Security Challenges In VoIP

transcript

Thursday, March 26, 2009

Security Challenges in VoIP

Tom Gilis – Security Consultant

26 March 2009© Copyright Dimension Data 2000 - 20092

Agenda

Introduction

Segregation of Voice and Data

VoIP security threats

Conclusion

Agenda

Introduction

Conclusion

Who am I and what am I doing here ?

Tom Gilis

Security Consultant with Dimension Data

Penetration tests infrastructures and applications

Risk analysis

Purpose

Create awareness around VoIP security

Identify security risks and weaknesses

Evaluate protection mechanisms

Do we need more security with VoIP?

Uses an existing network (and its flaws)

Increase in potential attackers

Offers more services

More difficult to access

Required specialized knowledge

VoIP Networks today

Agenda

Introduction

Conclusion

Network segregation

Separate voice and data network

Improve security

Easier management

Quality of service

Physical Virtual

• Expensive

• New infrastructure

• Difficult deployment

• Cheaper

• Uses current infrastructure

• Easier deployment

You probably already use …

Virtual Local Access Networks

Group devices together in one segment

Separate Voice and Data network

VLAN Trunking

Automatic VLAN configuration

I. DHCP Options

II. Proprietary protocols (LLDP)

III. …

Automatic VLAN configuration

Security tool: VoIPHopper

(voiphopper.sourceforge.net)

Easy = YES , Security = NO !

Add authentication layer...

802.1X standard

Authentication and authorization

Username/password or certificates

Compatible with VLAN Trunking

Requires:

Phone and switch support

Authentication server

User administration

Good effort but …

Off-line brute force/dictionary attack tool

(xtest.sourceforge.net)

Conclusion segregation

Recommended

− Quality of service

− First security barrier

Hard to properly protect

Not always possible

Segregation alone is NOT enough!

Agenda

Introduction

Conclusion

Confidentiality

Availability Integrity

Information

Security

Information Security – CIA Triad

Confidentiality

Availability Integrity

Information

Security in

Information Security in VoIP

Quality of

Service

C I A Q

VoIP Call setup

VoIP Security threats

Unauthorized access

Interruption-of-service

Eavesdropping

Registration and Media manipulation

Social threats

Unauthorized access

Gaining unauthorized access to a VoIP system or component

using one of the remote services.

Administrative services (Telnet, HTTP(S), TFTP, …)

− Attacks: Password sniffing, Brute force attack, Exploits, …

− Goal: Change configuration, abuse telephone network …

− Protection:

System hardening (Vendor patches, ACL’s, …)

Good password policy

C I A Q

Source: hackingvoip.com

Brutefile.txt

Unauthorized access - TFTP bruteforce

Source: hackingvoip.com

Brutefile.txt

Unauthorized access - TFTP bruteforce

Unauthorized access – VoIP Server

Interruption-of-service

Disrupting the VoIP service by attacking an essential part of the

voice network.

Network − Denial-of-service

− SYN-flooding

− ARP spoofing

Service− DNS

− DHCP

Application− SIP flooding attack

− RTP/RTCP injections

Interruption-of-service – Network

Disrupting the VoIP service by attacking network components

Denial-of-service attacks

− Attacks: DDoS, Ping of Death, ICMP Flooding, SYN Flooding…

− Goal: Bring down an essential part of the VoIP network (routers, VoIP

gateways, telephones, …), create delay, jitter or packets drops…

− Protection:

Firewall

Intrusion Prevention Systems (IPS)

Interruption-of-service – Services

Disrupting proper VoIP communication by attacking an essential

service

DNS/DHCP/…

− Attacks: Rogue DHCP server, DNS Cache poisoning, …

− Goal: Re-route traffic to another compromised host, block new systems

from accessing the network

− Protection (Network level):

Rogue DHCP server detection

Intrusion Prevention Systems

Interruption-of-service – Application

Disrupting proper communication by targeting a VoIP control or

signaling protocols’ security weaknesses or risks

SIP/H323/RTCP/…

− Attacks: SIP INVITE flooding, SIP/RTCP or malformed packet

injection,…

− Goal: Flooding SIP proxy, terminating or disturbing calls through

injection of malicious messages, delay, jitter, packet drops, …

− Protection:

Enforce authentication for all packets (preferably mutual)

Firewall or IPS with VoIP capabilities

SiVuS – VoIP Vulnerability Scanner

Eavesdropping

Listening in on private communications between two or more

VoIP devices.

RTP (Real-time Transport Protocol)

− Attacks: MAC spoofing, WiFi hacking, ARP spoofing, MITM, …

− Goal: Gain access to the media stream

− Protection:

Network hardening

Encryption

– Protocol encryption SRTP, ZRTP

– (D)TLS, IPSec tunnels

ARP Spoof – Man-in-the-middle

Man-in-the-middle attack

Eavesdropping - Wireshark

Registration manipulation

Manipulating or inserting registration packets in order to redirect

or hijack sessions

Signalling protocols (SIP, H323)

− Attacks: Registration removal, hijacking or addition

− Goal: Masquerading, eavesdropping, …

− Protection:

Require authentication for all packets

Enforce decent password policy

SiVuS – Password Bruteforcing

Attacks SIP authentication

Works both online as offline

Numeric passwords up to 10 chars +/- 8 min

Media manipulation

Manipulation of the media stream exchanged between two

clients

RTP (Real-time Transport Protocol)

− Attacks: RTP injection

− Goal: Change or add certain voice messages in a conversion

− Protection:

Network hardening

Protocol encryption SRTP, ZRTP

(D)TLS, IPSec tunnels

Social threat – VoIP Spam (SPIT)

Abusing public VoIP service providers or hacked VoIP solutions

to get commercial messages to the different users

Direct access to target user

Low costs

Hard to protect against

Not popular now but what about in the future?

Interconnections through SIP trunks

More VoIP end-to-end

Easier access

Social threat – VISHING

Social engineering attacks in order to entice users to call a

specific number and give out confidential information

Agenda

Introduction

Conclusion

Confidentiality & Integrity

•Use encryption where possible

− Application layer:

SRTP, ZRTP, S/MIME in SIP

− Transport/Network Layer:

(D)TLS, IPSec

•Authentication

− Preferably mutual

− Strong passwords

•Keep your software up-to-date

Availability and Quality-of-Service

•Network hardening

•Security devices

− Firewall

− Intrusion Prevention System

•Redundancy

− Fail-over

− UPS

•Logging and monitoring

Conclusion – Security threats

Costs VS SecurityAdded infrastructure:

Better and faster hardware

PKI environment, RADIUS server, …

Maintenance

Installation

YES, secure VoIP exists !

Recommendations

Design and implement a secure network environment

Use encryption where possible

Assure availability through proper redundancy – e.g. Network

infrastructure, UPS, …

Good password management

Don’t use soft-phones

Protect your wireless clients with proper protection

Penetration tests and security audits

Questions and Answers

Thank you !

Security Challenges In VoIP

Technology