Embed Size (px)
DESCRIPTION
null Pune Meet March 2012
Citation preview
An Overview of VoIP Security
-Push
http://null.co.in/ http://nullcon.net/
VoIP…
• Voice over IP• Transmission of “voice” over packet-switched
(data)networks,• Voice analog signals are converted to digital
bits – “Sampled”• Sampled bits are transmitted into Packets
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/
Analog Voice Signals
1010101010101101101101
1010101010101101101101
1010101010101101101101
Internet
1010101010101101101101
1010101010101101101101
Analog Voice Signals
Components Involved…
• Traditional Telephone Networks,• Computer Networks,• VoIP Hardware,• Gateways• Proxy Servers• Redirect Servers• VoIP Software,• IDS – IPS - Firewalls
http://null.co.in/ http://nullcon.net/
VoIP Traffic Factors…
• Latency• Jitter• Packet Loss• Speed / Bandwidth
• QoS….
http://null.co.in/ http://nullcon.net/
Protocols used…
• Vendor Proprietary,• SIP• H.323• RTSP• RTP
http://null.co.in/ http://nullcon.net/
SIP and H.323Features H.323 SIP
Multimedia support Yes No
Complexity High Low
Reliability Efficint failure handling Inefficint failure handling
Message Encoding Supported for narrowband and broadband Supported for broadband
Interoperability Yes No
Load Balancing Yes No
Call signalling 1 RAS message exchange 3 exchange messages
Statelessness While direct calling While it is not forking
Address resolution Supported not supported
Addressing Flexible Only URI type addressing supported
Billing Available at gatekeeper Not available
Capability Negotiation Good Limited
PSTN internetworking Supported not supported
Services Through web browser Not through web browser
Video and data conferencing Lip synchronization supported. Lip synchronization not supported.
Transport protocol Reliable Unreliable
Firewall/NAT support Yes No
Authentication Via H.235. Via HTTP (Digest and Basic), SSL, PGP, S/MIME.
DTMF Carriage Through audio stream No carriage
http://null.co.in/ http://nullcon.net/
SIP Call Flow
http://null.co.in/ http://nullcon.net/
H.323 Call Flow
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/
H.323 Call Flow
Attacks Vectors
• Vulnerabilities of both Data and Telephone Networks
• CIA Triad
http://null.co.in/ http://nullcon.net/
Availability Threats…
• SIP Bombing• Man in the Middle/Call Hijacking• Eavesdropping• RTP Insertion attacks• SIP-BYE DoS• Multiple Account Registration with the same
name
http://null.co.in/ http://nullcon.net/
Integrity Threats…
• Caller Identification spoofing• Proxy Impersonation• Call Redirection• UDP flooding attack• Registration Removal• Registration Addition
http://null.co.in/ http://nullcon.net/
Confidentiality Threats…
• Eavesdropping of phone conversation.• Unauthorized access attack.• Default passwords.• TOLL FRAUD
http://null.co.in/ http://nullcon.net/
Standard Guidelines
• Separate Infrasrtucture• Do not integrate Data and VoIP Networks• VoIP-aware Firewalls,• Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLS
http://null.co.in/ http://nullcon.net/
Thanks you.
http://null.co.in/ http://nullcon.net/
