Download presentation
Presentation is loading. Please wait.
1
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation www.securelogix.com mark.collier@securelogix.com
2
Voice Security Introduction » Voice security includes traditional and VoIP systems » VoIP systems are vulnerable: » The primary vendors are improving their systems, but.. » Security is rarely a major a consideration during deployment » Platforms, network, and applications are vulnerable » Many available VoIP attack tools » Fortunately, the (mostly internal) threat is still moderate » VoIP deployment is growing » Greater integration with the data network » Application threats remain the biggest issue » SIP trunks will increase the threat
3
Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem
4
Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem Internet Attacks Scanning/DoS Email SPAM Web Attacks
5
Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem Internet Attacks Scanning/DoS Email SPAM Web Attacks Firewall/IDPS Email SPAM filter Web security
6
Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem Toll fraud Social engineering Harassing calls Modem issues Firewall/IDPS Email SPAM filter Web security
7
Traditional Voice Security Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax PBX Modem Toll fraud Social engineering Harassing calls Modem issues Voice Firewall Firewall/IDPS Email SPAM filter Web security
8
Campus VoIP Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Firewall/IDPS Email SPAM filter Web security Voice Firewall
9
Campus VoIP Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Firewall/IDPS Email SPAM filter Web security Voice Firewall Toll fraud Social engineering Harassing calls Modem issues
10
Campus VoIP Internet Connection Internet Public Voice Network TDM Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Attacks Can Originate From The Internal Network Toll fraud Social engineering Harassing calls Modem issues Firewall/IDPS Email SPAM filter Web security Voice Firewall
11
SIP Trunks Internet Connection Internet Public Voice Network SIP Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Firewall/IDPS Email SPAM filter Web security Voice Firewall
12
SIP Trunks Internet Connection Internet Public Voice Network SIP Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Toll fraud Social engineering Harassing calls Modem issues Voice Firewall Firewall/IDPS Email SPAM filter Web security
13
SIP Trunks Internet Connection Internet Public Voice Network SIP Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Scanning Fuzzing Flood DoS Toll fraud Social engineering Harassing calls Modem issues Voice Firewall Firewall/IDPS Email SPAM filter Web security
14
SIP Trunks Internet Connection Internet Public Voice Network SIP Trunks TDM Phones Servers/PCs Modem Fax IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Voice VLAN IP Phones Data VLAN Scanning Fuzzing Flood DoS Toll fraud Social engineering Harassing calls Modem issues Voice Firewall SIP Firewall Firewall/IDPS Email SPAM filter Web security
15
SecureLogix corporate confidential. 080508 » IP PBX: » Server platforms » Various gateway cards » Adjunct systems » Network: » Switches, routers, firewalls » Shared links » VLAN configurations » Endpoints: » IP phones and softphones » Protocol Issues (SIP) : Many Components in VoIP
16
SecureLogix corporate confidential. 080508 Vulnerabilities At Many Layers General Purpose Operating System Network Stack (IP, UDP, TCP) VoIP Protocols Services TFTP, SNMP, DHCP, DB, Web Server Voice Application Worms/Viruses Targeting The Operating System Trivial DoS Attacks MITM Attacks TFTP Brute Force Attack SNMP Enumeration DHCP Starvation SQL Attacks Flood DoS Fuzzing Application Attacks Poor Configuration Weak Passwords Insecure Management Insecure Architecture IP PBX Vulnerabilities
17
SecureLogix corporate confidential. 080508 IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Eavesdropping Resource Starvation Physical Attacks SPIT Phishing Toll Fraud Modems DoS Floods Unauthorized Access Fuzzing DoS Sniffing IP PBX Vulnerabilities
18
SecureLogix corporate confidential. 080508 IP PBX CM Gate way DNS CCAdmin TFTP DHCP VM DB Other Common Services DHCP DNS SNMP Web Server RTP TDM Interfaces Underlying OS Management Interfaces TFTPSignaling Network Stacks SQL IP PBX Vulnerabilities
19
SecureLogix corporate confidential. 080508 Network Vulnerabilities » The network can also be attacked: » Platform attacks » DoS » Shared link saturation » Eavesdropping » Incorrect VLAN configuration » Man-in-the-middle attacks Network Vulnerabilities
20
SecureLogix corporate confidential. 080508 IP Phone Vulnerabilities » IP phones can also be attacked: » Physical access » Poor passwords » Signaling/media » DoS » Unnecessary services IP Phone Vulnerabilities
21
SecureLogix corporate confidential. 080508 IP Phone Vulnerabilities » Directory Scanning » Fuzzing » Flood-based Denial of Service (DoS) » Registration manipulation » Call termination » RTP manipulation Protocol Vulnerabilities (SIP)
22
1. INVITE derek@tpti (spoofed source IP) Proxy Server Send INVITEs/OPTIONs/REGISTERS To Scan For IP Phones Send INVITEs/OPTIONs/REGISTERS To Scan For IP Phones Directory Scanning
23
Proxy Server Location Server Malformed SIP Fuzzing
24
1. INVITE derek@tpti (spoofed source IP) Proxy Server Send 1000000 INVITEs Send enough INVITEs to Ring All Phones Send 1000000 INVITEs Send enough INVITEs to Ring All Phones Flood-based DoS
25
Location Server Registrar 2. To contact sip:derek@tpti.com Use sip:derek@11.5.6.7 for 60 minutes dereks Phone 1. REGISTER sip:derek@tpti.com Contact Expires: 3600 3. 200 OK 4. To contact sip:derek@tpti.com Use sip:mugatu@11.5.6.8 for 30 minutes 3. REGISTER sip:derek@tpti.com Contact Expires: 1800 Registration Manipulation
26
7. 200 OK 6. INVITE derek@11.5.6.7 8. RTP Conversation 9. SIP BYE derek@11.5.6.7 7. SIP CANCEL derek@11.5.6.7 Call Termination
27
RTP Tunneling
28
RTP Manipulation
29
SecureLogix corporate confidential. 080508 IP Phone Vulnerabilities » Toll fraud » Minor misuse » Dial through fraud » Social engineering » Harassing callers » Various modem issues » Poorly secured modems used for remote access » ISP modems Application Issues
30
SecureLogix corporate confidential. 080508 IP Phone Vulnerabilities » Develop a voice/VoIP security policy » Address application issues at the perimeter » Prioritize security during VoIP deployments » Consider a VoIP security assessment » Follow good basic data network security for internal network » Deploy SIP security when using SIP trunks Best Practices
31
SecureLogix corporate confidential. 080508 IP Phone Vulnerabilities » www.voipsa.orgwww.voipsa.org » www.blueboxpadcast.comwww.blueboxpadcast.com » www.securelogix.comwww.securelogix.com » www.voipsecurityblog.comwww.voipsecurityblog.com » Vendor sites Resources
32
Questions?
Similar presentations
