Date post: | 29-Jan-2016 |
Category: |
Documents |
Upload: | benedict-hampton |
View: | 213 times |
Download: | 0 times |
Impact of SIP on Network Integrity
Adrian
Outline• Introduction• Who are CPNI?• What is SIP and why is it a problem?• What can we do about it?
• Adrian – worked in CPNI for 2 ½ years as a telecommunications security advisor
• Prior to that 29 years with FCO and MOD advising on use of telecommunications
• Technical background, definitely no tact for a diplomatic career!
Introduction
• Centre for the Protection of National Infrastructure
• Government Department• Advice on “Keeping the lights on” for the UK• Concentrate on Critical Infrastructure– Lot of advice valid for all infrastructure
Who are CPNI?
• SIP– Session Initiation Protocol– Used to start (and end) Voice over IP
• SIP is not the whole problem– IP (Internet Protocol) is another part– So is the general “freedom of information”
What is SIP and why is it a problem?
Internet• In the good old
telecommunication days…– Physical Separation– Bespoke and little known
protocols– First (and 2nd) Line of
Defence
• Now…– Internet Protocol– Shared physical path– First lines of defence gone
• “May you have a choice of many standards…”• In good old TDM / SS7 there were two fields
(both numeric)– “Dialled Number” (you), “CLI” (me)
• In SIP there are many, many fields to choose– “From”, “To”, “Contact”, “Allow”, “ID”, “Privacy” …
• In many formats…– SIP URI (User@host), Tel URI (+44 7717 …)
SIP
• Massive amount of Open Source information– SS7; running short of experts.– SIP
And…
• On the one hand– Security reduced by common network protocol
• On the other– Much more complicated signalling– Those of ill intent know as much as the good guys
So – Treble whammy
• SIP Overload Control– DoS – Send spoof control messages
• Telemarketing / Hoax Calls– Spoof CLI, call priority, call divert status…
• Denial of Service (general)– All sorts of options [packet complexity]
• Denial of Service (specific)– Flatten handset battery with spoof invites
Potential Problems
• Can’t do a lot about information sharing– And it’s not all a bad thing
• IP layer– Good housekeeping– Make sure messages come from who you think
they do• SIP Layer– Keep messages “tight”– Validate
What can we do about it?
Questions?