Download Interop - VoIP Security Blog

greenpepperwhinnyΑσφάλεια

3 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

78 εμφανίσεις

Voice Security


Interop

2009

Mark D. Collier

SecureLogix Corporation

www.securelogix.com


mark.collier@securelogix.com


Voice Security Introduction

»

Voice security includes traditional and VoIP systems

»

VoIP systems are vulnerable:

»

The primary vendors are improving their systems, but..

»

Security is rarely a major a consideration during deployment

»

Platforms, network, and applications are vulnerable

»

Many available VoIP attack tools

»

Fortunately, the (mostly internal) threat is still moderate

»

VoIP deployment is growing

»

Greater integration with the data network

»

Application threats remain the biggest issue

»

SIP trunks will increase the threat

Traditional Voice Security

Internet

Connection

Internet

Public

Voice

Network

TDM

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

PBX

Modem

Traditional Voice Security

Internet

Connection

Internet

Public

Voice

Network

TDM

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

PBX

Modem

Internet Attacks

Scanning/DoS

Email SPAM

Web Attacks


Traditional Voice Security

Internet

Connection

Internet

Public

Voice

Network

TDM

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

PBX

Modem

Internet Attacks

Scanning/DoS

Email SPAM

Web Attacks


Firewall/IDPS

Email SPAM filter

Web security

Traditional Voice Security

Internet

Connection

Internet

Public

Voice

Network

TDM

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

PBX

Modem

Toll fraud

Social engineering

Harassing calls

Modem issues

Firewall/IDPS

Email SPAM filter

Web security

Traditional Voice Security

Internet

Connection

Internet

Public

Voice

Network

TDM

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

PBX

Modem

Toll fraud

Social engineering

Harassing calls

Modem issues

Voice Firewall

Firewall/IDPS

Email SPAM filter

Web security

Campus VoIP

Internet

Connection

Internet

Public

Voice

Network

TDM

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

IP PBX

CM

Gate

way

DNS


CC

Admin

TFTP

DHCP


VM

DB

Voice VLAN

IP Phones

Data VLAN

Firewall/IDPS

Email SPAM filter

Web security

Voice Firewall

Campus VoIP

Internet

Connection

Internet

Public

Voice

Network

TDM

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

IP PBX

CM

Gate

way

DNS


CC

Admin

TFTP

DHCP


VM

DB

Voice VLAN

IP Phones

Data VLAN

Firewall/IDPS

Email SPAM filter

Web security

Voice Firewall

Toll fraud

Social engineering

Harassing calls

Modem issues

Campus VoIP

Internet

Connection

Internet

Public

Voice

Network

TDM

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

IP PBX

CM

Gate

way

DNS


CC

Admin

TFTP

DHCP


VM

DB

Voice VLAN

IP Phones

Data VLAN

Attacks Can

Originate From

The Internal

Network

Toll fraud

Social engineering

Harassing calls

Modem issues

Firewall/IDPS

Email SPAM filter

Web security

Voice Firewall

SIP Trunks

Internet

Connection

Internet

Public

Voice

Network

SIP

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

IP PBX

CM

Gate

way

DNS


CC

Admin

TFTP

DHCP


VM

DB

Voice VLAN

IP Phones

Data VLAN

Firewall/IDPS

Email SPAM filter

Web security

Voice Firewall

SIP Trunks

Internet

Connection

Internet

Public

Voice

Network

SIP

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

IP PBX

CM

Gate

way

DNS


CC

Admin

TFTP

DHCP


VM

DB

Voice VLAN

IP Phones

Data VLAN

Toll fraud

Social engineering

Harassing calls

Modem issues

Voice Firewall

Firewall/IDPS

Email SPAM filter

Web security

SIP Trunks

Internet

Connection

Internet

Public

Voice

Network

SIP

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

IP PBX

CM

Gate

way

DNS


CC

Admin

TFTP

DHCP


VM

DB

Voice VLAN

IP Phones

Data VLAN

Scanning

Fuzzing

Flood DoS

Toll fraud

Social engineering

Harassing calls

Modem issues

Voice Firewall

Firewall/IDPS

Email SPAM filter

Web security

SIP Trunks

Internet

Connection

Internet

Public

Voice

Network

SIP

Trunks

TDM

Phones

Servers/PCs

Modem

Fax

IP PBX

CM

Gate

way

DNS


CC

Admin

TFTP

DHCP


VM

DB

Voice VLAN

IP Phones

Data VLAN

Scanning

Fuzzing

Flood DoS

Toll fraud

Social engineering

Harassing calls

Modem issues

Voice Firewall

SIP Firewall

Firewall/IDPS

Email SPAM filter

Web security

SecureLogix

corporate confidential. 080508

»

IP PBX:

»

Server platforms

»

Various gateway cards

»

Adjunct systems

»

Network:

»

Switches, routers, firewalls

»

Shared links

»

VLAN configurations

»

Endpoints:

»

IP phones and softphones

»

Protocol Issues (SIP)
:


Many Components in VoIP

SecureLogix

corporate confidential. 080508

Vulnerabilities At Many Layers

General Purpose

Operating System




Network Stack

(IP, UDP, TCP)



VoIP

Protocols




Services

TFTP, SNMP,
DHCP, DB,

Web Server


Voice Application





Worms/Viruses

Targeting The

Operating System

Trivial DoS Attacks

MITM Attacks

TFTP Brute Force Attack

SNMP Enumeration

DHCP Starvation

SQL Attacks

Flood DoS

Fuzzing

Application Attacks

Poor Configuration

Weak Passwords

Insecure Management
Insecure Architecture

IP PB
X Vulnerabilities

SecureLogix

corporate confidential. 080508

IP PBX

CM

Gate

way

DNS


CC

Admin

TFTP

DHCP


VM

DB

Eavesdropping

Resource

Starvation

Physical

Attacks

SPIT

Phishing

Toll

Fraud

Modems

DoS

Floods

Unauthorized

Access

Fuzzing

DoS

Sniffing

IP PB
X Vulnerabilities

SecureLogix

corporate confidential. 080508

IP PBX

CM

Gate

way

DNS


CC

Admin

TFTP

DHCP


VM

DB

Other Common

Services

DHCP

DNS

SNMP

Web

Server

RTP

TDM

Interfaces

Underlying

OS

Management

Interfaces

TFTP

Signaling

Network

Stacks

SQL

IP PB
X Vulnerabilities

SecureLogix

corporate confidential. 080508

Network Vulnerabilities

»

The network can also be attacked:

»

Platform attacks

»

DoS

»

Shared link saturation

»

Eavesdropping

»

Incorrect VLAN configuration

»

Man
-
in
-
the
-
middle attacks

Network
Vulnerabilities

SecureLogix

corporate confidential. 080508

IP Phone Vulnerabilities

»

IP phones can also be attacked:

»

Physical access

»

Poor passwords

»

Signaling/media

»

DoS

»

Unnecessary services

IP Phone
Vulnerabilities

SecureLogix

corporate confidential. 080508

IP Phone Vulnerabilities

»

Directory Scanning

»

Fuzzing

»

Flood
-
based Denial of Service (DoS)

»

Registration manipulation

»

Call termination

»

RTP manipulation

Protocol

Vulnerabilities (SIP)

1. INVITE derek@tpti


(spoofed source IP)

Proxy
Server

Send INVITEs/OPTIONs/REGISTERS

To Scan For IP Phones

Directory Scanning

Proxy Server

Location Server

Malformed SIP

Malformed SIP

Malformed SIP

Fuzzing

1. INVITE derek@tpti


(spoofed source IP)

Proxy
Server

Send
1000000 INVITEs

Send enough INVITEs to Ring All Phones

Flood
-
based DoS

Location Server

Registrar

2. “To contact sip:derek@tpti.com


Use sip:derek@11.5.6.7 for 60 minutes”

derek’s

Phone

1. REGISTER sip:derek@tpti.com


Contact <sip:derek@11.5.6.7>


Expires: 3600

3. 200 OK

4. “To contact sip:derek@tpti.com


Use sip:
mugatu@11.5.6.8

for 30 minutes”

3. REGISTER sip:derek@tpti.com


Contact <
mugatu@11.5.6.8

>


Expires: 1800

Registration Manipulation

7. 200 OK

6. INVITE derek@11.5.6.7

8. RTP Conversation

9. SIP BYE derek@11.5.6.7

7. SIP CANCEL derek@11.5.6.7

Call Termination

RTP Tunneling

RTP Manipulation

SecureLogix

corporate confidential. 080508

IP Phone Vulnerabilities

»

Toll fraud

»

Minor misuse

»

Dial through fraud

»

Social engineering

»

Harassing callers

»

Various modem issues

»

Poorly secured modems used for remote access

»

ISP modems

Application Issues

SecureLogix

corporate confidential. 080508

IP Phone Vulnerabilities

»

Develop a voice/VoIP security policy

»

Address application issues at the perimeter

»

Prioritize security during VoIP deployments

»

Consider a VoIP security assessment

»

Follow good basic data network security for internal network

»

Deploy SIP security when using SIP trunks

Best Practices

SecureLogix

corporate confidential. 080508

IP Phone Vulnerabilities

»

www.voipsa.org

»

www.blueboxpadcast.com

»

www.securelogix.com

»

www.voipsecurityblog.com

»

Vendor sites

Resources

Questions?