This article can also be found in the Premium Editorial Download "Information Security magazine: Help! Evaluating AV solutions and tech support."
Download it now to read this article plus other related content.
Getting enough Viagra spam in your email inbox? Or telemarketing calls with special credit card offers when you're sitting down to dinner? Just wait until you have a VoIP phone on your desk.
With comparatively lower costs than conventional telephony, voice over IP is poised to be the next killer app, with projected market sales of $10 billion. And where the packets go, spam will follow.
Imagine coming to work Monday morning to find a voicemail box filled with dozens of spam messages. You'll have to sift through low-rate mortgage pitches, Nigerian money-laundering offers and ads for manhood enlargement pills just to get to your assistant's message that he's calling in sick.
In today's market, typical security managers are saying, "No problem! We've got spam licked." Boy, are they wrong.
Content analysis of voice data is extremely difficult, since anything that introduces latency will disrupt the technology, which is already highly dependent on quality of service. Inline Bayesian filtering will simply break the app.
Spammers are quite content hijacking innocent users' machines to relay messages, thus creating a lively market in open relays and tools that identify open relays. If we're not careful with the security VoIP rollouts, we might wind up solving the telemarketers' problems, too, and even our home phones won't be safe. If VoIP plunges long-distance costs to zero, telemarketers can outsource their call centers to countries where the cost of labor is cheap and there are no laws against waking you up at 3 a.m. for a sultry Levitra pitch.
So, what are we going to do about it?
If we follow our usual emerging technology deployment trends, VoIP will be rolled out without any security features. Then, a year or two after the problem becomes intolerable, we'll be deluged with products trying to solve an issue that should have included a built-in solution from the start.
One obvious up-front solution is to keep external traffic from bypassing your firewall to your VoIP systems. If you're using VoIP to keep interoffice telephone costs down, keep it internal. Whatever you do, take advantage of any and all access controls features offered by your VoIP proxy.
Because VoIP is still fairly expensive and not widely deployed, hackers haven't had a chance to go over the protocols and implementations with a fine-tooth comb. But, rest assured that they will, and they will find vulnerabilities. The very design of the conventional telephony call setup leaves a lot of room for disaster, what with proxy relays calling other proxy relays for availability mapping.
Remember the basics of security: Default to the tightest configuration available initially, then gradually open things up when security issues and defenses are better understood.
One possible future for VoIP looks a lot like conventional phone networks: Large carriers support hundreds of thousands of captive customers, and customers are afforded whatever protections the carrier puts in place to protect its own bandwidth and systems--the customers are only spammed by their carrier's marketing division.
Does that vision of VoIP phone security sound like progress to you? Me neither.
About the author:
Marcus Ranum is a senior scientist at TruSecure Corp. and the author of The Myth of Homeland Security (Wiley, 2003).
This was first published in October 2004