VoIP security - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

VoIP security

Description:

Voice over IP (VoIP) security. PacSec.JP/core04. 2 2004 Nicolas FISCHBACH. PacSec.JP/core04 ... Voice over IP and IP telephony. Network convergence. Telephone ... – PowerPoint PPT presentation

Number of Views:59
Avg rating:3.0/5.0
Slides: 23
Provided by: nicolasf150
Category:
Tags: voip | ip | over | security | voice

less

Transcript and Presenter's Notes

Title: VoIP security


1
PacSec.JP/core04
Voice over IP (VoIP) security
Nicolas FISCHBACH Senior Manager, IP
Engineering/Security - COLT Telecom
nico_at_securite.org - http//www.securite.org/nico/
version 1.0
2
Introduction
  • Voice over IP and IP telephony
  • Network convergence
  • Telephone and IT
  • PoE (Power over Ethernet)
  • Mobility and Roaming
  • Telco
  • Switched -gt Packet (IP)
  • Closed world -gt Open world
  • Vendors and Time to Market
  • Security and privacy
  • IPhreakers
  • VoIP vs 3G

3
Architecture protocols
  • Signaling
  • User location
  • Session
  • Setup
  • Negotiation
  • Modification
  • Closing
  • Transport
  • Encoding, transport, etc.

4
Architecture protocols
  • SIP
  • IETF - 5060/5061 (TLS) - HTTP-like, all in one
  • Proprietary extensions
  • Protocol becoming an architecture
  • End-to-end (between IP PBX)
  • Inter-AS MPLS VPNs
  • Transitive trust
  • IM extensions (SIMPLE)
  • H.323
  • Protocol family
  • H.235 (security), Q.931H.245 (management), RTP,
    CODECs, etc.
  • ASN.1

5
Architecture protocols
  • RTP (Real Time Protocol)
  • 5004/udp
  • RTCP
  • No QoS/bandwidth management
  • Packet reordering
  • CODECs
  • old G.711 (PSTN/POTS - 64Kb/s)
  • current G.729 (8Kb/s)

6
Architecture network
  • LAN
  • Ethernet (routers and switches)
  • xDSL/cable/WiFi
  • VLANs (data/voicesignaling)
  • WAN
  • Internet
  • VPN
  • Leased line
  • MPLS

7
Architecture network
  • QoS (Quality of service)
  • Bandwidth
  • Latency (150-400ms) and Jitter (ltlt150ms)
  • Packet loss (1-3)

8
Architecture systems
  • Systems
  • SIP Proxy
  • Call Manager/IP PBX
  • User management and reporting (HTTP, etc)
  • Off-path with IP
  • H.323 GK (GateKeeper)
  • Authentication server (Radius)
  • Billing servers (CDR/billing)
  • DNS, TFTP, DHCP servers

9
Architecture systems
  • Voice Gateway (IP-PSTN)
  • Gateway Control Protocols
  • Signaling SS7 interface
  • Media Gateway Controller
  • Controls the MG (Megaco/H.248)
  • SIP interface
  • Signaling Gateway
  • Interface between MGC and SS7
  • MxUA, SCTP - ISUP, Q.931
  • Transport
  • Media Gateway audio conversion

10
Architecture firewall/VPN
  • Firewall
  • Non-stateful filtering
  • Stateful filtering
  • Application layer filtering (ALGs)
  • NAT / firewall piercing
  • (H.323 2xTCP, 4x dynamic UDP - 1719,1720)
  • (SIP 5060/udp)
  • Encrypted VPN
  • SSL/TLS
  • IPsec
  • Where to encrypt (LAN-LAN, phone-phone, etc) ?
  • Impact on QoS
  • What is IPv6 going to change ?

11
Architecture phones
  • IP phones
  • Softphone or Hardphone ?
  • Toaster
  • Updates/patches
  • Intelligence
  • Intelligence removed from the network and put on
    the end device
  • Flows between the phone and other systems
  • SIP
  • RTP
  • (T)FTP
  • CRL
  • etc.

12
Architecture example
PSTN
POTS
LAN
SIP
IP PBX
IP VPN (MPLS)
IP PBX
POTS
internet
GSM
VGW
SIP
voice
SIP
signaling
SIP
13
Other phone networks
  • POTS/PSTN TDM
  • Wireless/DECT phone
  • GSM
  • Satellite
  • Signaling (SS7)

14
Attacks
  • IPhreakers
  • IP knowledge
  • Known weaknesses
  • Evolution 2600Hz -gt voicemail/intl GWs -gt IP
    telephony
  • Internal or external threat ?
  • Targets home user, enterprise, government, etc ?
  • Protocol implementations
  • PROTOS
  • The human element

15
Attacks denial of service
  • Denial of service
  • Network
  • Protocol (SIP INVITE)
  • Systems / Applications
  • Phone
  • Availability (BC/DR)
  • Requires power
  • Alternatives (Business Continuity/Disaster
    Recovery) ?
  • E911 (laws and technical aspect)
  • GSM
  • PSTN-to-GSM

16
Attacks fraud
  • Call-ID spoofing
  • User rights takeover
  • Fake authentication server
  • Effects
  • Access to voicemail
  • Value added numbers
  • Social engineering
  • Replay

17
Attacks interception
  • Interception
  • Discussion
  • Who talks with who
  • Network sniffing
  • Servers (SIP, CDR, etc)
  • LAN
  • Physical access to the LAN
  • ARP attacks
  • Unauthenticated devices (phones and servers)
  • Different layers (MAC address, user, physical
    port, etc)

18
Attack interception
  • Where to intercept ?
  • Where is the user located ?
  • Networks crossed ?
  • Lawful Intercept
  • CALEA
  • ETSI standard
  • Architecture and risks

19
Attacks systems
  • Systems
  • Mostly none is hardened by default
  • Worms, exploits, Trojan horses

20
Attacks phone
  • (S)IP phone
  • Startup
  • DHCP, TFTP, etc.
  • Physical access
  • Hidden configuration tabs
  • TCP/IP stacks
  • Firmware/configuration
  • Trojan horse/rootkit

21
Defense
  • Signaling SIP
  • Secure SIP vs SS7 (physical security)
  • Transport Secure RTP (with MiKEY)
  • Network QoS LLQ (and rate-limit)
  • Firewall application level filtering
  • Phone signed firmware
  • Identification TLS
  • Clients by the server
  • Servers by the client
  • 3P project, security processes and policies

22
Conclusion
  • Conclusion
  • Other presentations
  • Backbone and Infrastructure Security
  • http//www.securite.org/presentations/secip/
  • (Distributed) Denial of Service
  • http//www.securite.org/presentations/ddos/
  • QA

Image www.shawnsclipart.com/funkycomputercrowd.ht
ml
Write a Comment
User Comments (0)
About PowerShow.com