Download H.323 Hardware and Software Vulnerabilities

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
Document related concepts

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

Green Dam Youth Escort wikipedia , lookup

Transcript 
H.323
Hardware and Software
Vulnerabilities
Jeremy Freeman
Brian Leger
Robert Muller
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
1
Agenda

H.323 and Convergence
 Software Vulnerabilities
 Hardware Vulnerabilities
 Wrap Up
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
2
Convergence and H.323
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
3
Convergence
“The capability of one public network to carry
all types of traffic – voice, data, and video –
as packets.”
- The Essential Guide to Telecommunications, 3rd Edition. Annabel Z. Dodd.
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
4
Voice over IP

Started in 1995
 PC to PC
 A few companies using proprietary software
– Net2Phone
– VocalTec
– Dialpad
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
5
Voice over IP

Significant savings to businesses
– Less expensive moves, adds and changes (MACs)
– Reduced personnel
– Lower infrastructure and management costs

Significant savings for everyone
– Lower long distance charges, especially overseas
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
6
Voice over IP
Growth of International VoIP traffic
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
7
Interoperability
The issue is whether to cling to incompatible
proprietary systems
OR
To embrace universal standards?
The answer is clear:
 H.323 (ITU-T)
 SIP (IETF)
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
8
H.323

H.323 is an umbrella protocol used to
transmit real time multimedia over packetbased networks.
 Its goal is to provide reliable quality of
service and delivery over an IP network that
does not guarantee either.
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
9
H.323 Security: H.235
Specifies security requirements for (H.323
and H.245-based) multimedia terminals.
Four security services are covered:
– Authentication
– Integrity
– Privacy
– Non-repudiation
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
10
H.323 Entities

Terminals
 Gateways
 Multipoint control units (MCUs)
 Gatekeepers
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
11
H.323 Terminal
Endpoint in the H.323 network
 Multimedia PC
 Stand-alone device
 Even a simple telephone
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
12
H.323 Gateway
Gateway provides:
 Control signaling translation
 Audio/video codec translation
 Data format translation
 Call setup/termination functionality on both
sides of the network
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
13
H.323 MCU
Multipoint control units (MCUs)
 Mediates multi-party (3 or more endpoints
in an H.323 network
 Required only if multiparty conferences are
desired
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
14
H.323 Gatekeeper
The “brains” of an H.323 network
 Manages a single ‘zone’
 All of the devices in that zone must register
with the gatekeeper:

–
–
–
–
terminals,
gateways
MCUs
routers
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
15
H.323 Network
Gateway
Terminal
PSTN
Terminal
LAN
Terminal
April 12, 2004
MCO
Gatekeeper
H.323: Hardware and Software
Vulnerabilities
Router
Internet
or Intranet
16
Software Vulnerabilities
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
17
CERT Bulletin

CERT Advisory CA-2004-01
– Multiple H.323 Message Vulnerabilities
– January 2004
Submitted by U.K.’s National Infrastructure
Security Coordination Centre (NISCC)
 Exploitation of Vulnerabilities

– DoS
– Execution of Malicious Code
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
18
H.225.0
Call Setup Phase
Endpoint 1
Endpoint 2
Setup
ceeding
Call Pro
Alerting
Connect
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
19
H.225.0
Call Setup Phase

End Points listen on port 1720 for incoming
calls.
 No security at this point.
 Malformed messages will cause the receiver
to either hang or crash.
 OUSPG testing suite.
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
20
OUSPG Test Suite

Oulu University Secure Programming Group
(OUSPG)
– Finland, January 2004
– Also developed test suite for SNMP in 2002.

PROTOSTest Suite c07-h2250v4
 Developed to expose vulnerabilities in the H.323
protocol (specifically H.225.0)
 Exercises all of the fields in the H.225.0 protocol
 4500+ test cases.

http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
21
Microsoft

January 2004 Security bulletin MS04-001
 Buffer overflow in ISA Server 2000
Firewall Service
 Crashes the system!!
 Workarounds
– Access lists for port 1720
– Block 1720
 Cuts off VoIP to the outside world!
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
22
Cisco
“Security Advisory: Vulnerabilities in
H.323 Message Processing”
 Internetwork Operating System (IOS)
software
 Same issues as MS

– Buffer overflow

Cisco recommends Upgrade!!! ASAP!!
– Blocking 1720 and access list will work too.
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
23
Mitigating These Problems

Code Reviews
 Spiral Methodology
 Time to release and schedule pressures cut
into testing extreme cases.
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
24
Hardware Vulnerabilities
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
25
Hardware Vulnerabilities

Firewalls
 Vendor products
 I blame software!
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
26
Firewalls



Both ends need to be configured for H.323
“Phase I: H.323 terminal (A) starts by sending a “Setup
message” to another H.323 terminal (B) containing its
destination address. Terminal (B) responds by sending a Q.931
“Alerting message” followed by a “Connect message” if the
call is accepted. During this first phase of call signaling, the
only port used for communication is TCP port 1720. If the
destination terminal accepts the call, the second phase of
negotiations using the H.245 protocol begin.
Phase II: During the H.245 negotiations, both terminals will
exchange their terminal capabilities. The terminal capabilities
include media type, codec choices, and multiplex information.
Each terminal will respond with a “terminal Capability Set Ack
message”. The terminals’ capabilities may be resent at any
time during the call.
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
27
Firewalls

Phase III: the final phase of the call setup
deals with the master/slave relating between
the two terminals. The master/slave
relationship is used to resolve any conflict
that may arise between the two terminals
during the duration of the call. Once the call
setup process is complete, the audio and
video channels are opened and the video
conference call begins.”
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
28
Firewalls

Phase II & III – ports dynamically assigned.
Which ports will be used…hard to
configure rules when you don’t know?
Leaving ports open and alone creates big
hole in firewall.
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
29
Solutions

Cisco
– One zone w/inside equipment
– One zone w/outside (Internet)
– Each zone has router/gatekeeper
– Inside stuff registers w/inside gatekeeper
– Outside stuff registers w/outside gatekeeper
– One port for H.323 traffic
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
30
Solutions

Aravox
– Filter device between firewall and ISP
– All traffic goes through firewall
– H.323 traffic filtered and sent
– Other traffic goes through firewall
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
31
Vendor products w/problems

TandBerg, Cisco, Polycom, and Intel to name a
few.
 Products are/should be to standard, BUT that
doesn’t mean different vendors’ products play
nice together.
 DoS: CPU 100% utilized, service degrades;
calls can drop; no new calls. Have to reboot.
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
32
What To Do?

Upgrade to latest software/firmware (highly
recommended)
 Use a firewall (good idea, but has its own
problems)
 Block ports (cool if you don’t want to ever
use it again)
 Create access list of trusted addresses
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
33
Conclusion

H.323 has vulnerabilities
 Exploiting these cause DoS
 Hardware and Software to blame.
 Buffer overflows should’ve been accounted
for during development.
 Constant upgrading keeps network safe.
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
34
Questions?
April 12, 2004
H.323: Hardware and Software
Vulnerabilities
35
Related documents
Liability Regimes
Liability Regimes
Overview of the SSNAPP Methodology
Overview of the SSNAPP Methodology
Cybersecurity of Medical Devices
Cybersecurity of Medical Devices
Role of Web Application Vulnerabilities in Information
Role of Web Application Vulnerabilities in Information
This Article argues that intellectual property law stifles critical
This Article argues that intellectual property law stifles critical
Careless Delegation of Trust
Careless Delegation of Trust
Vulnerability
Vulnerability
Climate Change Impacts in the United States
Climate Change Impacts in the United States
Operating System Security Chapter 9 Operating System Security
Operating System Security Chapter 9 Operating System Security
Networks
Networks