VoIP tools, attacks could increase threat

By Robert Westervelt, News Editor 12 Nov 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

While Voice over Internet Protocol (VoIP) security may not be the highest priority for many IT security professionals or network administrators, experts are warning that the threat to VoIP communications is increasing.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Patrick Park, network engineer at Cisco and author of Voice over IP Security, said attackers have many different methods and tools for manipulating and intercepting VoIP communications.

A common denial of service (DDoS) attack could cripple a company for hours, but more sophisticated methods exist, Park said. Eavesdropping techniques, call pattern tracking, data mining and data alteration are among the more sophisticated threats to voice and video used in the workplace.

Park, who worked previously as a VoIP security engineer at a VoIP service provider, said he once monitored a VoIP attack originating from Jamaica that eventually overwhelmed the company servers and caused a service blackout for more than an hour. While DDoS attacks are the most common and least sophisticated, more savvy attacks are possible as the threat rises from insiders who have more networking knowledge.

"It's not happening often, but whenever it happens the impact is very serious," Park said. "Whenever servers are compromised or some network is affected, the impact is very serious and that's the biggest problem."

Using sophisticated software, an attacker also has the ability to alter messages or media after intercepting them in the network, Park said. The attack could be used as part of a corporate espionage scheme, but it takes more work because a person must know specific information about the network traffic.

SearchSecurity radio:

"An attacker can see the entire signaling and media stream between endpoints at the intermediary, injecting or replacing data," Park said.

Despite some attacks increasing in sophistication, some VoIP security tools help automate the process and could be used by an attacker, said Dan York, best practices chair for the Voice over IP Security Alliance (VOIPSA).

"Tools bring VoIP attacks into script kiddie land," York said. "Some that will make it as easy as capturing all voice streams out there and putting them into mp3 files."

A program called SIPtap, created by UK-based VoIP expert, Peter Cox, can monitor multiple VoIP call streams, record them and turn them into .wav files. UCSniff, developed by Jason Ostrom, provides a number of tools to assess the security of VoIP calls. The software package has several tools that could be used by an attacker to eavesdrop on calls.

Still, York said until VoIP yields a profit for attackers, the threat of large-scale attacks are minimal. As more companies add VoIP to their call centers, the threat level could rise. There is a solid case for a risk for smaller, focused attacks, he said.

"We'll be seeing more and more people doing interconnection in the next three to five years and that's when it could get interesting," York said.

Most people worry about eavesdropping, but the process of listening in on a phone conversation is difficult, Park said. Despite tools available to attackers that can sniff packets, Park said, the hacker would need to have the tool located in the same broadcasting domain as the IP phone or would need to be on the same media path. Media packets are often encrypted, making intercepted packets useless, he said. The other option an attacker would have is to compromise an access device, such as a switch or router, and forward or duplicate the media packets to a capture device.

"Most VoIP service providers use encryption, either signal or media encryption," Park said. "End-to-end full encryption is the most common way to provide message confidentiality and integrity between communication end points."

York said more work needs to be done. More service providers need to use encryption from premise equipment out to IP networks and on to the PSTN.

Tags: IPsec VPN Security,  Network Protocols and Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IPsec VPN Security Best Remote Access Products How to set up a split-tunnel VPN in Windows Vista What is the difference between a VPN and remote control? A short enterprise VPN deployment guide From the ground up: Creating secure WLANs Can S/MIME, XML and IPsec operate in one protocol layer? How to create a secure network through a shared Internet connection What firewall controls should be placed on the VPN? Best practices for processing financial data through remote servers What ports should be opened and closed when IPsec filters are used? IPsec VPN Security Research Network Protocols and Security Expert calls SSL protocol vulnerability a non issue How to prevent phishing attacks with social engineering tests How SSL-encrypted Web connections are intercepted DNSSEC deployment challenges can be overcome Microsoft issues SMB vulnerability advisory, patch pending Microsoft repairs Windows media, TCP/IP vulnerabilities How to test IPv6 infrastructures DNSSEC deployments gain momentum since Kaminsky DNS bug Kaminsky interview: DNSSEC addresses cross-organizational trust and security How to create secure Windows FTP automation

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Internet Key Exchange  (SearchSecurity.com) network encryption  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary