voip security voice over internet protocol
Skip this Video
Download Presentation
VoIP Security (Voice over Internet Protocol)

Loading in 2 Seconds...

play fullscreen
1 / 28

VoIP Security - PowerPoint PPT Presentation

  • Uploaded on

VoIP Security (Voice over Internet Protocol). Brian Martin Matt Protacio February 28, 2007. History of VoIP. First “ internet phone ” service offered in 1995 by a company called Vocaltec Most people didn ’ t yet have broadband, and most soundcards were half duplex.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'VoIP Security' - richard_edik

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
voip security voice over internet protocol

VoIP Security(Voice over Internet Protocol)

Brian Martin

Matt Protacio

February 28, 2007

history of voip
History of VoIP
  • First “internet phone” service offered in 1995 by a company called Vocaltec
    • Most people didn’t yet have broadband, and most soundcards were half duplex.
  • First PC to phone service in 1998, followed by phone to phone service. Cisco, Nortel, and Lucent develop hardware VOIP switches (gateways).
  • VOIP traffic exceeded 3% of voice traffic by 2000
history of voip continued
History of VoIP (Continued)
  • Around 2004 began mass marketing for “digital phone” service bundled with broadband arranged so calls would be received over regular phones.
  • “Digital phone” services use an adaptor from the modem to a phone jack so there is almost no difference between that and regular phone service. Other services use software clients requiring a computer with a microphone.
voip vs old phones
VoIP vs. Old Phones
  • Benefits:
    • More efficient bandwidth usage
    • Only one type of network required, data abstraction in the network
  • Criticisms:
    • 911 localization doesn’t always work
    • Phones aren’t useable in a power outage, unless UPS are deployed
    • Fax machines might not work
common voip security threats
Common VoIP Security Threats
  • VoIP Security Alliance, founded in 2005
    • Threat Taxonomy
    • Forums, Articles
  • Caller misrepresentation, caller id spoofing
  • Unwanted calls, spam or stalking
common voip security threats continued
Common VoIP Security Threats (Continued)
  • Traffic Capture
  • Eavesdropping
  • Interception
  • Alteration (conversion quality, content)
  • Black holing
  • Call Hijacking
    • SIP (Session Initiation Protocol) register hijacking
  • DoS
sip registration hijacking with sivus and a botnet
SIP registration hijacking with SiVuS and a botnet
  • SIP
    • Session Initiation Protocol
    • Application layer control protocol for initiating VOIP sessions
    • Control messages were not encrypted and had no mechanism to verify integrity
      • So even if registration requires authentication, it can be sniffed easily
the basic attack plan
The basic attack plan
  • Both Callers must register with a registrar server before a call may be initiated
    • DoS the receiver with zombie minions
    • Deregister him with the registrar
    • Falsify his registration with SiVuS
    • Anyone planning to call him will not know and you can try to claim you are the legitimate call receiver.
    • Chances are the intended call receiver will not notice either
good ideas
Good Ideas
  • If using SIP use TLS
    • Transport Layer Security (encryption, basically)
    • The text based messages of SIP are considered a feature though
  • If only VoIP appliances are connected to the the network, then no PCs are available to launch attacks from.
  • Segregate data and voice to their own Virtual Lans (VLANs)
  • Encrypt!!!
    • Prevents voice injections and casual eavesdropping
  • Redundant network to deal with DoS.
  • Secure IP-PBX and gateway boxes
voip popularity
VoIP Popularity
  • “VoIP use has more than doubled in the past year, according to Telegeography Research, and experts expect the growth to continue.”
    • New York Daily News, Februray 26, 2007
popular voip services
Popular VoIP Services
  • Enterprise
    • Cisco CallManager
  • Home
    • Vonage
    • Skype
    • Cable Companies (Time Warner, Insight, Comcast, etc.)
cisco callmanager
Cisco CallManager
  • Enterprise VoIP Product
  • Marketed towards companies and organizations looking to replace legacy PBX (Private Business Exchange) systems or install a new IP telephony based system
cisco callmanager system design
Cisco CallManager System Design
  • Phones
    • Deskphones, model 7960
      • Ethernet, PoE (Power over Ethernet)
    • Software Phone
      • IP Communicator
      • Popular for using across a VPN
cisco callmanager system design continued
Cisco CallManager System Design (continued)
  • Servers
    • CallManager Subscribers and Publishers
      • Windows or Linux Servers running Cisco Software
      • Process all calls
      • Interface with existing PBX systems
callmanager security
CallManager Security
  • Multiple VLANs
    • Separate VLANs for Voice and Data
    • Higher Security by isolating voice on separate VLAN
  • Primary Protocols
    • SIP
    • H.323
h 323 attack
H.323 Attack
  • Attacker can exploit the open standard protocol to establish malicious phone calls
  • Microsoft Netmeeting can be used to initiate an H.323 Phone Call
  • Malicous phone calls can be established to make international calls
  • Threat can be eliminated by not allowing international dialing on lines from telephone company
ip phone tap
IP Phone Tap
  • Capture IP packets from Phone
    • Use Ethereal network sniffer
  • Extract audio from packets
  • Export audio file of phone call
prevent phone tapping
Prevent Phone Tapping
  • Encrypt voice traffic
  • Prevent attacker from capturing traffic out of a phone
    • Lock down access to network switch phone is connected to
  • VoIP is established as the future of telephones
  • Security is critical when designing and maintaining VoIP systems