Upload
c88888888
View
220
Download
0
Embed Size (px)
Citation preview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 1/16
ession 1.4
IP Telephony Security
Overview
At the end of this session, you will be able to
•
Understand traditional PBX security• Describe Phreaking and how it is relevant
today
• Describe IP telephony security and how itdiffers
• Understand the different types of securitythreats
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 2/16
Traditional PBX Security
•
Traditional Telephony Proprietary hardware and software
!ot generally connected to the data network or the
Internet
Protected the voice syste" fro" the traditionalsecurity issues endured by data syste"s
Traditional PBXs were i""une to viruses, data
outages and bandwidth restrictions
#$ and ad"inistration was done bytrained%certified personnel only
&ini"al access to #$ 'du"b ter"inal or P(
e"ulator progra"s)
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 3/16
Traditional PBX Security Issues
• !on-Technical $upport Typically the decision-"aker had a non-telephony
background
Usually the re.uire"ents of the location were"ini"al, so phone syste" "anufacturer was the
flavor of the day+ /ith nu"erous phone syste"s to support, usually no
one individual or s"all group could "anage all thephone syste"s
(reated dependency on integrators to provide
support+ 0educed ability to apply standards
1ack of security standards and adherence
Dependent upon skill set and desire of integrator
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 4/16
Leaky PBX
• $ecurity proble" that allows the ability to
place call into PBX and shutdown P$T!
access or2
• 34ternal users break into a phone syste"
and "ake calls for free which is referred toas toll fraud Toll fraud could go unnoticed for long periods of ti"e
because invoices are not always reviewed closely (o"panies could lose tens of thousands of dollars
before the proble" was resolved
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 5/16
Phreaking
•
Ter" used to describe 5hacking6 oftelephones, telephone co"panies and PBX
syste"s connected to the P$T! Phreak (o"bination of phone and freak
Also could be short for fre.uency
• 7istory 3arliest recorded abuse started in the *89:s
&odern day 5phreaking6 started in *8;:s
3arly phreaks developed an understanding of how the
phone syste" worked by trial and error
Phreakers are still active today but "ost people find
hacking of data syste"s on the Internet "ore interesting
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 6/16
Captain Crunch Whistle
• <ree whistle in cereal created a 9=::7> tone• Used to hack PBX syste"s by calling into a PBX
and blowing the whistle into the phone receiver
•
This allowed control of older phone syste"s thatworked on $ingle <re.uency controls
• Another long whistle reset the line
• It is then possible to dial a phone nu"ber with
groups of whistles 'a short one for a ?*?, twoshort ones for a ?9?, etc+) and "ake outbound
phone calls
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 7/16
IP Telephony Security
• (o"panies are now i"ple"enting IPtelephony syste"s and services that
connect to their data networks
• IP telephony "ust be part of the ITinfrastructure and "anaged as such
• IP telephony "ust be "anaged and
secured like any other application on thenetwork
• 7ow is this acco"plished@
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 8/16
IP Telephony Security
• Initially hackers had little interest in attackingIP telephony syste"s
• /ith broader acceptance new security threats
have arisen
• $a"e attacks used against the data
environ"ent can i"pact IP telephony iruses
/or"s Troan horses
• If the data network is co"pro"ised a co"pany
can lose both voice and data co""unications
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 9/16
Types of IP Telephony Threats
• Unauthori>ed access Unauthori>ed connection to the data network used for
"alicious purposes
•
Address spoofing IP address spoofing is the action of generating IP
packets with a fake source IP address in order to
i"personate other syste"s or to protect the identity of
the sender
• Packet capture The act of capturing IP packets on the data network to
illegally gain access to infor"ation 'voice calls)
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 10/16
Types of IP Telephony Threats
•
Toll fraud To gain access of a IP phone syste" for the sole
purpose of "aking illegal phone calls to the P$T!
• Denial of $ervice
A concerted "alevolent effort by a person or personsto prevent a service fro" functioning efficiently either
te"porarily or indefinitely
• #$ Application irus and Troan 7orse IP telephony #$ or applications are susceptible to
attack by a virus or Troan 7orse like any other
co"puter on the network
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 11/16
Types of IP Telephony Threats
•
(aller Identify $poofing (aller ID spoofing is when a caller pretends to be
so"eone else by falsifying the nu"ber or na"e
that appears on the recipientCs caller ID display
• 0epudiation A repudiation attack happens when an application
or syste" does not adopt controls to properly track
and log users action
This per"itting "alicious "anipulation or forgingthe identification of new actions+
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 12/16
acker !ccess to IP Telephony• Physical network access
Unsecured access to the data network to disruptservice
Access to data closets and network e.uip"ent
Access to network device #$
• #pen T(P%IP ports IP ports that are not secured and can be
attacked using different progra"s that have the
potential to cause syste" disruption
(an be attacked internally or fro" the Internet
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 13/16
acker !ccess to IP Telephony• /eak #$ and syste" passwords
/eak security allows hackers direct access to#$ and IP telephony applications
(o"panies have lack of password policies
/hen people leave the co"pany userna"es
and passwords on network and IP telephonysyste"s are not changed
• #pen or inade.uate security on the
wireless network /ireless allows access fro" outside of building
/eak or no security policies in place
Think of it as having (AT; data network ports
located in the parking lot$ession *+ IP Tele hon $ecurit #verview
IP T l h S it
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 14/16
IP Telephony Security
Su""ary
• IP Telephony $ecurity Advantages <ewer syste"s to support
reater prevention of Toll <raud
reater standardi>ation
0educed endor &anage"ent
I"proved $yste" 0edundancy
0eduction of business risk
•IP Telephony $ecurity Disadvantages $erver based technology
irus ulnerabilities
Intrusion ulnerabilities
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 15/16
ession 1.4 Activity
IP Telephony Packet Capture
#e"onstration and Play$ack
1ab #bectives
• De"onstrate voice packet capturesoftware
• (ollect and asse"ble a voice
conversation• Playback the sa"ple for the class
$ession *+ IP Tele hon $ecurit #verview
8/17/2019 10000274-Session1.4IPTelephonySecurityOverview
http://slidepdf.com/reader/full/10000274-session14iptelephonysecurityoverview 16/16
Session %&' (eview
*+ !a"e three reasons that PBX syste"swere inherently secure+
9+ Describe the "eaning of the ter"Phreaking+
E+ !a"e three typical data networkattacks that can effect an IP telephonynetwork+
+ !a"e three types of IP telephonysecurity threats+;+ !a"e two reasons co"panies have
weak #$ security+
$ession * IP Telephony $ecurity #verview