VoIP is well known among carriers and service providers as a powerful enabler of new services, as well as a cost-reduction mechanism. The technique of using IP peering to pass VoIP traffic was initially deployed between carriers to expand market presence globally, increase potential customers and deliver new services. As time progressed, however, IP connections developed to the point that they could become more than just access service providers and were enhanced to reach consumers via DSL and cable. As a result, carriers were able to deliver high-demand, IP-based triple-play services (TV, phone, Internet access).
Today, network operators are turning to direct IP-trunk connections to deliver carrier-class business services across a range of business environments, from large enterprises to small and medium-size businesses.
As the benefits of VoIP were realized by not only carriers but also enterprises, VoIP has quickly replaced legacy telephone systems in some of the world's largest organizations. And, as with many popular technologies, as VoIP's adoption has spread, it has become a prime target for security breaches, attacks and system vulnerabilities.
What's threatening VoIP?
The security risks to VoIP deployments are vast. To ensure the best possible protection against current and emerging threats to this technology, businesses must understand where risk exists and audit their current security practices to address any system vulnerabilities that could allow these risks to be exploited. The following is an overview of the primary threats to current VoIP deployments.
Toll fraud. Savvy hackers can piggyback off the enterprise VoIP network to conduct several nefarious activities, including breaking through to the carrier's system to make free phone calls; infecting the network with viruses and stealing confidential company information, such as billing details.
Lack of authentication exploitation. On an IP-based network, it is possible to assign ownership and access privileges over specific phones lines. However, without proper end user authentication, it is easy for an individual to hijack a colleague's line and place calls as that person or gain access to a line with higher authority or systems rights. The potential risk associated with any of these scenarios can lead to reputation damage, legal ramifications or information theft.
Drains on corporate bandwidth. By exploiting the VoIP network, there are many ways in which attackers can impact corporate bandwidth, and many of these can be crippling to overall operations. Attackers can launch internal denial of service (DoS) attacks that have varying impacts on network bandwidth. For example, a DoS attack against the IP network can target just the voice network, flooding the system with calls, or it can also target traffic that impacts the quality of service for legitimate users.
Limited encryption. In a VoIP system, standard calls are open text, so it is easier for a nefarious individual to intercept call setup and content information and obtain the significant details of a given conversation. It is important that organizations mitigate this risk with strong encryption, especially for certain phone lines over which confidential information will be exchanged, for example, between the CEO and the CFO.
Best practices for securing VoIP networks
Here are some of the most commonly asked questions about designing a security plan for VoIP networks.
Where to begin?
Most organizations have developed security best practices and policies, but these policies are often not extended to cover protection of the IP network. Because there are specific issues that must be addressed to ensure VoIP is adequately protected, enterprises must also conduct a risk audit that will provide them with the information needed to secure the VoIP network.
Today, there is excellent guidance readily available to CSOs and CISOs from standards bodies (ANSI, 3GPP, ETSI, ISO), industry consortia (VoIP Security Alliance) and government agencies (NIST) on how to define and augment existing security practices to support VoIP and other session-style traffic (IM, video) in the enterprise. In many cases, the proposed best practices may already be in place, and additional investments may be as simple as extending the existing corporate security policy. Another possibility is an infrastructure change based on a VoIP-aware vulnerability assessment of all core network elements, includingswitches, routers and firewalls. Once a policy is created or updated and associated risks are identified, there are multiple paths for information security managers to take to meet their goals.
What are the options?
As in the pure data-only world, VoIP security can be achieved either through internal sources or via managed outsourcing. Carriers are beginning to offer to both enterprise-level customers and small or medium-size businesses the option of outsourcing the provisioning, deployment and ongoing monitoring of VoIP equipment on their behalf. VoIP elements such as Class 5 feature servers, registrars, IP PBXs and the network border switches (or firewalls) can be managed either at the customer premise or as a hosted service, with these elements residing in the carrier's administrative domain. Often this boils down to a matter of scope, cost and resource constraints on the end user's side.
For those businesses that plan to manage security internally, they can extend their existing infrastructure while maintaining a layered, defense-in-depth approach. The first component deployed is often a secure IP-edge element, such as a network border switch. The network border switch represents the evolution of legacy session border controller (SBC) appliances by their integration of security, call control, media support, scalability and performance.
In this role, the network border switch provides enterprises with their first line of defense on the perimeter at network demarcation points. These points relay between the enterprise and the carrier peering partner. These elements not only defend the core enterprise network from VoIP related intrusions, but they also provide policy-based control over IP voice sessions, basic signaling protocol (SIP, H323, SIP-I) interworking, QoS (quality of service), bandwidth management of media streams and advanced media services, such as audio codec transcoding and FAX support.
The network border switch's role becomes even more important as enterprises with multiple locations become more vulnerable to DoS attacks by interconnecting via the public Internet to carry both external and intra-company VoIP traffic, in lieu of dedicated connections. In this scenario, enterprises can mitigate risk by implementing a split DMZ-style topology for VoIP elements front-ended with an SBC. This deployment can be used to protect the VoIP network, similar to solutions used to secure Web server farms and database systems from DoS attacks..
As you look to protect the network from the inside out, it is important to recognize that although built on IP, VoIP network elements such as provisioning systems, billing systems, SIP servers and IP PBXs share common vulnerabilities with their non-VoIP counterparts. This is because these systems are based on commercial, off-the-shelf (COTS) items, such as commodity operating systems (Solaris, Linux, Windows) that run on general-purpose computers. Other COTS components may be protocol stacks (TCP/IP) from OEMs that are embedded in proprietary platforms. As such, vulnerabilities may exist, but protection against intrusions and exploits can be mitigated by proper hardening, just as their non-VoIP counterparts are provisioned today.
In addition to these traditional weaknesses, VoIP-specific vulnerabilities such as SIP protocol stack corruption may exist, as well. These threats can be mitigated by many of the same general techniques used for protection at the lower layer. Given the session state nature of SIP, organizations need a class of session-aware devices, such as the SBC described earlier, to provide the edge protection not provided by firewalls, ACLs and VoIP exploit signature matching by IDS/IPS.
Another technique that businesses should consider is placing VoIP phones on separate, secured VLANs to protect against unauthorized devices that may eavesdrop on internal communication and lead to theft or fraud. Additionally, to further protect against these breaches, VoIP devices should also be isolated so inbound and outbound traffic is limited and can be easily controlled by a call manager. Businesses should also implement encryption technology to secure calls that travel over public networks to prevent the fraudulent use of VoIP, including authentication exploitation and theft.
As with other technologies, when implementing an enterprise VoIP security offering, the ability to protect the whole network, not just provide a secure edge, is crucial. Once again, this implies the need for a documented VoIP security policy, architecture and technology selection to build a defense-in-depth layered approach. Collectively, these features form the foundation for a holistic VoIP security solution that will ensure all enterprises are adequately protected from existing and future threats to the networks.
Bob Bradley is product line manager of security solutions for Sonus Networks, a leading provider of carrier-class IP-Voice infrastructure solutions.
This story, "Practical tips for mitigating VoIP security risks" was originally published by CSO.