Post on 21-Jun-2015
transcript
04/13/23 1© Copyright 2006, Verizon. All rights reserved.
Service Provider Perspective on Voice over IP (VoIP) Security
Stu Jacobs, CISSP, CISM
ISSA Member
Sr. Technologist - PMTS
Verizon Laboratories
This material is part of ongoing efforts of Verizon and Verizon management to engage in thoughtful considerations of the fundamental changes and challenges facing the telecommunications industry. To meet its fiduciary responsibilities, management must explore all alternatives, even those that may appear highly
speculative and hypothetical. Statements and representations contained herein are preliminary and/or tentative and should not be relied on unless approved by the appropriate Verizon governing body.
04/13/23 2© Copyright 2006, Verizon. All rights reserved.
Agenda
• Why security is needed
• Security Model, Services and Mechanisms
• Requirements and solutions
• VoIP Service Infrastructure
04/13/23 3© Copyright 2006, Verizon. All rights reserved.
What is Security Responsible for
• Protecting customers (3rd person liability).• Ensure confidentiality-integrity of customer information
• Maintain customer contracted service availability.
• Enforce customer access to only authorized features.
• Ensure error-free and non-malicious interaction between customers and the system.
• Protecting the system itself (1st person liability).• Maintain the confidentiality and integrity of system information.
• Enforce operations access to those system attributes authorized
• Providing error-free and non-malicious interaction between operations and the system.
04/13/23 4© Copyright 2006, Verizon. All rights reserved.
The Past
• Closed circuit-based networks
• Physical security of central offices
• Password access to network elements
• Out-of-band signaling to reduce fraud
04/13/23 5© Copyright 2006, Verizon. All rights reserved.
The Evolving Threat
• Internal
– Malicious insiders are the greatest threat to our critical national infrastructures.
• External
– Today's geo-political climate will result in cyber attacks against national communications and control systems of economic, safety, or political significance.
• Politically (ideologically) motivated cyber attacks are increasing in volume, sophistication, and coordination.
04/13/23 6© Copyright 2006, Verizon. All rights reserved.
The Present
• The circuit network is a slow controlled process.
• IP-based networks will be very different.
• Denial of Service attacks are increasing.
• Speedy updates are essential now.
• Wireless access is growing.
• New services are coming.
04/13/23 7© Copyright 2006, Verizon. All rights reserved.
Historic vs. IP Networks
• Historic– Network self-contained
(limited external connectivity)
– Limited knowledge base of network systems
– Protocols not well known
– Limited common group of interconnectors
– Dumb Subscriber terminals
• IP– Connectivity to many networks
(enterprise, residential, WiFi, Internet, ISPs)
– Switches, routers, DNS servers, etc., common to other TCP/IP networks
– TCP/IP, UDP, SIP RTP and H.323 are publicly available
– Unknown, but high number of connectors
– SIP phones and soft-clients are computer based intelligent processors: Microsoft Windows deploys SIP on every XP PC
04/13/23 8© Copyright 2006, Verizon. All rights reserved.
State of the Internet
• Today 18% of the Internet bandwidth is attack traffic • There are now in excess of 30,000 bots in one network waiting to
attack systems (Nigel Beighton, Symantec)• SPIT (spam over Internet telephony) - unsolicited bulk messages
broadcast over VoIP quickly catching on• Legislation is increasing in the security area
– In 1998 600 laws, today 1400 and growing, State privacy laws are changing too
• Speedy updates are essential now• 99% of all successful compromises targeted known vulnerabilities• In 2004, 10 days from known vulnerability to automated exploit.
Two years ago it was 180 days.• MIT study showed that an un-patched NT system was compromised
in 55 seconds
• Computer viruses and hacking took a $1.6 trillion toll on the worldwide economy - $266 Billion in the US
• Companies lose 2.1% of their market value within 2 days after a security breach
04/13/23 9© Copyright 2006, Verizon. All rights reserved.
The Future
• Vulnerabilities in one carrier could ripple over to multiple interconnected carriers.
• Convergence will require significant retraining.• New protocol servers, proxies and media gateways
will have to be managed. • New OSS need to be built.• New services will stress the infrastructure.• Voice, data and video will converge.
04/13/23 10© Copyright 2006, Verizon. All rights reserved.
Security Must Scale
• An international footprint; 1000s of COs, 100s of other buildings
• 100,000s of personnel
• 100,000s of employee desktop systems
• 1,000,000s of software controlled NEs
• 10,000,000s of customer CPE
• 100s of Peer carrier networks
04/13/23 11© Copyright 2006, Verizon. All rights reserved.
Security Model
The major rules to follow:1. Trust can NOT be assumed; communication amongst systems
and interaction between people & systems must be explicitly authenticated and authorized
2. Security must be layered, i.e. defenses in depth3. Perimeter hardening, like physical measures, is just a first step4. All network elements must be hardened as "defensive strong
points" in their own right5. Deploy multiple security technologies to counter the plethora
of attack types in use today (growing over time)6. Security integrated into systems, not bolted on later7. Security MUST be manageable, the S in FCAPS must be more
that just log file evaluation.
04/13/23 12© Copyright 2006, Verizon. All rights reserved.
Security Services
• Authentication• Authorization (a.k.a. Access Control)• Confidentiality • Integrity• Non-Repudiation
VoIP relies on many of the same security mechanisms as any other IP-based infrastructure
04/13/23 13© Copyright 2006, Verizon. All rights reserved.
Necessary Security Mechanisms
• Firewalls/Routers• Session Border Controls • Anti Virus • Intrusion Detection Systems • Intrusion Prevention Systems (Appl. Layer FW)• Authentication/Credential Servers • Vulnerability Discovery• Authenticated Signaling and Control
04/13/23 14© Copyright 2006, Verizon. All rights reserved.
Security Operations
• Asset Discovery Classification
• Change Management
• Configuration Management
• Corrective Action
• Fault Management
• Provisioning
• Security Control Integration
• Security Control Upgrade
• Security Event Management
• Template Management
• Ticketing System
• Verification and Validation• Vulnerability Detection
(reactive)
• Vulnerability Discovery (proactive)
04/13/23 15© Copyright 2006, Verizon. All rights reserved.
Security Management • Security Fault Management
– Event collection (IDS, traps, etc.), reconciliation/consolidation, Alarm generation, attack identification, attack mitigation
• Security Configuration Management– Packet filtering rules, cryptographic policies and parameters, security
patches, access control rules, login accounts, etc.
• User Account Management– Login authorization for administrative & craft (could be expanded to cover:
peer-carrier, law enforcement, vendor, customer)
• Security Authentication Credentials Management– passwords, SecureID (tokens), Radius, symmetric/asymmetric cryptographic
key material
• Validation Management– Auditing, Vulnerability Analyses, Intrusion Detection
• Corrective Action Management– Trouble ticketing
• Security Management Information Base Repository– Central repository of all network elements security attributes
(ANSI standard letter ballot coming in 1H-2006)
04/13/23 16© Copyright 2006, Verizon. All rights reserved.
VoIP Security
04/13/23 17© Copyright 2006, Verizon. All rights reserved.
VoIP Attacks
• Over 4,527 SIP invite attacks discovered in the Protos test suite for SIP INVITE messages
• SIP phone configuration eavesdropping of unsecured downloads
• Compromised Domain Name Servers resolving routes to hijacked proxy server
• SIP phone registration hijacking and identity theft/impersonation
• SIP proxy impersonation allowing interception, eavesdropping and fraudulent routing of calls.
• SIP message tampering and RTP stream injection (Spam over Internet Telephony…SPIT)
04/13/23 18© Copyright 2006, Verizon. All rights reserved.
Service Network Functional Model
IP Network
Transport
Layers 1 - 4
Std POTSPhone
SSP
BC
TDM Cl 4/5
Fabric
LineTerm
SSP
BC
TDM Cl 4/5
Fabric
LineTerm
T-MGGWC
ConvTerm
L-MGGWC
ConvTerm
OLTBridg ing
IP Service Edge FG
DNS ENUM
NTP
IP Network Infrastructure FG
SIPProcessing
323IW
SIPRegistrar
BPC
SIP SessionProcessing
LS
Session Control FG
SIPTLS / IPSEC
BC
PC P
G W C (m )
SIPProcessing
B PC
MGC FG
VODSession
Network Policy FG
R outingP olicy
Data Resources FG
PIM
Events
IM
PAM
Web
Conference
Media Resources FG
IPe
Media
VOD
Subscriber Policy FG
User AAServicePolicy
User / Service Management FG
ContextMgmt
SubscriberMgmt
ServiceMgmt
Apps & Svcs
Integrated Services FG
Line SvcsVOD Svc
SIPEnd-
points(e.g.
Phone,IAD)
VideoEnd-
points(e.g.STB)
ParlayJAINSIP
T D MS/B
Signaling & Control
Applications & Services
Operations
End-User Domain Access Verizon Domain Partner Carrier Domain
T C A P
R T P
R T P
R T P
IP Service Edge FG
R T P
H.248none / IPSEC
FCAPS FG
Fault Mgmt
Accounting
Config Mgmt
Security Mgmt
Session Control FG
SIPProcessing
SIPTLS / IPSEC
e.g. Midcom
e.g. Midcom
T D MB earer
S IP
S IM P LE
S M T P /P O P 3
H T T P (s )
R P C
R A D IU S
S IP /M S C M L
SIPTLS / IPSEC
SIPDigest / TLS
UNI NNI
HTTP(s)SSLv3
SMTP,POP3,IMAP4
SIMPLE , XMPP
H T T P (s )/S O A P ,LD A P
R T P R T P
DHCP
R A D IU S
SIPDigest / TLS
P O T S
RTP
Application
T D MS/B
Msg SvcsConf Svcs
Game Svcs
Audio Svcs
D S M -C CR T S P
ParlayJAIN
S IP S IP
S IP /M S C M L
H T T P (s )/S O A PS S Lv3
Web Browser
IM
Email/Vmail
iobi
SIP Client
SIMPLE , XMPP
SIPDigest / TLS
SBC-SP
R T P
Web Svcs
SIPTLS / IPSEC
Fwd
SBC
IS U P
SNMPv1,2,3none / IPSEC
IPG
IPG Svc
M P E G 2/U D P
Bcast Auth
B cas tA uthorization
IPGIP
IPGIP
M P E G 2/U D P
Secured Signaling (Data) Interface
IP Bearer InterfaceSignaling (Data) Interface
TDM Bearer Interface
D S M -C CR T S P
D S M -C CR T S P
H.323End-
points(e.g.PBX)
H.323none / IPSEC
R T P
D S M -C C /U D PR T S P /T C P
S IP /M S C M L
P O T S
SIPnone / IPSEC
FirewallNATPolicing
Control
Forwarding
Service/Network ArchitectureFunctional Model
Version:Date:Service:
4.025 March 2005
ONT
Base View
IP
Speech
H T T P (s )/S O A P ,LD A P
Calendar
iC al
IP
SCPAIN FG
Voice Svcs
IP GW
SIPProcessing
GDI
SIPProcessing
SIP
TCP/XML
Trunk Svcs
G R 1129
S IM P LE
iobi Svcs
HTTP(s)SSLv3
C ertif ica tes
E lem entAA
ANI
IP
Reference Points:
- UNI Signaling Interface
- <not used>
- ANI (target) (e.g. IMS ISC interface)
- UNI Bearer Interface
- NNI Bearer Interface
- NNI Signaling Interface
- UNI Signaling Interface
- UNI Bearer Interface
1
2
3
4
5
6
7
8
1
3
4
5
6
7
8
Service Provider Domain
App Client
App
04/13/23 19© Copyright 2006, Verizon. All rights reserved.
New Protocols & Functionality
• Signaling– SIP, H.248, MGCP, Skinny, ISUP, TCAP
• Bearer Traffic– RTP/SRTP, SCTP
• Infrastructure– Profiles, Credentials, Time, Directories
• Services– Basic, Conferencing, Unified Messaging, Presence,
Location, Brokering, etc.
04/13/23 20© Copyright 2006, Verizon. All rights reserved.
Where Do Standards Fit In?
• Approved Standards– ANSI T1.276, T1.678
– ITU-T X.800, X.81x, M.3016
– ANSI/TIA J-STD-025a (-b)
• Work in Progress– ATIS PTSC Signaling & Control, TMOC SMS
– ITU-T NGN
– ETSI TISPAN
– IETF, MSF, OIF, VOIPSA, others
04/13/23 21© Copyright 2006, Verizon. All rights reserved.
Conclusion
• Vendors need to take security seriously as they architect and design next generation components.
• The goal is reliable and trustworthy communications and operations.
• Learning from the past and present will ensure that future networks will be built with the appropriate security mechanisms and policies/procedures.
04/13/23 22© Copyright 2006, Verizon. All rights reserved.
Questions?
04/13/23 23© Copyright 2006, Verizon. All rights reserved.
Thank you
Stuart Jacobs CISSP, CISMPMTS - Sr. Technologist
Network SecurityVerizon Laboratories
40 Sylvan RoadWaltham, MA 02451-1128 USA
telephone: (781) 466-3076 fax: (781) 466-2838stu.jacobs@verizon.com