Data embedded, encrypted and transmitted using RTP would seem to be impossible (given current technology) to detect....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
VoIP RTP exfiltration defensive systems are nonexistent as far as I know. This would seem to be a great way to implant something, and the host would be never the wiser. Is there a way to prevent against such attacks?
Data exfiltration is the unauthorized removal of data from a computer or network. Data exfiltration using tunnels is also known as using a covert channel. Using VoIP is a new method for sending data out of a network, but there are many other tools for data exfiltration, including ICMP tunnels, DNS tunnels and HTTP tunnels. All of these tools can be used to transport encrypted data out of a network.
Detecting covert channels is possible, but requires significant effort depending on the protocol. Information security tools could detect various types of data tunnels based on network signatures, protocol analysis and flow data analysis. Application- or protocol-specific tools may be better able to identify anomalies in outbound traffic, but may also be difficult to use for security.
Blocking tunneled data may be more difficult than detection since you might impact your users’ legitimate traffic when misidentifying tunnels. You can block ICMP outbound at your organization’s border, block DNS requests to external servers except for your organization’s DNS servers or use a Web proxy to prevent HTTP tunnels.
VoIP RTP exfiltration tunneling could be blocked with significant effort by delaying delivery for a voicemail until it can be sent though an audio processor looking for encoded data in a voicemail, much like antispam software operates. For high security environments, there may not be a reason to allow outbound network access, but it may be difficult to block all outbound communications without a Faraday cage.
Dig Deeper on Data loss prevention technology
Related Q&A from Nick Lewis
An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform ...continue reading
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that ...continue reading
Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.