Data embedded, encrypted and transmitted using RTP would seem to be impossible (given current technology) to detect....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
VoIP RTP exfiltration defensive systems are nonexistent as far as I know. This would seem to be a great way to implant something, and the host would be never the wiser. Is there a way to prevent against such attacks?
Data exfiltration is the unauthorized removal of data from a computer or network. Data exfiltration using tunnels is also known as using a covert channel. Using VoIP is a new method for sending data out of a network, but there are many other tools for data exfiltration, including ICMP tunnels, DNS tunnels and HTTP tunnels. All of these tools can be used to transport encrypted data out of a network.
Detecting covert channels is possible, but requires significant effort depending on the protocol. Information security tools could detect various types of data tunnels based on network signatures, protocol analysis and flow data analysis. Application- or protocol-specific tools may be better able to identify anomalies in outbound traffic, but may also be difficult to use for security.
Blocking tunneled data may be more difficult than detection since you might impact your users’ legitimate traffic when misidentifying tunnels. You can block ICMP outbound at your organization’s border, block DNS requests to external servers except for your organization’s DNS servers or use a Web proxy to prevent HTTP tunnels.
VoIP RTP exfiltration tunneling could be blocked with significant effort by delaying delivery for a voicemail until it can be sent though an audio processor looking for encoded data in a voicemail, much like antispam software operates. For high security environments, there may not be a reason to allow outbound network access, but it may be difficult to block all outbound communications without a Faraday cage.
Dig Deeper on Data Loss Prevention
Related Q&A from Nick Lewis
IP devices like multifunction printers and faxes may be an attack vector. Expert Nick Lewis explains the vulnerabilities, and how to secure them ...continue reading
AceDeceiver is a Trojan that can install itself on iOS devices without any certificates. Expert Nick Lewis explains how it works, and how enterprises...continue reading
USB Thief, a new type of stealth malware, leaves no trace on air-gapped targets. Expert Nick Lewis explains how the malware works and how enterprises...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.