An alchemists view from the bar

Network Security Alchemy

Posts Tagged ‘VoIP

Snort and VoIP – Thoughts on IPS in a modern voice network

leave a comment »

I have been putting some thought into the subject of voice over IP (VoIP) and the fact it presents a particularly interesting security challenge. Communication line convergence was one of the big pushes in the early 2000’s due to the cost savings it advertised, this unification of network and voice communications also seeded the uptake of then emerging VoIP technologies into enterprise networks. Many years on VoIP is now widely accepted as a technology mature enough to be provided to a wider consumer market but still lacks some of the security features expected in a mature system.

The reason I find this security challenge interesting is that it brings together two distinct threat and concern types; one of voice communication services and one of IP networks. Those implementing or maintaining a VoIP network are commonly from one of these two backgrounds, and therefore may initially see only half of a security objective.

Stock IP threats

These are the concerns that are picked up by the regular IP networking person and probably the threats that they think about daily. For example;

  • Remote Code Execution
  • Denial of Service
  • Traffic interception

Because the Voice platform is now on an IP connected and integrated network, all of these now also exist in your voice infrastructure. In fact, all of these concerns existed before, however inward connections were far more limited than on your nice new VoIP system and attacks were less likely.

Voice specific threats

Those who maintain large non-IP voice networks have similar problems keeping them awake at night. Commonly these concerns fall into one of the following categories:

  • Service theft (toll fraud)
  • Evesdroping (wiretapping)
  • Service Disruption / Outage (read Denial of Service)

The most common VoIP signalling protocol I see in use  SiP, and it is pretty simple to understand from an observers point of view. This means that it IP based security threat monitoring tools could be converted to the voice world, IDS/IPS on VoIP networks could offer discovery and mitigation of both traditional IP network threats along with the voice specific. I recommend that those maintaining a VoIP infrastructure take a look at a modern IDS system to determine  if it can help them discover and protect against many of the threats that concern them.

Snort obvoiusly has a bucket of rules specific to voice networks put together by the Sourcefire VRT, and there are also additional offerings from the Bleeding Threats.


Written by leonward

August 27, 2008 at 12:07 pm

Posted in Security

Tagged with , ,