With the continuing pressure to reduce fixed costs within business, enterprises and small- and medium-sized businesses (SMBs) are looking at Voice over IP (VoIP) as an opportunity for cost savings. There is increasing data verifying that the use of IP as a common transport for data and voice will provide a foundation for existing services such as voice traffic, and be a vehicle for new applications in the future such as presence and video.
Soft clients, powerful multi-function handheld devices, IP-enabled wireless networks within an enterprise, SIP-enabled handsets, and IP PBXs are becoming more pervasive in enterprise networks. Network managers are being asked to implement these new networks to provide top-quality services, without compromising network integrity. But with the introduction of any new IP device into the local network, there are security vulnerabilities that organizations must not only be aware of, but well prepared for.
VoIP security trends ... something old, something new
The security challenges in 2009 are mostly known vulnerabilities, but there are some new twists. The majority of these vulnerabilities were first discovered by carriers as they deployed VoIP in 2002 in search of cost savings in the delivery of services such as long distance. Today, there are solutions, both technical and procedural, that can mitigate these potential exploits. These solutions can be deployed directly by large enterprises, potentially servicing thousands of remote locations, or can be delivered as a managed VoIP/security service to smaller businesses. Here's a sampling of how enterprises can implement a robust, reliable and secure network to address the most pressing threats:
Threat #1: DoS/DDoS attacks
An old favorite of the hacker community, these attacks come at various protocols levels e.g. IP layer, SIP layer, etc; and are used to consume bandwidth and resources, especially in elements located on the edge of the network. These types of attacks can also affect other customers attempting to make calls.
To ensure proper mitigation in a large enterprise network, organizations need an enterprise-class solution that is designed specifically to scale in order to manage the influx of activity at the edge of the network. This scalability is critical, because it ensures the secure edge element itself does not become overwhelmed when treating the attack, otherwise it becomes a DoS agent itself. For SMBs, there are comparable products that can be deployed on-site or as part of a hosted service, protecting the SIP trunk to their premise-based IP PBX.
Threat #2: "I know what you said last summer"
Individuals with snooping tools can pick up or eavesdrop on voice calls on core networks. A popular eavesdropping location is an unsecured network connection from a VoIP provider MPLS backbone using SIP trunking to a SMB's LAN.
To mitigate this risk within the local network and maintain call privacy, virtual LANs (VLANs) can be used to segregate traffic and/or encrypt media streams to the enterprise edge. Many SIP-based endpoints such as an integrated access device (IAD) or an IP PBX support "built-in" encryption of signaling (TLS - Transport Layer Security or IPSec) and media (Secure RTP) can also address this possible vulnerability.
Threat #3: Lack of hardening VOIP elements by vendors
Many of the elements in an enterprise VOIP network (IP PBXs, feature servers, interactive voice response (IVR), voicemail systems, provisioning systems, SIP proxies, smart phones, etc) use commodity operating systems such as Windows, Solaris, and Linux and, as such, are subject to O/S specific vulnerabilities such as viruses and malware.
All elements in an enterprise VOIP network must be properly hardened and customers should demand vendor verification of the hardening prior to purchase. This is a "best practice" well understood in the data world and is equally applicable when adding IP based voice elements to the mix. It's a little more work on the customer's side but well worth the effort and peace of mind in the long run.
Threat #4: Follow Systems operation "best practices"
A recent Internet search of one IP PBX vendor which was directly connected to the Internet revealed a number of systems that could be logged into because the default passwords were not changed. This can have unnecessary consequences for the IP-network.
This is a simple threat that can be easily avoided by taking the time upfront to change factory default passwords when new systems are installed. And, as mentioned earlier, any VoIP element based on commodity operating systems must be hardened, unnecessary services disabled and unused ports closed. Additionally, it is imperative to perform security related event logging for auditing purposes and traceability to ensure ongoing network integrity. Once again, common sense should prevail and this process won't break the bank to execute on.
Threat #5: Vhishing and SPIT and unwanted calls, oh my!!
Just like unwanted email vis-à-vis SPAM, it is easy for a hacker to set up multiple systems or "bots" to blast calls to a VoIP phone with ease. This phenomenon is known as SPITing spam over internet telephony. Additionally, hackers can also use the tactic of vhishing as an attempt to "spoof" end users into surrendering personal information such as credit card numbers, bank accounts, social security numbers, etc., under the guise of needing this info for a legitimate reason.
The same precautions should be taken with phones calls as is taken when individuals fill in forms for on-line Web-based purchases and are careful not to give out such information without proper identification. There are evolving techniques to block unwanted calls and address this threat. Device and user authentication is one measure that enables network mangers to determine that the call is coming from a legitimate firm and authorized agent, minimizing risk.
Threat #6: Free rides
The ability to make free VoIP calls across a carrier's network (toll fraud) can be achieved a number of ways, including spoofing a legitimate user, intercepting their call, or hijacking one end of the conversation. From there the hacker can have a VoIP device start sending media into the network with proper call setup (Rogue media). Another example of a "free ride" is when a SIP end point simply starts sending media to a destination without any authenticated call setup at all. Rogue calls not only mean lost revenue for the carrier but there is also no assurance that these calls are simply being made to avoid payment; they may be made for clandestine reasons and the caller does not want to leave any traceability or records of the call, putting the organization in a sensitive position.
There are a number of techniques to mitigate these free call attempts such as Rogue RTP protection in a secure edge element as well as caller authentication using digital certificates that can be done at the network edge to stop this practice.
VoIP: Protecting from the Inside Out
In addition to the solutions explored above, there are a host of solutions available to help manage a broad range of the potential threats against IP-enabled phones. Traditional techniques used to protect and harden web servers, database systems and email systems will certainly help, but there are also a set of carrier-class border control solutions that will help organizations manage security threats from the core of their networks all the way to the access points, where many of the above mentioned threats occur. When evaluating border control solutions enterprises should a newer generation of this technology that provides increased scalability and robust features.
Organizations can obtain a carrier grade network border solution that can easily provide enterprise-reliability and scalability to ensure constant, dependable security for both existing and emerging threats. Deploying these next generation solutions, many of which are already proven globally in carrier environments, can also provide value added services such as media management and telco grade "five 9s" reliability not found in legacy session border controllers (SBC). With these solutions in place, enterprises and SMBs can move with greater confidence to next generation networks providing unified communications (UC) for employees both on and offsite.
In assessing all these of threats and solutions it's also important for enterprises to understand that there are evolving specifications and deployment frameworks coming from the standards communities such as SIPconnect and the SIP Forum. These standards specify options for how enterprise/ provider SIP trunking should interoperate and be secure e.g. using TLS for encryption. In 2009, we'll see continued acceptance in the VoIP vendor community to adhere to such frameworks, making enterprise VoIP connections easier to administer and secure. Enterprises should query their VoIP vendors as to their support of key frameworks such as SIPconnect.
As VoIP deployments become more prevalent, security threats will continue to raise issues for today's enterprise. But, if these organizations remain educated on specific threats and solutions relevant to their business they will be in a stronger position to stop them from permeating into larger issues. Additionally, Enterprises should evaluate their business goals closely when considering new solutions and align all their selections in accordance with meeting those objectives. With these considerations taken, enterprises, SMBs, and their network managers can move with greater confidence to IP-enable next-generation networks, providing unified communications (UC) for employees both on and offsite.
Bob Bradley is product line manager of security solutions for Sonus Networks, a leading provider of carrier-class IP-Voice infrastructure solutions. He can be reached at firstname.lastname@example.org.