Your SlideShare is downloading. ×
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income! Or Vice Versa?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income! Or Vice Versa?

1,587
views

Published on

Integrated services by telecom operators and Unified Communications technology promise a quick payback and great convenience. However, it was discovered from practice that VOIP and IPPBX services can …

Integrated services by telecom operators and Unified Communications technology promise a quick payback and great convenience. However, it was discovered from practice that VOIP and IPPBX services can cause many problems, first of all relating to information security and fraud. What information security issues can arise for a company if Unified Communications are used? VOIP/PBX/MGW broken in 60 seconds - is it possible? Effective methods and practicalities of Unified Communications security will be discussed.

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,587
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • DBMS, FTP, OS, Web, Mail, DNS, LDAP, Remote administration, Network hardware Number of vulnerable services associated with password policy Metrics are based on “alive” data collected in security internal audits conducted by Positive Technologies experts, 2009
  • High, Medium, Low Dynamic site Typical site Detailed analysis of a vulnerable application
  • Картинку просить у автора
  • Картинку просить у автора
  • Transcript

    • 1. VoIP security legends and myths Konstantin Gurzov Head of Sales Support Department
    • 2. VoIP is attractive ! VoIP Access company’s network Manage calls ( fraud ) Data defect and replacement Call interception Personal data theft and so on …
    • 3. VoIP infrastructure components VoIP segment is an integration of a number of specialized platforms and network devices, different networks and technologies
    • 4. All local network threats are actual for VoIP
      • Default passwords
      • Managing web interfaces
      • Software vulnerabilities
      • Traffic interception
      • Account blocking
    • 5.
      • Default passwords
      Known threats – former protection measures Примеры рассчитанных метрик на основе "живых" данных при проведении внутренних аудитов ИБ специалистами компании Positive Technologies , 2009 г. About 50% of all network devices have default or easily bruteforced passwords
    • 6.
      • Back-end devices
        • Default PIN for CISCO IP PHONE - « **#* »
      • SIP gateways
        • Default password for Asterisk - « admin » leads to:
          • Denial of service
          • Interception
          • Integrity violation
          • Toll Fraud
      Examples Reconfiguration Minoring Interception
    • 7.
      • Managing web interfaces
        • SQL Injection
        • С ross Site Scripting
        • DoS
        • and so on.
      Known threats – former protection measures If an attacker manages to access your device web interface, attacks are guaranteed to be successful
    • 8.
      • CISCO Call Manager
        • CVE-2010-3039 privilege gaining
        • CVE-2007-4633 XSS
        • CVE-2007-4634 SQL Injection
        • CVE-2008-0026 SQL Injection
      • Asterisk GUI
        • CVE-2008-1390 CVSS Base Score 9,3
      Examples The possibility to detect vulnerabilities of different risk level, based on analysis of 5560 sites conducted by Positive Technologies experts, 2009
    • 9. Known threats – former protection measures
      • Software vulnerabilities
      Arbitrary code execution from the network in в CISCO Call Manager 6 Vulnerability allows attackers to execute arbitrary code
    • 10. Known threats – former protection measures
      • Software vulnerability
      Denial of service in CISCO Call Manager 6 Vulnerability allows attackers to cause a denial of service
    • 11.
      • Services are unavailable and restricted
        • web interfaces with vulnerabilities
        • weak password policy
      Known threats – former protection measures Any VoIP device is a member of Ethernet network, so it is vulnerable to a most part of network attacks
    • 12.
      • Traffic listening
        • weakly protected wireless networks
        • Implementation of « Man in the middle » attack
        • Tens of specialized applications to listen VoIP traffic, for example, Cain & Abel ( www.oxid.it ), UCSniff ( http://ucsniff.sourceforge.net )
      Known threats – former protection measures Traffic listening leads to violation of confidentiality and personal data thefts
    • 13. Examples of real attacks
      • Traffic fraud
      • Interception of negotiations
      • Capture of corporate network
    • 14. Traffic fraud IP PBX 1 – Client’s IP PBX of «А» company IP PBX 2 – Attacker’s IP PBX
      • No ACLs on devices
      • Weak device and software password policy
      • Low protection level as a whole for VoIP infrastructure
      • Billing once a month
    • 15. Traffic fraud – attacker’s actions
      • Scan the network and find IP PBX 1.
      • Provide PSTN connection to IP PBX 2 via IP PBX 1.
      • Pass expensive MG / MH calls via «А» into PSTN.
      1 2 3 «А» operator is unable to explicitly separate responsibilities between itself and its client, so it pays always
    • 16. Traffic fraud – can be avoided if
      • operator:
      • configures ACLs on external interfaces of client IP PBX;
      • ensures that calls passed through SIP trank are not routed back;
      • blocks MG / MH calls if not used ;
      • distributes password policy to VoIP services;
      • offers services for protection analysis of client’s hardware .
    • 17. Interception of negotiations
      • Use wireless networks
      • Weak encryption algorithms
      • ACLs are not used
      • Weak password policy
    • 18. Capture corporate network
      • No managing of changes
    • 19. Capture corporate network – attacker’s actions
      • Get access to the corporate network via Wi-Fi
      • Find CISCO Call Manager by typical response
        • uses SQLi implemented CVE-2008-0026
        • gets user password hashes equivalent to the request
        • restores passwords from hashes
      • One of restored passwords is Admin password for all CISCO local networks
      2 3
        • runsql select user,password from applicationuser
      https://www.example.org/ccmuser/personaladdressbookEdit.do?key='+UNION+ALL+SELECT+'','','',user,'',password+from+applicationuser;-- 1 An attacker can capture all local network via VoIP services
    • 20. Conclusions
      • VoIP infrastructure is vulnerable to the same security threats as an ordinary corporate network
      • VoIP service vulnerabilities LAN vulnerabilities
      • The same methods are used to create protected infrastructure in VoIP as in LAN
    • 21. Advices to create secure infrastructure
      • Advice 1: monitor changes and updates in your VoIP infrastructure .
      • Advice 2: distribute password policy to VoIP services, use strong crypto algorithms .
      • Advice 3: use compliance and vulnerability management system to prevent incidents .
      • Advice 4: offer security level monitoring for clients hardware as VAS .
      • Advice 5: take a broad view of your infrastructure security, remember it is not only working stations and e-mail system .
    • 22. Thank you for your attention ! Questions ? Konstantin Gurzov [email_address]