Data embedded, encrypted and transmitted using RTP would seem to be impossible (given current technology) to detect....
VoIP RTP exfiltration defensive systems are nonexistent as far as I know. This would seem to be a great way to implant something, and the host would be never the wiser. Is there a way to prevent against such attacks?
Data exfiltration is the unauthorized removal of data from a computer or network. Data exfiltration using tunnels is also known as using a covert channel. Using VoIP is a new method for sending data out of a network, but there are many other tools for data exfiltration, including ICMP tunnels, DNS tunnels and HTTP tunnels. All of these tools can be used to transport encrypted data out of a network.
Detecting covert channels is possible, but requires significant effort depending on the protocol. Information security tools could detect various types of data tunnels based on network signatures, protocol analysis and flow data analysis. Application- or protocol-specific tools may be better able to identify anomalies in outbound traffic, but may also be difficult to use for security.
Blocking tunneled data may be more difficult than detection since you might impact your users’ legitimate traffic when misidentifying tunnels. You can block ICMP outbound at your organization’s border, block DNS requests to external servers except for your organization’s DNS servers or use a Web proxy to prevent HTTP tunnels.
VoIP RTP exfiltration tunneling could be blocked with significant effort by delaying delivery for a voicemail until it can be sent though an audio processor looking for encoded data in a voicemail, much like antispam software operates. For high security environments, there may not be a reason to allow outbound network access, but it may be difficult to block all outbound communications without a Faraday cage.
Related Q&A from Nick Lewis, Enterprise Threats
Chameleon malware targets insecure wireless access points. Enterprise threats expert Nick Lewis explains how to defend against the malware.continue reading
The Zeus malware is threatening RTF security by embedding itself in the file, which is commonly seen as safer than other file formats such as PDFs. ...continue reading
Enterprise threats expert Nick Lewis explains how to detect and avoid one of the most advanced malware threats: The Mask.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.