Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
Document related concepts
no text concepts found
Transcript 
Voice Security
Interop 2009
Mark D. Collier
SecureLogix Corporation
www.securelogix.com
[email protected]
Voice Security Introduction
» Voice security includes traditional and VoIP systems
»
VoIP systems are vulnerable:
» The primary vendors are improving their systems, but..
» Security is rarely a major a consideration during deployment
» Platforms, network, and applications are vulnerable
» Many available VoIP attack tools
» Fortunately, the (mostly internal) threat is still moderate
» VoIP deployment is growing
» Greater integration with the data network
» Application threats remain the biggest issue
» SIP trunks will increase the threat
Traditional Voice Security
TDM
Public
Trunks
Voice
Network
PBX
TDM
Phones
Modem
Fax
Internet
Internet
Connection
Modem
Servers/PCs
Traditional Voice Security
PBX
TDM
Public
Trunks
Voice
Network
TDM
Phones
Modem
Fax
Internet
Internet
Connection
Internet Attacks
Scanning/DoS
Email SPAM
Web Attacks
Modem
Servers/PCs
Traditional Voice Security
PBX
TDM
Public
Trunks
Voice
Network
TDM
Phones
Modem
Fax
Internet
Internet
Connection
Internet Attacks
Scanning/DoS
Email SPAM
Web Attacks
Firewall/IDPS
Email SPAM filter
Web security
Modem
Servers/PCs
Traditional Voice Security
Toll fraud
Social engineering
Harassing calls
Modem issues
TDM
Public
Trunks
Voice
Network
PBX
TDM
Phones
Modem
Fax
Internet
Internet
Connection
Firewall/IDPS
Email SPAM filter
Web security
Modem
Servers/PCs
Traditional Voice Security
TDM
Public
Trunks
Voice
Network
Toll fraud
Social engineering
Harassing calls
Modem issues
PBX
TDM
Phones
Modem
Voice Firewall
Fax
Internet
Internet
Connection
Firewall/IDPS
Email SPAM filter
Web security
Modem
Servers/PCs
Campus VoIP
IP PBX
TDM
Phones
TDM
Public
Trunks
Voice
Network
CM
VM
CC
Admin
Modem
Voice Firewall
Gate
way
DB
TFTP DNS
DHCP
Voice VLAN
Internet
Internet
Connection
Firewall/IDPS
Email SPAM filter
Web security
IP Phones
Data VLAN
Servers/PCs
Fax
Campus VoIP
Public
Voice
Network
Toll fraud
Social engineering
Harassing calls
TDM
Modem issues
Trunks
IP PBX
TDM
Phones
CM
VM
CC
Admin
Modem
Voice Firewall
Gate
way
DB
TFTP DNS
DHCP
Voice VLAN
Internet
Internet
Connection
Firewall/IDPS
Email SPAM filter
Web security
IP Phones
Data VLAN
Servers/PCs
Fax
Campus VoIP
Public
Voice
Network
Toll fraud
Social engineering
Harassing calls
TDM
Modem issues
Trunks
IP PBX
TDM
Phones
CM
CC
Admin
Modem
Voice Firewall
Gate
way
Internet
VM
Internet
Connection
Attacks Can
Originate From
The Internal
Network
Firewall/IDPS
Email SPAM filter
Web security
DB
TFTP DNS
DHCP
Voice VLAN
IP Phones
Data VLAN
Servers/PCs
Fax
SIP Trunks
IP PBX
TDM
Phones
SIP
Public
Trunks
Voice
Network
CM
VM
CC
Admin
Modem
Voice Firewall
Gate
way
DB
TFTP DNS
DHCP
Voice VLAN
Internet
Internet
Connection
Firewall/IDPS
Email SPAM filter
Web security
IP Phones
Data VLAN
Servers/PCs
Fax
SIP Trunks
Public
Voice
Network
Toll fraud
Social engineering
Harassing calls
SIP
Modem issues
Trunks
IP PBX
TDM
Phones
CM
VM
CC
Admin
Modem
Voice Firewall
Gate
way
DB
TFTP DNS
DHCP
Voice VLAN
Internet
Internet
Connection
Firewall/IDPS
Email SPAM filter
Web security
IP Phones
Data VLAN
Servers/PCs
Fax
SIP Trunks
Public
Voice
Network
Toll fraud
Social engineering
Harassing calls
SIP
Modem issues
Trunks
TDM
Phones
CM
VM
CC
Admin
Modem
Voice Firewall
Scanning
Fuzzing
Flood DoS
Internet
IP PBX
Internet
Connection
Firewall/IDPS
Email SPAM filter
Web security
Gate
way
DB
TFTP DNS
DHCP
Voice VLAN
IP Phones
Data VLAN
Servers/PCs
Fax
SIP Trunks
Public
Voice
Network
Internet
Toll fraud
Social engineering
Harassing calls
SIP
Modem issues
Trunks
Voice Firewall
SIP Firewall
Scanning
Fuzzing
Flood DoS
Internet
Connection
Firewall/IDPS
Email SPAM filter
Web security
IP PBX
TDM
Phones
CM
VM
CC
Admin
Modem
Gate
way
DB
TFTP DNS
DHCP
Voice VLAN
IP Phones
Data VLAN
Servers/PCs
Fax
Many Components in VoIP
» IP PBX:
» Server platforms
» Various gateway cards
» Adjunct systems
» Network:
» Switches, routers, firewalls
» Shared links
» VLAN configurations
» Endpoints:
» IP phones and softphones
» Protocol Issues (SIP):
SecureLogix corporate confidential. 080508
Vulnerabilities
At Many Layers
IP PBX Vulnerabilities
Voice Application
Flood DoS
Fuzzing
Application Attacks
VoIP
Protocols
Services
TFTP, SNMP,
DHCP, DB,
Web Server
Network Stack
(IP, UDP, TCP)
General Purpose
Operating System
SecureLogix corporate confidential. 080508
Poor Configuration
Weak Passwords
Insecure Management
Insecure Architecture
TFTP Brute Force Attack
SNMP Enumeration
DHCP Starvation
SQL Attacks
Trivial DoS Attacks
MITM Attacks
Worms/Viruses
Targeting The
Operating System
IP PBX Vulnerabilities
DoS
Floods
Fuzzing
DoS
Unauthorized
Access
IP PBX
SPIT
Phishing
Modems
Toll
Fraud
CM
VM
CC
Admin
Gate
way
DB
TFTP
DHCP
DNS
Eavesdropping
Sniffing
SecureLogix corporate confidential. 080508
Physical
Attacks
Resource
Starvation
IP PBX Vulnerabilities
Underlying
OS
Network
Stacks
IP PBX
TDM
Interfaces
Signaling
RTP
Other Common
Services
Web
Server
CM
VM
CC
Admin
Gate
way
DB
TFTP
DHCP
DNS
SQL
SecureLogix corporate confidential. 080508
Management
Interfaces
TFTP
SNMP
DHCP
DNS
Network
NetworkVulnerabilities
Vulnerabilities
» The network can also be attacked:
» Platform attacks
» DoS
» Shared link saturation
» Eavesdropping
» Incorrect VLAN configuration
» Man-in-the-middle attacks
SecureLogix corporate confidential. 080508
IP
IPPhone
PhoneVulnerabilities
Vulnerabilities
» IP phones can also be attacked:
» Physical access
» Poor passwords
» Signaling/media
» DoS
» Unnecessary services
SecureLogix corporate confidential. 080508
IP
Phone Vulnerabilities
Protocol
Vulnerabilities (SIP)
» Directory Scanning
» Fuzzing
» Flood-based Denial of Service (DoS)
» Registration manipulation
» Call termination
» RTP manipulation
SecureLogix corporate confidential. 080508
Directory Scanning
1. INVITE derek@tpti
(spoofed source IP)
Proxy Server
Send INVITEs/OPTIONs/REGISTERS
To Scan For IP Phones
Fuzzing
Location Server
Malformed SIP
Malformed SIP
Proxy Server
Malformed SIP
Flood-based DoS
1. INVITE derek@tpti
(spoofed source IP)
Proxy Server
Send 1000000 INVITEs
Send enough INVITEs to Ring All Phones
Registration Manipulation
Location Server
3. REGISTER sip:[email protected]
Contact < [email protected] >
Expires: 1800
2. “To contact sip:[email protected]
Use sip:[email protected] for 60 minutes”
4. “To contact sip:[email protected]
Use sip:[email protected] for 30 minutes”
1. REGISTER sip:[email protected]
Contact <sip:[email protected]>
Expires: 3600
3. 200 OK
Registrar
derek’s
Phone
Call Termination
6. INVITE [email protected]
7. 200 OK
8. RTP Conversation
7. SIP CANCEL [email protected]
9. SIP BYE [email protected]
RTP Tunneling
RTP Manipulation
IP
Phone Vulnerabilities
Application
Issues
» Toll fraud
» Minor misuse
» Dial through fraud
» Social engineering
» Harassing callers
» Various modem issues
» Poorly secured modems used for remote access
» ISP modems
SecureLogix corporate confidential. 080508
IP
Phone
Vulnerabilities
Best
Practices
» Develop a voice/VoIP security policy
» Address application issues at the perimeter
» Prioritize security during VoIP deployments
» Consider a VoIP security assessment
» Follow good basic data network security for internal network
» Deploy SIP security when using SIP trunks
SecureLogix corporate confidential. 080508
IP
Phone Vulnerabilities
Resources
» www.voipsa.org
» www.blueboxpadcast.com
» www.securelogix.com
» www.voipsecurityblog.com
» Vendor sites
SecureLogix corporate confidential. 080508
Questions?
Related documents