VoIP Security Assessment Service

1
VoIP Security Assessment Service
Mark D. CollierChief Technology
Officermark.collier_at_securelogix.com
www.securelogix.com
2
VoIP Security Status

• VoIP systems are vulnerable
• Platforms, network, and application are
  vulnerable
• VoIP-specific attacks are becoming more common
• Security isnt always a consideration during
  deployment
• The threat is increasing
• VoIP deployment is growing
• Deployments are critical to business operations
• Greater integration with the data network
• More attack tools being published
• The hacking community is taking notice

3
Campus VoIP
IP PBX
TDM Phones
TDMTrunks
PublicVoiceNetwork
DB
CM
Admin
IP Phones
Gateway
DNS
TFTPDHCP
Voice VLAN
Data VLAN
InternetConnection
Internet
PCs
The threat is primarily internal
4
Public VoIP
IP PBX
TDM Phones
SIPTrunks
PublicVoiceNetwork
DB
CM
Admin
IP Phones
Gateway
DNS
TFTPDHCP
Voice VLAN
Data VLAN
InternetConnection
Internet
PCs
And may also be externalwhen SIP trunks are used
5
Vulnerabilities Across Components

• IP PBX
• Server platforms
• Various gateway cards
• Supporting infrastructure
• Network
• Switches, routers, firewalls
• VLAN configurations
• Endpoints
• IP phones and softphones

6
Vulnerabilities at Multiple Layers
Voice Application
Poor ConfigurationWeak PasswordsInsecure
Management Insecure Architecture
TFTP Brute Force AttackSNMP EnumerationDHCP
StarvationSQL Slammer Worm
VoIPProtocols
ServicesTFTP, SNMP, DHCP, DB,Web Server
Flood DoSFuzzingApplication Attacks
Network Stack(IP, UDP, TCP)
Trivial DoS AttacksMITM Attacks
General PurposeOperating System
Worms/VirusesTargeting TheOperating System
7
VoIP Security Assessment Service

• There is no one security product that is needed
  for campus VoIP environments
• What is needed is to secure the various vendor
  VoIP offerings
• Securing deployments is possible, but requires
  proper configuration, features, and products
• SecureLogix is offering a VoIP security
  assessment service

8
VoIP Security Assessment Service
Based on real-world enterprise assessment
experience Ongoing custom test tool
development Completed Hacking Exposed
VoIP Includes on-site assessments aswell as
remote-assisted
9
Basic Process

• Vulnerability assessment process consisting of
• Discovery tests (Footprinting, scanning, and
  enumeration)
• Network tests (DoS, eavesdropping, MITM)
• Vendor platform tests
• Application and configuration tests
• Tools are freeware, commercial, and proprietary
• Optional external visibility and access tests
• Optional penetration tests
• Security policy and checklist review
• Provide tailored recommendations

10
Delivery

• Assessments are based on-site testing
• An appliance based, recurring assessment
  capability will be available in Q2.
• Engagements vary from 1-8 weeks, depending on
  scope
• Include testing of all model sites
• Staffed internally with SecureLogix personnel
• Delivered stand-alone or as part of a broader
  security assessment
• Cleared personnel for government engagements

11
Appliance-Based Delivery

• A subscription based service available in late Q2
• A hardened Linux appliance is delivered and
  installed with the necessary network interfaces
• The appliance establishes an SSH connection with
  SecureLogix
• The appliance runs the same set of tests and
  reports. Some are automated and some are
  scheduled by SecureLogix
• The results are used to build the same set of
  reports

12
Deliverables

• Assessment report including
• Executive summary
• Key findings
• Summarized results
• Tailored recommendations
• Executive and technical level presentation
• Security policy/checklist recommendations
• All raw data