Forum
The objectives of the VoPSecurity.org forum:
Encourage education in NGN/VoIP security through publications, online forums and mailing lists ([email protected] and [email protected])
Develop capabilities (tools, interoperability testing, methodologies and best practices) for members to maintain security in their respective infrastructure.
Conduct research to help identify vulnerabilities and solutions associated with NGN/VoIP.
Coordinate annual member meetings to disseminate information, provide updates and promote interaction and initiatives regarding NGN/VoIP security.
The VoP Security forum is viewed as a mechanism for participating members to be proactive and stay current with the threats and vulnerabilities associated with NGN/VoIP security and extend research in this area.
![Page 59: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/59.jpg)
59 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
VoPSecurity ForumVoPSecurity Forum Current Activities
Mailing lists Public ([email protected])
Documentation Intro to NGN Security (available) Vulnerability Analysis Methodology for VoIP networks (in
development) VoIP Firewalls (in development)
Tools SiVuS – VoIP vulnerability Scanner (available)
Research Security evaluation of residential VoIP gateways
Join the
Join the community
community !
![Page 60: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/60.jpg)
60 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
StandardsStandards ITU
Focus Group on Next Generation Networks (FGNGN ) - http://www.itu.int/ITU-T/ngn/fgngn/
Open Communications Architecture Forum (OCAF) Focus Group http://www.itu.int/ITU-T/ocaf/index.html
IETF Transport area -
http://www.ietf.org/html.charters/wg-dir.html#Transport%20Area Security Area -
http://www.ietf.org/html.charters/wg-dir.html#Security%20Area ATIS - http://www.atis.org/0191/index.asp
T1S1.1--Lawfully Authorized Electronic Surveillance T1S1.2--Security
Lawful Intercept 3GPP - TS 33.106 and TS 33.107 ETSI DTS 102 v4.0.4
![Page 61: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/61.jpg)
61 of 62© 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
ReferencesReferences NIST –
Security Considerations for VoIP Systems Voice over Internet Protocol (VoIP), Security Technical Implementation Guide (DISA)
http://www.ietf.org/html.charters/iptel-charter.html IP Telephony Tutorial, http://www.pt.com/tutorials/iptelephony/ Signaling System 7 (SS7), http://www.iec.org/online/tutorials/ss7/topic14.html SIP - http://www.cs.columbia.edu/sip/ IP Telephonly with SIP - www.iptel.org/sip/ SIP Tutorials
The Session Initiation Protocol (SIP) http://www.cs.columbia.edu/~hgs/teaching/ais/slides/sip_long.pdf SIP and the new network communications model
http://www.webtorials.com/main/resource/papers/nortel/paper19.htm H.323 ITU Standards, http://www.imtc.org/h323.htm Third Generation Partnership Project (3gpp), http://www.3gpp.org/
![Page 62: "Attacks against VOIP"](https://reader035.vdocuments.site/reader035/viewer/2022081421/55757eb8d8b42adb7e8b4f83/html5/thumbnails/62.jpg)
62 of 62 © 2006 Palindrome Technologies, All Rights Reserved© 2006 Palindrome Technologies, All Rights Reserved
Q & AQ & A
Contact info:Peter [email protected] [email protected]