Presentation is loading. Please wait.

Presentation is loading. Please wait.

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Similar presentations


Presentation on theme: "Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation"— Presentation transcript:

1 Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

2 Voice Security Introduction » Voice security includes traditional and VoIP systems » VoIP systems are vulnerable: » The primary vendors are improving their systems, but.. » Security is rarely a major a consideration during deployment » Platforms, network, and applications are vulnerable » Many available VoIP attack tools » Fortunately, the (mostly internal) threat is still moderate » VoIP deployment is growing » Greater integration with the data network » Application threats remain the biggest issue » SIP trunks will increase the threat

3 Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem

4 Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem Internet Attacks Scanning/DoS SPAM Web Attacks

5 Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem Internet Attacks Scanning/DoS SPAM Web Attacks Firewall/IDPS SPAM filter Web security

6 Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem Toll fraud Social engineering Harassing calls Modem issues Firewall/IDPS SPAM filter Web security

7 Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem Toll fraud Social engineering Harassing calls Modem issues Voice Firewall Firewall/IDPS SPAM filter Web security

8 Campus VoIP Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Firewall/IDPS SPAM filter Web security Voice Firewall

9 Campus VoIP Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Firewall/IDPS SPAM filter Web security Voice Firewall Toll fraud Social engineering Harassing calls Modem issues

10 Campus VoIP Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Attacks Can Originate From The Internal Network Toll fraud Social engineering Harassing calls Modem issues Firewall/IDPS SPAM filter Web security Voice Firewall

11 SIP Trunks Internet Connection Internet Public Voice Network SIP Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Firewall/IDPS SPAM filter Web security Voice Firewall

12 SIP Trunks Internet Connection Internet Public Voice Network SIP Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Toll fraud Social engineering Harassing calls Modem issues Voice Firewall Firewall/IDPS SPAM filter Web security

13 SIP Trunks Internet Connection Internet Public Voice Network SIP Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Scanning Fuzzing Flood DoS Toll fraud Social engineering Harassing calls Modem issues Voice Firewall Firewall/IDPS SPAM filter Web security

14 SIP Trunks Internet Connection Internet Public Voice Network SIP Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Scanning Fuzzing Flood DoS Toll fraud Social engineering Harassing calls Modem issues Voice Firewall SIP Firewall Firewall/IDPS SPAM filter Web security

15 SecureLogix corporate confidential » IP PBX: » Server platforms » Various gateway cards » Adjunct systems » Network: » Switches, routers, firewalls » Shared links » VLAN configurations » Endpoints: » IP phones and softphones » Protocol Issues (SIP) : Many Components in VoIP

16 SecureLogix corporate confidential Vulnerabilities At Many Layers General Purpose Operating System Network Stack (IP, UDP, TCP) VoIP Protocols Services TFTP, SNMP, DHCP, DB, Web Server Voice Application Worms/Viruses Targeting The Operating System Trivial DoS Attacks MITM Attacks TFTP Brute Force Attack SNMP Enumeration DHCP Starvation SQL Attacks Flood DoS Fuzzing Application Attacks Poor Configuration Weak Passwords Insecure Management Insecure Architecture IP PBX Vulnerabilities

17 SecureLogix corporate confidential IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Eavesdropping Resource Starvation Physical Attacks SPIT Phishing Toll Fraud Modems DoS Floods Unauthorized Access Fuzzing DoS Sniffing IP PBX Vulnerabilities

18 SecureLogix corporate confidential IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Other Common Services DHCP DNS SNMP Web Server RTP TDM Interfaces Underlying OS Management Interfaces TFTPSignaling Network Stacks SQL IP PBX Vulnerabilities

19 SecureLogix corporate confidential Network Vulnerabilities » The network can also be attacked: » Platform attacks » DoS » Shared link saturation » Eavesdropping » Incorrect VLAN configuration » Man-in-the-middle attacks Network Vulnerabilities

20 SecureLogix corporate confidential IP Phone Vulnerabilities » IP phones can also be attacked: » Physical access » Poor passwords » Signaling/media » DoS » Unnecessary services IP Phone Vulnerabilities

21 SecureLogix corporate confidential IP Phone Vulnerabilities » Directory Scanning » Fuzzing » Flood-based Denial of Service (DoS) » Registration manipulation » Call termination » RTP manipulation Protocol Vulnerabilities (SIP)

22 1. INVITE (spoofed source IP) Proxy Server Send INVITEs/OPTIONs/REGISTERS To Scan For IP Phones Send INVITEs/OPTIONs/REGISTERS To Scan For IP Phones Directory Scanning

23 Proxy Server Location Server Malformed SIP Fuzzing

24 1. INVITE (spoofed source IP) Proxy Server Send INVITEs Send enough INVITEs to Ring All Phones Send INVITEs Send enough INVITEs to Ring All Phones Flood-based DoS

25 Location Server Registrar 2. To contact Use for 60 minutes dereks Phone 1. REGISTER Contact Expires: OK 4. To contact Use for 30 minutes 3. REGISTER Contact Expires: 1800 Registration Manipulation

26 OK 6. INVITE 8. RTP Conversation 9. SIP BYE 7. SIP CANCEL Call Termination

27 RTP Tunneling

28 RTP Manipulation

29 SecureLogix corporate confidential IP Phone Vulnerabilities » Toll fraud » Minor misuse » Dial through fraud » Social engineering » Harassing callers » Various modem issues » Poorly secured modems used for remote access » ISP modems Application Issues

30 SecureLogix corporate confidential IP Phone Vulnerabilities » Develop a voice/VoIP security policy » Address application issues at the perimeter » Prioritize security during VoIP deployments » Consider a VoIP security assessment » Follow good basic data network security for internal network » Deploy SIP security when using SIP trunks Best Practices

31 SecureLogix corporate confidential IP Phone Vulnerabilities » » » » » Vendor sites Resources

32 Questions?


Download ppt "Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation"

Similar presentations


Ads by Google