Every organization considering a Voice over Internet Protocol (VoIP) telephone system deployment hears the same dire warnings: “Routing voice calls over a data network exposes calls to eavesdropping.”
It is absolutely possible to eavesdrop on a VoIP telephone call. It’s also possible to eavesdrop on a telephone call placed using the traditional public switched telephone network (PSTN). The difference lies in the tools and skill set needed to conduct the eavesdropping.
While it’s certainly true that any telephone call carries a certain degree of eavesdropping risk, is it true that VoIP calls have an inherently higher degree of risk? In this tip, we explore the ins and outs of VoIP eavesdropping.
VoIP eavesdropping is possible
First, it’s important to be clear about one thing: It is absolutely possible to eavesdrop on a VoIP telephone call. It’s also possible to eavesdrop on a telephone call placed using the traditional public switched telephone network (PSTN). The difference lies in the tools and skill set needed to conduct the eavesdropping.
On a traditional telephone network, someone seeking to eavesdrop on a call generally must have physical access to either the telephone or telephone cable, at least at the initiation of the attack. This type of attack is typical in the movies. Whether it’s the good guys or the bad guys conducting the eavesdropping, someone gains access to either a telephone handset or the telephone network interface box -- sometimes located outside a home or office -- places a wiretap listening device on the box, and then monitors calls on an ongoing basis.
Prospective VoIP eavesdroppers follow the same general procedure, but make use of different tools. The first requirement is access to the medium carrying the voice calls. This can be achieved by compromising a VoIP telephone, a workstation running a softphone device or a component of the VoIP network infrastructure, such as a network switch or cable. Next, the attacker must use software tools to capture the traffic on the network. Akin to the wiretapping device in a traditional eavesdropping attack, network sniffing tools, such as the open source Wireshark, capture all of the data packets traversing the network and either analyze them live, or write them to a file for offline analysis.
Finally, the attacker needs to be able to make sense of the captured data. This requires a translator that can convert the data packets back into a voice conversation. Again, there are free tools available online, such as VOMIT and VoIPong, that facilitate this task.
Switch security is essential
One of the most important things that network administrators can do to reduce VoIP risks such as eavesdropping is to apply basic security controls to network switches. While endpoint security is important, the network switch is the point where traffic is aggregated. Widespread eavesdropping attacks possible through the malicious use of a switch’s span port, which can mirror all traffic traversing the switch, as opposed to the voice traffic from a single endpoint.
Here are some switch management best practices that can help to protect this vital component of network infrastructure.
- It’s important to ensure the switch is physically secured within a locked closet and has the appropriate access controls. If an attacker is able to gain physical access to a switch, all bets are off.
- Organizations should use a separate network for the management of switches and other critical infrastructure devices. It shouldn’t be possible for an attacker who gains access to one general purpose network to attempt to gain access to the management port of a network device.
- Organizations must update switch firmware as frequently as possible in order to patch known vulnerabilities corrected by the vendor.
Naturally, there’s much more to secure switch management than this basic advice. For more information, read our switch security tips.
Encryption greatly mitigates VoIP risks
Encryption is also a powerful weapon that can be found in the VoIP security arsenal. All major providers of VoIP gear now offer encryption capability, an approach that uses cryptographic techniques to obscure the communication that takes place between endpoints. An eavesdropper who manages to intercept a voice communication with a network sniffer is unable to decipher encrypted calls without access to the corresponding decryption key.
Before deploying VoIP encryption, be sure to study the effect it might have on the quality of service provided on your network. Encryption requires large amounts of computing power and it is possible that it could degrade the quality of calls on your network if not properly implemented by the manufacturer. That said, encryption is a feature enterprises should consider deploying, especially for lines that are likely to carry highly sensitive information.
If an organization decides to use encryption as a security measure on its network, the need to use sound encryption key management practices can’t be overlooked. An eavesdropper who gains access to an enterprise’s encryption keys can easily decipher voice traffic. For more on this topic, read: Securing VoIP networks: Key management mechanisms.
In my opinion, a properly secured VoIP environment is no more risky than a traditional telephone system. With a combination of solid network security and properly deployed encryption, you can safely leverage VoIP technology in your organization.
About the author:
Mike Chapple, Ph.D., CISA, CISSP, is an IT security professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity.com, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.
This was first published in December 2011