igor - Fotolia
I read that the voice media stream can be used as a channel to conduct VoIP data exfiltration. Can this be accomplished and, if so, how can I protect against it?
Here's the bad thing about computers and networks: Practically anything can be done to wreak havoc if ill-intent and technical means exist.
Data exfiltration can be carried out over traditional Voice over Internet Protocol (VoIP) protocols using a proof-of-concept code (such as data-sound-poc) that converts data files to their sound equivalent before being transmitted outside the network. Many VoIP applications such as Skype and Google Hangouts provide direct file transfer capabilities.
As far as protecting against such attacks, security teams need to be monitoring outbound network traffic for anomalies -- something likely best served using advanced technologies such as a next-generation firewall or intrusion prevention system. If you're technically advanced, you can also use a traditional network analyzer such as OmniPeek or Wireshark to monitor this traffic for anomalies such as unusual bandwidth usage. The difficulty here lies in the fact that you're going to have to know what to look for and -- in the case of encrypted traffic -- you might not see anything odd at all.
In the end, you're likely better served by monitoring the data itself using data loss prevention and good old-fashioned security basics such as strong passwords and well-thought-out share and file access permissions.
Ask the Expert!
Want to ask Kevin Beaver a question about network security? Send your questions now via email! (All questions are anonymous.)
Uncover a number of VoIP security best practices
Learn how to tackle VoIP security risks
Quiz your knowledge on VoIP security threats
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Kevin Beaver
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading