Data embedded, encrypted and transmitted using RTP would seem to be impossible (given current technology) to detect....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
VoIP RTP exfiltration defensive systems are nonexistent as far as I know. This would seem to be a great way to implant something, and the host would be never the wiser. Is there a way to prevent against such attacks?
Data exfiltration is the unauthorized removal of data from a computer or network. Data exfiltration using tunnels is also known as using a covert channel. Using VoIP is a new method for sending data out of a network, but there are many other tools for data exfiltration, including ICMP tunnels, DNS tunnels and HTTP tunnels. All of these tools can be used to transport encrypted data out of a network.
Detecting covert channels is possible, but requires significant effort depending on the protocol. Information security tools could detect various types of data tunnels based on network signatures, protocol analysis and flow data analysis. Application- or protocol-specific tools may be better able to identify anomalies in outbound traffic, but may also be difficult to use for security.
Blocking tunneled data may be more difficult than detection since you might impact your users’ legitimate traffic when misidentifying tunnels. You can block ICMP outbound at your organization’s border, block DNS requests to external servers except for your organization’s DNS servers or use a Web proxy to prevent HTTP tunnels.
VoIP RTP exfiltration tunneling could be blocked with significant effort by delaying delivery for a voicemail until it can be sent though an audio processor looking for encoded data in a voicemail, much like antispam software operates. For high security environments, there may not be a reason to allow outbound network access, but it may be difficult to block all outbound communications without a Faraday cage.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.