VoIP Security Assessment Service Mark D. Collier Chief Technology Officer

VoIP systems are vulnerable:  Platforms, network, and application are vulnerable  VoIP-specific attacks are becoming more common  Security isn ’ t always a consideration during deployment The threat is increasing:  VoIP deployment is growing  Deployments are critical to business operations  Greater integration with the data network  More attack tools being published  The hacking community is taking notice VoIP Security Status

Internet Connection Internet Voice VLAN Public Voice Network Campus VoIP TDM Trunks TDM Phones IP Phones Data VLAN PCs IP PBX CM GatewayDNS Admin DB TFTP DHCP The threat is primarily internal

Internet Connection Internet Voice VLAN Public Voice Network Public VoIP SIP Trunks TDM Phones IP Phones Data VLAN PCs IP PBX CM GatewayDNS Admin DB TFTP DHCP And may also be external when SIP trunks are used

IP PBX:  Server platforms  Various gateway cards  Supporting infrastructure Network:  Switches, routers, firewalls  VLAN configurations Endpoints:  IP phones and softphones Vulnerabilities Across Components

General Purpose Operating System Network Stack (IP, UDP, TCP) VoIP Protocols Services TFTP, SNMP, DHCP, DB, Web Server Voice Application Worms/Viruses Targeting The Operating System Trivial DoS Attacks MITM Attacks TFTP Brute Force Attack SNMP Enumeration DHCP Starvation SQL Slammer Worm Vulnerabilities at Multiple Layers Flood DoS Fuzzing Application Attacks Poor Configuration Weak Passwords Insecure Management Insecure Architecture

There is no “ one ” security product that is needed for campus VoIP environments What is needed is to secure the various vendor VoIP offerings Securing deployments is possible, but requires proper configuration, features, and products SecureLogix is offering a VoIP security assessment service VoIP Security Assessment Service

Based on real-world enterprise assessment experience Ongoing custom test tool development Completed Hacking Exposed: VoIP Includes on-site assessments as well as remote-assisted VoIP Security Assessment Service

Vulnerability assessment process consisting of:  Discovery tests (Footprinting, scanning, and enumeration)  Network tests (DoS, eavesdropping, MITM)  Vendor platform tests  Application and configuration tests Tools are freeware, commercial, and proprietary Optional external visibility and access tests Optional penetration tests Security policy and checklist review Provide tailored recommendations Basic Process

Assessments are based on-site testing An “ appliance ” based, recurring assessment capability will be available in Q2. Engagements vary from 1-8 weeks, depending on scope Include testing of all model sites Staffed internally with SecureLogix personnel Delivered stand-alone or as part of a broader security assessment Cleared personnel for government engagementsDelivery

A subscription based service available in late Q2 A hardened Linux appliance is delivered and installed with the necessary network interfaces The appliance establishes an SSH connection with SecureLogix The appliance runs the same set of tests and reports. Some are automated and some are scheduled by SecureLogix The results are used to build the same set of reports Appliance-Based Delivery

Assessment report including:  Executive summary  Key findings  Summarized results  Tailored recommendations Executive and technical level presentation Security policy/checklist recommendations All raw dataDeliverables