1 / 32

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation www.securelogix.com

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation www.securelogix.com mark.collier@securelogix.com. Voice Security Introduction. Voice security includes traditional and VoIP systems VoIP systems are vulnerable: The primary vendors are improving their systems, but..

tabib
Download Presentation

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation www.securelogix.com

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation www.securelogix.com mark.collier@securelogix.com

  2. Voice Security Introduction • Voice security includes traditional and VoIP systems • VoIP systems are vulnerable: • The primary vendors are improving their systems, but.. • Security is rarely a major a consideration during deployment • Platforms, network, and applications are vulnerable • Many available VoIP attack tools • Fortunately, the (mostly internal) threat is still moderate • VoIP deployment is growing • Greater integration with the data network • Application threats remain the biggest issue • SIP trunks will increase the threat

  3. Traditional Voice Security TDMPhones PBX TDMTrunks PublicVoiceNetwork Modem Fax InternetConnection Modem Internet Servers/PCs

  4. Traditional Voice Security TDMPhones PBX TDMTrunks PublicVoiceNetwork Modem Fax Internet Attacks Scanning/DoS Email SPAM Web Attacks InternetConnection Modem Internet Servers/PCs

  5. Traditional Voice Security TDMPhones PBX TDMTrunks PublicVoiceNetwork Modem Fax Internet Attacks Scanning/DoS Email SPAM Web Attacks InternetConnection Modem Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  6. Traditional Voice Security Toll fraud Social engineering Harassing calls Modem issues TDMPhones PBX TDMTrunks PublicVoiceNetwork Modem Fax InternetConnection Modem Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  7. Traditional Voice Security Toll fraud Social engineering Harassing calls Modem issues TDMPhones PBX TDMTrunks PublicVoiceNetwork Modem Voice Firewall Fax InternetConnection Modem Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  8. Campus VoIP IP PBX TDMPhones TDMTrunks PublicVoiceNetwork CM VM CC Admin Modem Voice Firewall Fax Gateway DB TFTPDHCP DNS Voice VLAN IP Phones InternetConnection Data VLAN Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  9. Campus VoIP IP PBX Toll fraud Social engineering Harassing calls Modem issues TDMPhones TDMTrunks PublicVoiceNetwork CM VM CC Admin Modem Voice Firewall Fax Gateway DB TFTPDHCP DNS Voice VLAN IP Phones InternetConnection Data VLAN Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  10. Campus VoIP IP PBX Toll fraud Social engineering Harassing calls Modem issues TDMPhones TDMTrunks PublicVoiceNetwork CM VM CC Admin Modem Voice Firewall Fax Gateway DB TFTPDHCP DNS Attacks Can Originate From The Internal Network Voice VLAN IP Phones InternetConnection Data VLAN Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  11. SIP Trunks IP PBX TDMPhones SIPTrunks PublicVoiceNetwork CM VM CC Admin Modem Voice Firewall Fax Gateway DB TFTPDHCP DNS Voice VLAN IP Phones InternetConnection Data VLAN Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  12. SIP Trunks IP PBX Toll fraud Social engineering Harassing calls Modem issues TDMPhones SIPTrunks PublicVoiceNetwork CM VM CC Admin Modem Voice Firewall Fax Gateway DB TFTPDHCP DNS Voice VLAN IP Phones InternetConnection Data VLAN Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  13. SIP Trunks IP PBX Toll fraud Social engineering Harassing calls Modem issues TDMPhones SIPTrunks PublicVoiceNetwork CM VM CC Admin Modem Voice Firewall Fax Gateway DB TFTPDHCP DNS Scanning Fuzzing Flood DoS Voice VLAN IP Phones InternetConnection Data VLAN Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  14. SIP Trunks IP PBX Toll fraud Social engineering Harassing calls Modem issues TDMPhones SIPTrunks PublicVoiceNetwork CM VM CC Admin Modem Voice Firewall SIP Firewall Fax Gateway DB TFTPDHCP DNS Scanning Fuzzing Flood DoS Voice VLAN IP Phones InternetConnection Data VLAN Internet Firewall/IDPS Email SPAM filter Web security Servers/PCs

  15. Many Components in VoIP • IP PBX: • Server platforms • Various gateway cards • Adjunct systems • Network: • Switches, routers, firewalls • Shared links • VLAN configurations • Endpoints: • IP phones and softphones • Protocol Issues (SIP):

  16. Vulnerabilities At Many Layers IP PBX Vulnerabilities Voice Application Poor ConfigurationWeak PasswordsInsecure Management Insecure Architecture TFTP Brute Force AttackSNMP EnumerationDHCP StarvationSQL Attacks VoIPProtocols ServicesTFTP, SNMP, DHCP, DB,Web Server Flood DoSFuzzingApplication Attacks Network Stack(IP, UDP, TCP) Trivial DoS AttacksMITM Attacks General PurposeOperating System Worms/VirusesTargeting TheOperating System

  17. IP PBX DoSFloods FuzzingDoS UnauthorizedAccess CM VM CC Admin SPITPhishing Modems Gateway DB TFTPDHCP DNS TollFraud PhysicalAttacks ResourceStarvation Sniffing Eavesdropping IP PBX Vulnerabilities

  18. IP PBX Underlying OS NetworkStacks ManagementInterfaces CM VM CC Admin TDM Interfaces WebServer Gateway DB TFTPDHCP DNS Signaling TFTP RTP SNMP Other CommonServices DHCPDNS SQL IP PBX Vulnerabilities

  19. Network Vulnerabilities Network Vulnerabilities • The network can also be attacked: • Platform attacks • DoS • Shared link saturation • Eavesdropping • Incorrect VLAN configuration • Man-in-the-middle attacks

  20. IP Phone Vulnerabilities IP Phone Vulnerabilities • IP phones can also be attacked: • Physical access • Poor passwords • Signaling/media • DoS • Unnecessary services

  21. IP Phone Vulnerabilities Protocol Vulnerabilities (SIP) • Directory Scanning • Fuzzing • Flood-based Denial of Service (DoS) • Registration manipulation • Call termination • RTP manipulation

  22. Directory Scanning 1. INVITE derek@tpti (spoofed source IP) Proxy Server Send INVITEs/OPTIONs/REGISTERS To Scan For IP Phones

  23. Fuzzing Location Server Malformed SIP Malformed SIP Proxy Server Malformed SIP

  24. Flood-based DoS 1. INVITE derek@tpti (spoofed source IP) Proxy Server Send 1000000 INVITEs Send enough INVITEs to Ring All Phones

  25. Registration Manipulation Location Server 3. REGISTER sip:derek@tpti.com Contact < mugatu@11.5.6.8 > Expires: 1800 2. “To contact sip:derek@tpti.com Use sip:derek@11.5.6.7 for 60 minutes” 4. “To contact sip:derek@tpti.com Use sip:mugatu@11.5.6.8 for 30 minutes” 1. REGISTER sip:derek@tpti.com Contact <sip:derek@11.5.6.7> Expires: 3600 3. 200 OK Registrar derek’s Phone

  26. Call Termination 6. INVITE derek@11.5.6.7 7. 200 OK 8. RTP Conversation 7. SIP CANCEL derek@11.5.6.7 9. SIP BYE derek@11.5.6.7

  27. RTP Tunneling

  28. RTP Manipulation

  29. IP Phone Vulnerabilities Application Issues • Toll fraud • Minor misuse • Dial through fraud • Social engineering • Harassing callers • Various modem issues • Poorly secured modems used for remote access • ISP modems

  30. IP Phone Vulnerabilities Best Practices • Develop a voice/VoIP security policy • Address application issues at the perimeter • Prioritize security during VoIP deployments • Consider a VoIP security assessment • Follow good basic data network security for internal network • Deploy SIP security when using SIP trunks

  31. IP Phone Vulnerabilities Resources • www.voipsa.org • www.blueboxpadcast.com • www.securelogix.com • www.voipsecurityblog.com • Vendor sites

  32. Questions?

More Related