Keeping IP telephony security under lock and key



IP telephony places voice squarely in the data world, with phone calls becoming another service on the LAN and global Internet. While the convergence of voice and data opens the way to powerful network and cost efficiencies, it also means that IT managers need to be prepared for added security threats.

IP telephony services based on VoIP chop up voice into data packets, routing them through the IP cloud and then re-assembling the data stream as a coherent, interactive conversation at the other end. As a growing number of organizations have chosen to handle their voice calls this way for cost reduction or increased functionality reasons, there are also a rising number of security threats as voice services are exposed to the same security weaknesses as the IT network.
The reason these threats are sometimes tougher to tackle is two-fold. Firstly, voice is viewed as one of the most business-critical services - a 'go-to' when email, instant messaging or video conferencing fail. Secondly, little focus has been placed on the ways that voice is exposed to security threats in the data domain, since voice has historically been transported over the PSTN and therefore not subject to many security weaknesses beyond physical outages.

Security weak spots
The main areas of weakness throughout the data and voice network are in the LAN and WAN network themselves, and session controllers, applications and end points attached to the network such as mobile phones, VoIP handsets, PCs and laptops.

The network is subject to security weaknesses in two discrete segments: the WAN and the LAN. The security of the WAN is usually the domain of the service provider or ISP that provides the access gateway to the Internet and helps erect other services such as VPNs and extranets. Although the WAN itself is less likely to be the target of attack, its role in facilitating access to the enterprise LAN is undeniable. The LAN can be subject to external threats or in some cases, attack from within the organization either by disgruntled employees or through innocent means such as downloading a virus through an email attachment.

 Specific network elements such as wireless access points, session controllers and the centralized software servers that allocate network and application resources for IP telephony calls, can also be the target of attacks.
Applications can be subject to threats or can act as hosts for attacks that distribute themselves to other applications, endpoints or network elements. Similarly, end points which are attached to the network, applications or are reliant on session controllers are also weak points.

Six main security threats
There are six main threat types to the enterprise network:
1.    Viruses
2.    Distributed Denial of Service (DDoS)
3.    Spam
4.    Toll fraud
5.    Eavesdropping
6.    Protocol threats

Six prescriptions for treatment
1. Viruses consume IT resources and can take the form of emails soliciting quick fixes for issues that don't exist, extraneous attachments, applications that use the email address book as a launch pad for further attacks or spyware. Commercial anti-virus applications at the desktop perform background checks on processes and files and eradicate or quarantine infections. Enterprise strength Intrusion Prevention Systems (IPS) can block common virus attacks that exploit IP telephony protocols such as H.323 and Session Initiation Protocol (SIP) by detecting typical attack signatures and traffic patterns. An inoculation program to download and append all current security patches can avoid common threats.
2. Viruses can sometimes be the launch pad for DDoS attacks, which typically flood servers and system resources with spurious requests for service, overwhelming the network and bringing it to a halt. These attacks can be tough to isolate because they use a fraction of the processing power from a high number of distributed computing resources to trigger an attack. Typical attacks include connection requests from bogus IP addresses or the flooding of routers with malformed data packets. The best response is to establish buffer limits on the processing of such packets or resource requests. Creating Virtual LAN (VLAN) services to effectively segregate IP telephony traffic in its own tunnel across the LAN can also save it from attacks, as can a series of failovers that keep sessions running when certain session controllers are disabled.

3. Spam can be limited by black listing known spam offenders. Often, junk emails sent to in-boxes which are linked to the IP telephony system as text-to-voice or voicemail provide a frustration to users who are desperate to check valid messages buried under specious spam. Enterprise email servers can combat this issue through the deployment of anti-spam applications and users can do their bit by hand-selecting email they believe to be spam and filtering it out.
4. By contrast, toll fraud is more of a threat to the bottom line than it is to the technical health of the network. International minutes can be stolen through a number of approaches including social engineering, voicemail box or PBX hacking. Receptionists or auto-attendants can be trained not to transfer calls externally to expensive outside lines to avoid social engineering, while the threat of hacking can be diminished by careful voicemail box password selection or monitoring remote access attempts to PBX maintenance ports.

5. Eavesdropping is theoretically possible but difficult to accomplish in the data world. Although would-be hackers could eavesdrop on an IP telephony call by reassembling the data packet stream, it's difficult to establish which packets are not just regular LAN traffic. But, there is a weak spot - the session control layer - because it knows which end devices are communicating with others. Encryption is one answer, although it can be expensive. More common is the practice of establishing VLANs, and limiting IP telephony to its own VLAN.

6. IP telephony and VoIP protocols such as Session Initiation Protocol (SIP) and H.323 were originally developed to be open, so that developers could build new services using them. However, this openness allows for protocol-based attacks to be created, such as taking control of call sessions or initiating bogus multi-party calls. This threat can be minimized by using a proxy server to apply strong authentication that stops malicious third parties from assuming control, and by deploying IPSec.


Nicolas Jacquey
Simon Marshall