Download presentation
Presentation is loading. Please wait.
Published byVeronica Figures Modified over 9 years ago
1
SOURCE BOSTON 2008 Copyright 2008, James M. Atkinson
2
Telephone Defenses Against the Dark Arts James M. Atkinson Granite Island Group www.tscm.com
3
Telephone Vulnerability Basics 1. Instrument 2. Local Distribution 3. Local Switch 4. Demarcation/Network Interface 5. Transmission 6. Switching
4
Instrument Vulnerabilities 1.Speaker of Microphone Exploit 2.Installation of Foreign Device 3.Hookswitch Manipulation 4.Software/Firmware Exploits 5.Normal Operation Exploits 6.Moderate Protection, Easy to Subvert
5
Local Distribution Vulnerabilities 1.Wall Plates 2.Raw Wiring 3.Cross Connection Points 4.Normally Not Protected or Supervised
6
Local Switch Vulnerabilities 1.Cross Connections Points 2.Switch Inputs/Outputs 3.Switch/PCM Backplane 4.Parallel Channels 5.Switch Software/Firmware Exploits 6.May or May Not Be Protected
7
Demarcation/Network Interface Vulnerabilities 1.Ripe for Exploitation 2.Poorly Protected 3.Generally Accessible 4.Target Specific 5.Significant Choke Point
8
Local Transmission Network Vulnerabilities 1.Post Demarcation/NID 2.Before Switch 3.Easy to Isolate Single Subscriber 4.Open Terminals and Boots 5.Not Protected, Wide Open
9
Switching Vulnerabilities 1.Central Office 2.Used to Be Huge Buildings 3.Modern Small Scale Switching 4.Post 9-11 Logo Removals 5.High Value OVERT Choke Point CALEA and.gov targeting CALEA and.gov targeting 6.Usually Highly Protected
10
Transmission Network Vulnerabilities 1.Mostly Single Mode Fiber Optics 2.Accessible Pubic Pathways 3.Usually Well Marked 4.High Value COVERT Choke Point 5.Cable Vaults on Alarms 6.“Supervised” Against Breakage
11
Telephonic Integration Voice over IP Voice over IP Cable ModemsCable Modems Other Broadband ServicesOther Broadband Services ISDN ISDN Fiber Optic Internet Service Fiber Optic Internet Service EVDO EVDO Other Wireless Services Other Wireless Services
12
The Realistic Threat RF Device RF Device Hard Wired Recorder Hard Wired Recorder Wireless Intercept Wireless Intercept Software Manipulation Software Manipulation Other Methods Other Methods
13
Essential Tasks Conductor Inventory Conductor Inventory Pathway Mapping Pathway Mapping Known Electronic Metrics Known Electronic Metrics Re-Testing Against MetricRe-Testing Against Metric Open TestingOpen Testing Physical Inspection Physical Inspection
14
Auditing Telephone Instruments What Kind of Phones What Kind of Phones “Soft Under-Belly” “Soft Under-Belly” What Should It Normally Do What Should It Normally Do Is It a Risk?Is It a Risk? Is It a Threat?Is It a Threat? Hostile Manipulation?Hostile Manipulation? Feature, Hazard, or Risk?
15
Auditing Wiring What Wire is in the Walls? What Wire is in the Walls? What Wire is in the Ceiling? What Wire is in the Ceiling? Wall Plates? Wall Plates? Termination Points Termination Points Junction Points/Punch Blocks Junction Points/Punch Blocks
16
Auditing Wiring Conductor Maps Conductor Maps Signal PathwaysSignal Pathways Pair CombinationsPair Combinations Industry Standard Pin-OutsIndustry Standard Pin-Outs Color Codes?Color Codes? Conductor LengthConductor Length Fractions of an Inch Accuracy Fractions of an Inch Accuracy Non Linear Junction CombinationsNon Linear Junction Combinations
17
Auditing Transmission Paths Map Out Every Map Out Every CableCable ConductorConductor WireWire Fortuitous PathwayFortuitous Pathway Location Must Be Within InchesLocation Must Be Within Inches
18
Auditing Switching Systems What is a the Default Generic? What is a the Default Generic? Actual Translation?Actual Translation? What is Different?What is Different? Is it Safe?Is it Safe? Always Reduce to Hardcopy Form Always Reduce to Hardcopy Form
19
Auditing Secure Communications Systems Tampering with Actual Instrument Tampering with Actual Instrument Tampering with: Tampering with: Uncontrolled AccessoriesUncontrolled Accessories Handsets, Cords Cables Handsets, Cords Cables Power Supplies Power Supplies Low Bandwidth (300 Hz) Filter Bypass Low Bandwidth (300 Hz) Filter Bypass Proximity to RF Emitters Proximity to RF Emitters
20
Prior Penetrations, Hacks, and Attacks. Common Manipulations Common Manipulations Raw Hacking/Manipulations Raw Hacking/Manipulations Naked Attacks Naked Attacks Appropriate Counter Measures Appropriate Counter Measures
21
VOIP Attacks Extremely High Risk Extremely High Risk Rarely Utilize Hook SwitchRarely Utilize Hook Switch Open MicrophoneOpen Microphone Firmware Can Be Remotely UpdatedFirmware Can Be Remotely Updated Network Provides a Serious Choke PointNetwork Provides a Serious Choke Point
22
Mechanisms to Detect and Defeat VOIP Attacks and Exploits Detection Detection Unregistered IP Address on VOIP NWUnregistered IP Address on VOIP NW Non-VOIP Asset on VOIP NetworkNon-VOIP Asset on VOIP Network Hub, not Switch Being UsedHub, not Switch Being Used Machine Being Used On BackboneMachine Being Used On Backbone Classic Man-in-the-Middle Exploit Classic Man-in-the-Middle Exploit Suspect Data Traffic on an Unused VOIP Phone LineSuspect Data Traffic on an Unused VOIP Phone Line
23
Methods to Secure VOIP Systems Utilize Smart Switches Utilize Smart Switches Keep VOIP Terminals on Dedicated Networks and Gateways Keep VOIP Terminals on Dedicated Networks and Gateways Do Not Integrate in Data Networks Do Not Integrate in Data Networks Lockdown Instrument Firmware Lockdown Instrument Firmware Disallow Firmware UpdatesDisallow Firmware Updates
24
Cardinal Rule Convenience and Privacy are Inversely Proportional™
25
Questions? Thank You
26
Telephone Defenses Against the Dark Arts James M. Atkinson Granite Island Group www.tscm.com
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.