Archive for August 2008
I have been putting some thought into the subject of voice over IP (VoIP) and the fact it presents a particularly interesting security challenge. Communication line convergence was one of the big pushes in the early 2000’s due to the cost savings it advertised, this unification of network and voice communications also seeded the uptake of then emerging VoIP technologies into enterprise networks. Many years on VoIP is now widely accepted as a technology mature enough to be provided to a wider consumer market but still lacks some of the security features expected in a mature system.
The reason I find this security challenge interesting is that it brings together two distinct threat and concern types; one of voice communication services and one of IP networks. Those implementing or maintaining a VoIP network are commonly from one of these two backgrounds, and therefore may initially see only half of a security objective.
Stock IP threats
These are the concerns that are picked up by the regular IP networking person and probably the threats that they think about daily. For example;
- Remote Code Execution
- Denial of Service
- Traffic interception
Because the Voice platform is now on an IP connected and integrated network, all of these now also exist in your voice infrastructure. In fact, all of these concerns existed before, however inward connections were far more limited than on your nice new VoIP system and attacks were less likely.
Voice specific threats
Those who maintain large non-IP voice networks have similar problems keeping them awake at night. Commonly these concerns fall into one of the following categories:
- Service theft (toll fraud)
- Evesdroping (wiretapping)
- Service Disruption / Outage (read Denial of Service)
The most common VoIP signalling protocol I see in use SiP, and it is pretty simple to understand from an observers point of view. This means that it IP based security threat monitoring tools could be converted to the voice world, IDS/IPS on VoIP networks could offer discovery and mitigation of both traditional IP network threats along with the voice specific. I recommend that those maintaining a VoIP infrastructure take a look at a modern IDS system to determine if it can help them discover and protect against many of the threats that concern them.