RE: Voice over IP applications vulnerabilites/attacks ?

From: Paul D. Scallan, Jr. (depo@kaufmanandassociates.com)
Date: 01/02/03

  • Next message: Paul D. Scallan, Jr.: "RE: Voice over IP applications vulnerabilites/attacks ?" 
    From: "Paul D. Scallan, Jr." <depo@kaufmanandassociates.com>
To: "'Avi Chesla'" <avic@V-Secure.com>, <focus-ids@securityfocus.com>
Date: Thu, 2 Jan 2003 12:02:35 -0600

    I am going to assume that you are talking VOIP in the "phone to phone"
    sense (although the following can apply to any application of VOIP).

    I think you will find that certain phones themselves are prone to
    certain vulnerabilities. See:
    http://www.eweek.com/article2/0%2C3959%2C373289%2C00.asp Mostly the
    problem with the phones themselves are: they contain remote-accessible
    code which can be exploited to cause a denial of service, and possibly
    leak information and the phones are also weak in ways that facilitate
    man-in-the-middle attacks directed at intercepting telephone traffic.

    Also, There are three main vulnerabilities to IP networks and these
    result from its benefits. While in the traditional voice network one has
    to tap into a specific circuit to eavesdrop, in an IP network any
    equipment connected to the corporate LAN can identify, store and
    playback the VoIP packets that traverse that LAN. The use of shared
    media by VoIP systems opens the door to some uncertainty as to the
    source of a call, and may require authentication. The anonymity of an
    unprotected, unauthenticated IP network makes it susceptible to hostile
    use, such as prank calls, sending computer viruses or flooding the
    network. Despite the above, the vulnerability of an authenticated,
    protected VoIP network to internal abuse does not markedly differ from
    traditional telephone networks. Since there is no such thing as a
    secure IP network, only secure computing - one must secure the
    telephones, conversations, computers, and servers. Set up a chain of
    trust for authentication (encryption), control access (passwords and
    firewalls), encrypt for privacy, and employ call accounting software to
    establish accountability. One can achieve some measure of security by
    strategically allocating sub-nets, and choosing to use IP Switches
    instead of IP Hubs. However, security considerations should not override
    routing and traffic accommodations. Firewalls can and should be used to
    protect segments of a network from hostile traffic. This does not
    relieve each network device from protecting itself and filtering out
    undesired communications. Physical and network access to any VoIP server
    that is used to authenticate users, that controls access to the public
    telephone network, or that contains potentially confidential information
    should be locked down and treated with the same security precautions as
    any server with a confidential database.

    Further, another good article:
    http://www.eetimes.com/story/OEG20021014S0072

    PAUL D. SCALLAN, JR.
    IT/IS/Production Manager - Paralegal
    KAUFMAN & ASSOCIATES, INC.,
    VOICERITE! and SCALLAN SERVICES
    The Moss Building
    109 East Vermilion, Suite 200
    Lafayette, Louisiana 70501
    337-237-4434 (main)
    800-503-2274 (toll-free)
    337-234-0715 (facsimile)
    337-247-4486 (24 hour mobile)
    depo@kaufmanandassociates.com
    http://www.kaufmanandassociates.com
    http://www.voicerite.net
    http://www.scallanservices.com
     

    -----Original Message-----
    From: Avi Chesla [mailto:avic@V-Secure.com]
    Sent: Thursday, January 02, 2003 11:14 AM
    To: 'focus-ids@securityfocus.com'
    Subject: Voice over IP applications vulnerabilites/attacks ?

    Hi,

    Is anyone familiar with Voice over IP vulnerabilities/Intrusions, floods
    etc ?

    I heard Checkpoint has some new protection capabilities concerning the
    issue.

    Avi

    Relevant Pages

    • RE: Voice over IP applications vulnerabilites/attacks ?
      ... My reply was essentially......have good network security design at the ... many vendors that have phones and phone systems with problems. ... Keith is right....the VOIP circuit has been relatively left alone on the ...
      (Focus-IDS)
    • Re: how to block VOIP on cisco routers?
      ... > 2nd problem is streaming radio, people just chewing up bandwidth the whole ... Network Administrator? ... will define that it's prohibited to use IP phones and listen an Interent ... If your manager or VP will decide to listen some news or make an VoIP ...
      (comp.dcom.sys.cisco)
    • RE: Question on VoIP security
      ... > I am currently facing an Intranet VoIP project (will be restricted to ... > 1 organization's Intranet, geographically disperse), from the security ... network, but treat the security side of it as you would any data port. ... just got a little easier as the phones are all going to have the same ...
      (Security-Basics)
    • SQL Voice Over IP Exposed!
      ... VOIP can Lower telecom costs and help with network ... consolidation -- and cause security problems if not handled right. ... "The idiosyncrasies of voice data may strain your security system to ...
      (comp.dcom.telecom)
    • Re: 2 networks on sbs
      ... I'm using Cisco switches with Cisco phones, ... <I have one account with one switch for the phones and another switch for ... Another account uses Cisco phones and Cisco switches. ... First, could you tell me what your network topology is, this is very ...
      (microsoft.public.windows.server.sbs)