Chapter 1: Working with VoIP

Cisco Press

1 2 Page 2
Page 2 of 2

VoIP Benefits

The reason for the prevalence of VOIP is that it gives significant benefits compared to legacy phone systems. The key benefits are as follows:

  • Cost savings—The most attractive feature of VoIP is its cost-saving potential. When we move away from public switched telephone networks, long-distance phone calls become inexpensive. Instead of being processed across conventional commercial telecommunications line configurations, voice traffic travels on the Internet or over private data network lines.

  • For the enterprise, VoIP reduces cost for equipment, lines, manpower, and maintenance. All of an organization's voice and data traffic is integrated into one physical network, bypassing the need for separate PBX tie lines. Although there is a significant initial setup cost, significant net savings can result from managing only one network and not needing to sustain a legacy telephony system in an increasingly digital and data-centered world. Also, the network administrator's burden may be lessened as they can now focus on a single network. There is no longer a need for several teams to manage a data network and another to manage a voice network.

    For consumers, VoIP reduces the charge of subscription or usage, especially for long distance and international calls.

  • Rich media service—The legacy phone system mainly provides voice and fax service even though limited video service is possible. However, the demand of users is much higher than that, as shown in today's rich media communications through the Internet. People check out friends' presence (such as online, offline, busy), send instant messages, make voice or video calls, transfer images, and so on. VoIP technology makes rich media service possible, integrating with other protocols and applications.

  • Rich media service not only provides multiple options of media to users, but also creates new markets in the communications industry, such as VoIP service in mobile phones.

  • Phone portability—The legacy phone system assigns a phone number with a dedicated line, so you generally cannot move your home phone to another place if you want to use the same phone number. It is a common hassle to call the phone company and ask for a phone number update when moving to a new house. However, VoIP provides number mobility: The phone device can use the same number virtually everywhere as long as it has proper IP connectivity. Many businesspeople today bring their IP phones or softphones when traveling, and use the same numbers everywhere.

  • Service mobility—The context of mobility here includes service mobility as well. Wherever the phone goes, the same services could be available, such as call features, voicemail access, call logs, security features, service policy, and so on.

  • Integration and collaboration with other applications—VoIP protocols (such as Session Initiation Protocol [SIP], H.323) run on the application layer and are able to integrate or collaborate with other applications such as email, web browser, instant messenger, social-networking applications, and so on. The integration and collaboration create synergy and provide valuable services to the users. Typical examples are voicemail delivery via email, click-to-call service on a website, voice call button on an email, presence information on a contact list, and so on.

  • User control interface—Most VoIP service providers provide a user control interface, typically a web GUI, to their customers so that they can change features, options, and services dynamically. For example, the users log in to the web GUI and change call forwarding number, speed dial, presence information (online, offline), black/white list, music-on-hold option, anonymous call block, and so on.

  • No geographical boundary—The VoIP service area becomes virtualized without geographical limit. That is, the area code or country code is no longer bound to a specific location. For example, you could live in South Korea but subscribe to a U.S. phone number, which makes it possible that all calls to the U.S. become domestic calls (cheaper) even though you live in South Korea.

  • Rich features—VoIP provides rich features like click-to-call on a web page, Find-Me-Follow-Me (FMFM), selective call forwarding, personalized ring tones (or ringback tone), simultaneous rings on multiple phones, selective area or country code, and so on.

Now that you are aware of many of the benefits, the next section takes a look at several disadvantages.

VoIP Disadvantages

The benefits of VoIP do not come free of charge. There are significant disadvantages for using VoIP, as follows:

  • Complicated service and network architecture—Integrated rich media services (such as voice, video, IM, presence, and fax) make it difficult to design the service and network architecture because many different types of devices for each service are involved, as well as different protocols and characteristics of each media. Rich features (such as click-to-call and FMFM) also make the architecture more complicated because many different applications (such as web and email) and platforms are involved. This complication requires extra time and resources when designing, testing, and deploying. It also causes various errors and makes it harder to troubleshoot and isolate them.

  • Interoperability issues between different protocols, applications, or products—There are multiple VoIP protocols (such as SIP, H.323, Media Gateway Control Protocol [MGCP], and Skinny), and product companies who choose whatever they like when developing products, which means there are always interoperability issues between the products that use different protocols. Even between the products using the same protocol, interoperability issues still come up because of different ways of implementation, different versions (extensions), or different feature sets. Therefore, it is common for VoIP service providers to spend a significant amount of time and resources for testing interoperability and resolving the issues.

  • Quality of service (QoS) issues—Voice and video streams flow over an IP network as real-time packets, passing through multiple networks and devices (such as switches, routers, firewalls, and media gateways). Therefore, ensuring QoS is very difficult and costs lots of time and resources to meet the user's expectations. The main factors in QoS are packet loss, delay (latency), and jitter (packet delay variation).

  • In a comparison of VoIP QoS versus traditional circuit switched networks, Sinden2 reported data from a Telecommunications Industry Association (TIA) study that showed even a fairly small percentage of lost packets could push VoIP network QoS below the level users have come to expect on their traditional phone lines. Each coder-decoder (codec) the TIA studied experienced a steep downturn in user satisfaction when latency crossed the 150-ms point. However, even with less than 150 ms of latency, a packet loss of 5 percent caused VoIP traffic encoded with G.711 (an international standard for encoding telephone audio on a 64-kbps stream) to drop below the QoS levels of the PSTN, even with a packet loss concealment scheme. Similarly, losses of 1 and 2 percent, respectively, were enough to place quality in VoIP networks encoded with G.723.1 (for very low bit-rate speech compression) and G.729A (for voice compression on an 8kbps stream) below this threshold. At losses of 3 and 4 percent, respectively, the performance of these networks resulted in a majority of dissatisfied users.

  • Power outages—Legacy home phones continue to work even during a power outage because the phone line supplies 48 volts constantly. However, VoIP phones use regular data network lines that do not provider power in most cases, which means you cannot use VoIP phones during power outages. Of course, there are inline power solutions (such as Power over Ethernet), but these are mainly for enterprise environments.

  • Emergency calls—Unlike legacy phone connections, which are tied to a physical location, VoIP allows phone portability as described in the previous section, which is convenient for users. However, the flexibility complicates the provision of emergency services like an E-911 call, which provides the caller's location to the 911 dispatch office based on the caller ID (phone number). Especially for users using softphones on their mobile computers, E-911 service is almost impossible unless the users notify the service provider of their physical location every time they move. Although most VoIP vendors have workable solutions for E-911 service, government regulators and vendors are still working out standards and procedures for 911 services in VoIP environment.

  • Security issues—In a legacy phone system, the security issue is mainly intercepting conversations that require physical access to phone lines or compromise of the office PBX. In VoIP, based on open or public networks, security issues are much more than that. Between a caller and callee, many elements (such as IP phones, access devices, media gateways, proxy servers, and protocols) are involved in setting up the call and transferring the media. Each element has vulnerable factors that are targets for attackers. The next few sections provide examples.

  • Legal issues (lawful interception)—Legal wiretapping in VoIP, also called lawful interception (LI), is much more complicated than that in legacy phone systems, because of the complexity of VoIP service architecture. For the details, refer to Chapter 10, "Lawful Interception Fundamentals."

Among these disadvantages, the security issues are becoming more serious because traditional security devices (such as firewalls and Intrusion-Detection Systems) and protocols (such as encryption) cannot protect VoIP services or networks from recent intelligent threats.

The following sections look into the vulnerability from the following aspects:

  • What are the sources of vulnerability?

  • What are the vulnerable components?

  • What do people misunderstand about the vulnerability?

Sources of Vulnerability

VoIP has two types of vulnerability. One is the inherited vulnerability coming from an existing infrastructure such as the network, operating system, or web server that VoIP applications are running on. The other is its own vulnerability coming from VoIP protocols and devices, such as IP phone, voice gateway, media server, signaling controller, and so on.

Basically, these vulnerabilities are derived from the characteristics of VoIP that are shown in Figure 1-2.

Figure 1-2

Sources of Vulnerability

Each source of vulnerability is explained in the following sections.

IP-Based Network Infrastructure

As the name VoIP implies, all traffic flows over IP networks and inherits the vulnerability of IP networks, such as Transmission Control Protocol Synchronization (TCP SYN) attacks, exhaustive floods, malicious IP fragmentation, network viruses, or worms.

Open or Public Networks

In most cases, VoIP traffic flows through open or public networks like the Internet where anonymous people including attackers may send and receive signals or media.

Open VoIP Protocol

Most VoIP protocols, such as SIP or H.323, are standardized and open to the public. Anyone can create client or server programs based on the protocol specification even for malicious purposes. Attackers can utilize the malicious program to communicate with target servers or clients before compromising them. Additionally, the open protocol may expose security weaknesses of the specification, which attackers could take advantage of.

Exposed Interface

A client/server model is the basic architecture of VoIP service. Generally, servers are located in a protected network (the enterprise's or the service provider's), but the interfaces receiving call requests are open to clients that are located in an open or public network. It is possible for attackers to scan random IPs/ports and find the exposed interfaces for sending malicious traffic, such as Denial of Service (DoS), toll fraud, and so on.

Real-Time Communications

Unlike regular data service like email, VoIP services work with real-time media traffic that is very sensitive about packet delay, loss, and jitter (packet delay variation). Even minor packet delay or jitter could be recognized by users and impact the overall QoS. Packet loss also can impact the QoS because VoIP uses User Datagram Protocol (UDP) packets in most cases, and there is no retransmission mechanism.

Mobility

A legacy phone system assigns a dedicated line to a certain phone number and does not provide the users with mobility, It typically requires physical access for an attacker to spoof the identity (the telephone number or line). However, generally, VoIP allows endpoints to be virtually everywhere as long as they have proper IP connectivity, which complicates protection against identity spoofing.

Lack of Security Features and Devices

Although many data security devices like firewalls are adding features for VoIP, it is still not enough to protect VoIP service or network from today's sophisticated threats, compared to regular data security realm.

Voice and Data Integration

Voice (or video) is real-time data in VoIP. The integration of voice and data in the same network gives significant benefits, but it causes new issues; for example, integrating voice and data into a single device (such as a PC) makes it difficult for the network to use network separation (for example, VLANs) to identify "data" traffic and "voice" traffic. VLAN separation is the standard operating procedure for many hard IP phones, but of course does not work well at all when voice and data are integrated.

There are always more sources of vulnerability depending on service types or integrated solutions; however, these are the main sources.

The next section describes the vulnerable components in VoIP service.

Vulnerable Components

All components involved in VoIP service have vulnerable elements that are affected directly or indirectly. The following are VoIP's main components and their vulnerability.

  • Operating system of the VoIP application—VoIP applications run on many different types of operating systems such as Linux/Unix, Microsoft Windows, or real-time operating system (RTOS), and are affected by the vulnerabilities inherent in those operating systems and network code implementations (for example, IP and TCP). The frequent security patches for the operating systems prove that they always have security issues.

  • VoIP application—There are many different types of VoIP applications; for example, softphones (Skype, Google Talk), instant messengers (AOL AIM and MSN Messenger), call managers, softswitches, and so on. The application itself may have security issues because of bugs or errors, which could make VoIP service insecure.

  • Management interface—For management purposes, most VoIP devices have service interfaces such as Simple Network Management Protocol (SNMP), Secure Shell (SSH), Telnet, and HTTP. The interfaces could be the source of vulnerability, especially when being configured carelessly. For example, if a VoIP device uses a "public" community name in SNMP, an attacker can get valuable information (for example, configuration) by using SNMP queries. If a VoIP device uses the default ID/password for its management interface, it is easy for an attacker to break in.

  • TFTP Server—Many VoIP devices, especially customer premise equipment (CPE), download their configurations from a TFTP server. An attacker could sniff the packets and gather the server information. Or, an attacker could impersonate a TFTP server by spoofing the connection, and then distribute a malicious configuration to the CPE.

  • Web client/server—Many VoIP applications are embedded into a web client (that is, a browser) to provide web services (for example, click-to-dial service, corporate directory lookup, and timecard services). These services inherit the vulnerability of web client/servers, such as malicious code or worms.

  • Access device (switch, router)—All VoIP traffic flows through access devices (Layer 2 and 3 switch or router) that are in charge of switching or routing. Compromised access devices could create serious security issues because they have full control of packets. Even minor wrong configuration could be a potential security hole. For example, an attacker compromises a Layer 2 switch and sets up a monitoring port for a particular voice VLAN. The attacker can capture all VoIP signals and media through the monitoring port without any impact on end users. Another example is that wrong configuration on a Layer 3 router could make an unnecessary broadcasting domain where a potential attacker could sniff broadcasted messages that are used for further attacks.

  • Network—The network itself can be the vulnerable component because of uncontrolled traffic, regardless of malicious or not. For example, the flooded traffic from certain endpoints not only threatens the target server, but also exhausts network bandwidth so that other legitimate traffic cannot go through. The flooded traffic could come from either malicious sources as a part of Denial-of-Service (DoS), or legitimate devices that have wrong configuration or bugs.

  • VoIP protocol stack—Security factors are not much considered when most VoIP protocols (for example, SIP and H.323) are designed. For example, the initial version of SIP (RFC 2543) allows clear-text–based credentials; that is, anyone can see the password as long as they can sniff the packets. The latest version of SIP (RFC 3261) supports the digest format of password (that is, hashed password), but it is still vulnerable to brute-force or dictionary attack. Quite a large number of current threats abuse this kind of security weakness on the protocol. Therefore, these protocols recommend combining with other security protocols (for example, Transport Layer Security [TLS], Secure/Multipurpose Internet Mail Extensions [S/MIME]) when implementing them.

Now that you are aware of the vulnerable components in VoIP, the next section explains some misunderstandings about the vulnerability.

Myths Versus Reality

Certain misunderstandings related to VoIP's vulnerability and protection are common. The following sections describe typical myths and the contrasting reality.

Legacy Versus VoIP Systems

Myth #1: A legacy phone system is more secure than VoIP system.

Reality: Most ordinary people are concerned about privacy issues (typically, wiretapping) when using VoIP devices (such as an IP phone) that are mostly connected to the open or public Internet. It sounds easy for a hacker to sniff the packets and eavesdrop the conversation, but in reality, it is not that easy. The hacker has to have a sniffing tool located in the same broadcasting domain as the IP phone (using switched Ethernet), or on the same media path in order to eavesdrop, which means that it is almost impossible for an external hacker to sniff the packets. Moreover, if the media packets are encrypted, even sniffed packets are useless.

However, wiretapping the legacy phone line is much easier in fact. Even from outside a building, an eavesdropper can physically wiretap the phone line because the phone and the telephone company's equipment do not have any intelligent mechanism of security.

Of course, VoIP has many vulnerable factors, as described in previous sections, but comparing those directly with legacy phone systems is not reasonable because the scope of VoIP service is far more than that of legacy phone service providing voice and fax service only. As mentioned before, today's VoIP provides not only rich media service (such as voice, video, text, presence, and fax) but also integrated services with other applications (such as email, web, and messenger). The complexity creates more vulnerability issues by nature.

When you focus on only voice and fax service, you will see that VoIP is more secure than legacy phone systems as long as it has a basic level of security infrastructure, which is discussed in Part II, "VoIP Security Best Practices."

Protecting Networks Using Strict Authentication and Encryption

Myth #2: Strict authentication and encryption are enough to protect network and end-users against threats.

Reality: Many people, even some network administrators, believe that strict authentication and encryption mechanisms make VoIP service secure enough. Those are important features, but the reality is that those are not enough to mitigate today's sophisticated threats. The typical type of threat is that malicious users or spammers impersonate their endpoints or infect legitimate internal devices with malware (such as viruses or zombies), so that they become authorized users that easily pass the authentication and encryption process. Therefore, they need a comprehensive solution covering multiple aspects of threats.

Protecting Networks Using a Data Security Infrastructure

Myth #3: Data security infrastructure can protect VoIP network.

Reality: Some people believe that secure data networks can protect VoIP as well because VoIP packets flow through IP networks anyway like other real-time data. That's partially right from the network-layer perspective, but there are so many application-layer–specific attacks that typical data security devices (such as firewalls, IDS/IPS) or architecture cannot detect or prevent them. For example, malformed SIP or H.323 messages could threaten the target server when parsing them, but provide no clue to data security devices unless they are looking into the messages in the application-layer. Therefore, additional VoIP security modules, devices, or architecture are necessary on top of the data security infrastructure.

Summary

VoIP has been prevailing in the telecommunication world since its emergence in the late 90s, as a new technology transporting multimedia over the IP network. The reason for its prevalence is that VoIP gives significant benefits compared to legacy phone systems. The key benefits are cost savings, rich media service, phone portability, service portability, integration with other applications, lack of geographical boundary, and rich features.

The benefits of VoIP do not come without cost. There are significant disadvantages for using VoIP, such as complicated service architecture, interoperability issues, QoS issues, power outages, and legal and security issues. Among these disadvantages, VoIP security issues are becoming more serious because traditional security devices (for example, firewalls, IDS/IPS), protocols (for example, encryption), and architectures do not adequately protect VoIP service or network from recent intelligent threats.

There are two types of vulnerability in VoIP. One is the inherited vulnerability coming from an existing infrastructure such as network, operating system, or web server that VoIP applications are running on. The other is its own vulnerability coming from VoIP protocol and devices, such as IP phone, voice gateway, media server, signaling controller, and so on.

These vulnerabilities are derived from the characteristics of VoIP, which uses IP-based network infrastructure, public (or open) networks, standard protocol, exposed interface to the public, real-time communications, mobility, and integration with data.

All components involved in VoIP service have vulnerable elements that affect it directly or indirectly. The main components of vulnerability are the operating system of the VoIP application, the VoIP application itself, the management interface, TFTP server, web client/server, access device (switch, router), network, and VoIP protocol stack.

There are some misunderstandings related to VoIP's vulnerability and protection. The reality is that a VoIP system is more secure than a legacy phone system as long as it maintains a basic level of security infrastructure. Strict authentication and encryption are not enough to protect network and end users against today's sophisticated threats. Secure infrastructure of the data network can help to make VoIP network secure but not enough to protect application-specific attacks.

End Notes

  1.  
  2. Security Considerations for VoIP Systems, NIST (National Institute of Standards and Technology), January 2000.

  3.  
  4. Comparison of Voice over IP with circuit switching techniques, R. Sinden (Southampton University, UK), January 2002.

References

"A Security Blueprint of Enterprise Networks," Cisco Systems, http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.pdf.

"Comprehensive VoIP Security for the Enterprise," Sipera Systems, http://www.sipera.com/assets/Documents/whitepapers/Sipera_Enterprise_VoIP_Security_WP.pdf.

Hersent, O., J. P. Petit, and D. Gurle. IP Telephony (Deploying Voice-over-IP Protocols). Wiley, 2005.

RFC 3261, "SIP (Session Initiation Protocol)," J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler, June 2002.

Copyright © 2007 Pearson Education. All rights reserved.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2009 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
IT Salary Survey: The results are in