SIP Trunking & Security
in an Enterprise Network




      Dan York, CISSP
 VOIPSA Best Practices Chair



               ...
© 2008 VOIPSA and Owners as Marked
Privacy        Availability


                                     Compliance              Confidence



                 ...
© 2008 VOIPSA and Owners as Marked
© 2008 VOIPSA and Owners as Marked
© 2008 VOIPSA and Owners as Marked
© 2008 VOIPSA and Owners as Marked
TDM security is relatively simple...



                                                                PSTN
             ...
VoIP security is more complex



                                     Operating           Desktop                         ...
VoIP can be more
                   secure than the PSTN
                 if it is properly deployed.


© 2008 VOIPSA and ...
VoIP Security Concerns
Security concerns in telephony are not new…




                                     Image courtesy of the Computer Histor...
Nor are our attempts to protect against threats…




                                     Image courtesy of Mike Sandman –...
Security Aspects of IP Telephony




                                              Media /
                               ...
Media


            Eavesdropping

                                     Degraded Voice Quality

                   Encrypt...
Signaling


              Denial of Service
                                     Impersonation
                           ...
Management


            Web Interfaces
                                     APIs!
                                       ...
PSTN
© 2008 VOIPSA and Owners as Marked
Geography



© 2008 VOIPSA and Owners as Marked
Internet   LAN




© 2008 VOIPSA and Owners as Marked
SIP Trunking
The Challenge of SIP Trunking



                                                                             PSTN

      ...
SIP Trunking



                                                                            PSTN

                        ...
The Challenge of SIP Trunking



                                                                             PSTN

      ...
SIP Trunking - Business Continuity



                                                                             PSTN

 ...
SIP Trunking - Business Continuity



                                                                             PSTN

 ...
Cloud Computing
Geography



© 2008 VOIPSA and Owners as Marked
Moving Voice Applications into “the Cloud”




                                                                 Applicatio...
Moving Telephony into “the Cloud”




                                                                    Hosted
         ...
Can you trust “the Cloud”
                    to be there?



© 2008 VOIPSA and Owners as Marked
Questions for SIP Trunk Providers or Cloud
   Computing Platforms?
  • What kind of availability guarantees / Service Leve...
Spam / SPIT
What about SPIT?                       (“SPam over Internet Telephony”)

  • What does a traditional telemarketer need?
  ...
Resources
What is the Industry Doing to Help?




         Security Vendors                VoIP Vendors

         “The Sky Is Fallin...
Voice Over IP Security Alliance (VOIPSA)

  •   www.voipsa.org – 100 members from VoIP and security industries
  •   VOIPS...
www.voipsa.org/Resources/tools.php




© 2008 VOIPSA and Owners as Marked
© 2008 VOIPSA and Owners as Marked
Tools, tools, tools...

     •   UDP Flooder                 •   Asteroid
     •   IAX Flooder                 •   enumIAX...
Security Links

    • VoIP Security Alliance - http://www.voipsa.org/
          – Threat Taxonomy          - http://www.vo...
VoIP can be more
                   secure than the PSTN
                 if it is properly deployed.


© 2008 VOIPSA and ...
Q&eh?




      www.voipsa.org




Dan York - dyork@voxeo.com
Upcoming SlideShare
Loading in …5
×

SIP Trunking & Security in an Enterprise Network

8,601 views
8,340 views

Published on

How secure are your VoIP systems as you deploy SIP-based systems in an enterprise environment? In this slide deck presented by VOIPSA Best Practices Chair Dan York at the Ingate SIP Trunking Seminars at ITEXPO September 17, 2008, Dan York walks through the security issues related to VoIP (with a focus on SIP trunking), the tools out there to attack/test VoIP systems, best practices and resources. (An audio recording of this session was made and will be available.)

Published in: Technology, Business
1 Comment
9 Likes
Statistics
Notes
No Downloads
Views
Total views
8,601
On SlideShare
0
From Embeds
0
Number of Embeds
498
Actions
Shares
0
Downloads
440
Comments
1
Likes
9
Embeds 0
No embeds

No notes for slide

SIP Trunking & Security in an Enterprise Network

  1. 1. SIP Trunking & Security in an Enterprise Network Dan York, CISSP VOIPSA Best Practices Chair September 17, 2008
  2. 2. © 2008 VOIPSA and Owners as Marked
  3. 3. Privacy Availability Compliance Confidence Mobility Cost Avoidance Business Continuity © 2008 VOIPSA and Owners as Marked
  4. 4. © 2008 VOIPSA and Owners as Marked
  5. 5. © 2008 VOIPSA and Owners as Marked
  6. 6. © 2008 VOIPSA and Owners as Marked
  7. 7. © 2008 VOIPSA and Owners as Marked
  8. 8. TDM security is relatively simple... PSTN Gateways TDM Switch Physical Voicemail Wiring © 2008 VOIPSA and Owners as Marked
  9. 9. VoIP security is more complex Operating Desktop PSTN E-mail Systems PCs Gateways Systems Network Web Firewalls Switches Servers Standards Voice over PDAs Wireless Instant IP Devices Messaging Directories Internet Databases Physical Voicemail Wiring © 2008 VOIPSA and Owners as Marked
  10. 10. VoIP can be more secure than the PSTN if it is properly deployed. © 2008 VOIPSA and Owners as Marked
  11. 11. VoIP Security Concerns
  12. 12. Security concerns in telephony are not new… Image courtesy of the Computer History Museum © 2008 VOIPSA and Owners as Marked
  13. 13. Nor are our attempts to protect against threats… Image courtesy of Mike Sandman – http://www.sandman.com/ © 2008 VOIPSA and Owners as Marked
  14. 14. Security Aspects of IP Telephony Media / Voice Manage TCP/IP Call ment Network Control PSTN Policy © 2008 VOIPSA and Owners as Marked
  15. 15. Media Eavesdropping Degraded Voice Quality Encryption Virtual LANs (VLANs) Packet Filtering © 2008 VOIPSA and Owners as Marked
  16. 16. Signaling Denial of Service Impersonation Toll Fraud Encryption Encrypted Phone Software Proper Programming © 2008 VOIPSA and Owners as Marked
  17. 17. Management Web Interfaces APIs! Phones! Encryption Change Default Passwords! Patches? We don’t need... © 2008 VOIPSA and Owners as Marked
  18. 18. PSTN © 2008 VOIPSA and Owners as Marked
  19. 19. Geography © 2008 VOIPSA and Owners as Marked
  20. 20. Internet LAN © 2008 VOIPSA and Owners as Marked
  21. 21. SIP Trunking
  22. 22. The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN © 2008 VOIPSA and Owners as Marked
  23. 23. SIP Trunking PSTN SIP Service Provider Carrier Network IP-PBX LAN © 2008 VOIPSA and Owners as Marked
  24. 24. The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN © 2008 VOIPSA and Owners as Marked
  25. 25. SIP Trunking - Business Continuity PSTN SIP Service Provider SIP Service Internet Provider IP-PBX LAN © 2008 VOIPSA and Owners as Marked
  26. 26. SIP Trunking - Business Continuity PSTN SIP Service Provider SIP Service Internet Provider IP-PBX SIP Service LAN Provider © 2008 VOIPSA and Owners as Marked
  27. 27. Cloud Computing
  28. 28. Geography © 2008 VOIPSA and Owners as Marked
  29. 29. Moving Voice Applications into “the Cloud” Application Platform Internet / WAN IP-PBX LAN PSTN © 2008 VOIPSA and Owners as Marked
  30. 30. Moving Telephony into “the Cloud” Hosted “IP-PBX” Internet / WAN Firewall LAN PSTN © 2008 VOIPSA and Owners as Marked
  31. 31. Can you trust “the Cloud” to be there? © 2008 VOIPSA and Owners as Marked
  32. 32. Questions for SIP Trunk Providers or Cloud Computing Platforms? • What kind of availability guarantees / Service Level Agreements (SLAs) does the platform vendor provide? • What kind of geographic redundancy is built into the underlying network? • What kind of network redundancy is built into the underlying network? • What kind of physical redundancy is built into the data centers? • What kind of monitoring does the vendor perform? • What kind of scalability is in the cloud computing platform? • What kind of security, both network and physical, is part of the computing platform? • Finally, what will the vendor do if there is downtime? Will the downtime be reflected in your bill? © 2008 VOIPSA and Owners as Marked
  33. 33. Spam / SPIT
  34. 34. What about SPIT? (“SPam over Internet Telephony”) • What does a traditional telemarketer need? • Makes for great headlines, but not yet a significant threat • Fear is script/tool that: – Iterates through calling SIP addresses: • 111@sip.company.com, 112@sip.company.com, … • Opens an audio stream if call is answered (by person or voicemail) – Steals VoIP credentials and uses account to make calls • Reality is that today such direct connections are generally not allowed • This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls SPAM from any other IP endpoint) • Until that time, PSTN is de facto firewall © 2008 VOIPSA and Owners as Marked
  35. 35. Resources
  36. 36. What is the Industry Doing to Help? Security Vendors VoIP Vendors “The Sky Is Falling!” “Don’t Worry, Trust Us!” (Buy our products!) (Buy our products!) © 2008 VOIPSA and Owners as Marked
  37. 37. Voice Over IP Security Alliance (VOIPSA) • www.voipsa.org – 100 members from VoIP and security industries • VOIPSEC mailing list – www.voipsa.org/VOIPSEC/ • “Voice of VOIPSA” Blog – www.voipsa.org/blog • Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com • VoIP Security Threat Taxonomy • Best Practices Project underway now Security Research Market and Social Classification Best Practices Outreach Objectives and Taxonomy of for VoIP Communication Constraints Security Threats Security of Findings Security System Testing LEGEND Published Active Now Ongoing © 2008 VOIPSA and Owners as Marked
  38. 38. www.voipsa.org/Resources/tools.php © 2008 VOIPSA and Owners as Marked
  39. 39. © 2008 VOIPSA and Owners as Marked
  40. 40. Tools, tools, tools... • UDP Flooder • Asteroid • IAX Flooder • enumIAX • IAX Enumerator • iWar • ohrwurm RTP Fuzzer • StegRTP • RTP Flooder • VoiPong • INVITE Flooder • Web Interface for SIP Trace • AuthTool • SIPScan • BYE Teardown • SIPCrack • Redirect Poison • SiVuS • Registration Hijacker • SIPVicious Tool Suite • Registration Eraser • SIPBomber • RTP InsertSound • SIPsak • RTP MixSound • SIP bot • SPITTER © 2008 VOIPSA and Owners as Marked
  41. 41. Security Links • VoIP Security Alliance - http://www.voipsa.org/ – Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php – VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ – Weblog - http://www.voipsa.org/blog/ – Security Tools list - http://www.voipsa.org/Resources/tools.php – Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com • NIST SP800-58, “Security Considerations for VoIP Systems” – http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf • Network Security Tools – http://sectools.org/ • Hacking Exposed VoIP site and tools – http://www.hackingvoip.com/ © 2008 VOIPSA and Owners as Marked
  42. 42. VoIP can be more secure than the PSTN if it is properly deployed. © 2008 VOIPSA and Owners as Marked
  43. 43. Q&eh? www.voipsa.org Dan York - dyork@voxeo.com

×