VoIP may be vulnerable to barrage of threats, part 2
Separating voice from data traffic on the LAN ranks high among precautions.
By Leon Erlanger, Infoworld | InfoWorld | Published: 01:00, 11 November 2005
In part 1, we looked at the extra risks that VoIP brings to a network. In part 2, we ask: what can we do about it all?
With all these potential threats and vulnerabilities, will huge numbers of VoIP users soon find themselves plagued by service interruptions and eavesdropping? To date, there have been no devastating, widely publicised attacks on enterprise VoIP systems. Why? Vendors and analysts offer several valid reasons.
Most newer enterprise VoIP solutions are closed systems in which packetised voice is running across the LAN only, and most external traffic is running across the PSTN via a gateway. "If you're running VoIP on the LAN only, it's relatively easy to get PSTN quality and maintain security," says Gartner's Fraley. Interoffice traffic is normally running on a protected office-to-office connection, so in many cases securing internal VoIP means hardening your call servers, switches, and gateways and protecting them with the right kinds of firewalls and IPS.
Vendors also recommend separating voice from data traffic on the LAN to protect it from malware, eavesdropping and DoS attacks. Building a separate infrastructure for voice negates the cost benefits of VoIP. However, much of the same kind of protection comes with the 802.1Q features of your switches to put voice and data on separate VLANs, and from protecting the intersection points between voice and data VLANs, such as the messaging server, with a voice-aware firewall and/or an IPS. In fact, Cisco offers a built-in IPS with recent versions of Call Manager.
"The right use of VLANs will also prevent casual VoIP snooping," says Farnsworth, adding that it becomes easier to target voice apps with appropriate security measures.
VoIP vendors and security experts say it's best to avoid softphones - phone software that runs on a PC - in favour of IP telephony handsets because softphones make it almost impossible to separate voice from data. Assigning an IP handset's IP address to its MAC (media access control) address is a good way to help thwart IP address spoofing. Several solutions use digital certificates for device and server authentication, and you can require passwords or PINs to access handsets. It is vital to encrypt voice-signalling data, VoIP management interactions, and in high security environments, even voice streams.
These arguments make a lot of sense today, but what about tomorrow? "At the end of the day, enterprises want to use VoIP to capitalise on international call cost-savings," Graydon says. That means replacing PRIs and other PSTN trunking with VoIP trunks - which providers such as Broadwing, Global Crossing, Level 3 Communications, and MCI already offer - in order to route calls to a gateway closer to your international call destination.
"As soon as the enterprise opens up VoIP to the Internet, they put a potentially huge security hole in their network," Graydon says. Essentially the days of closed corporate VoIP systems are over. Graydon also points out that telcos are changing their internal infrastructure from PSTN over copper to IP over fibre to cut their own costs, and moving to IP-based peering connections with other providers. "A lot of major IP convergence is happening out there in stealth mode," he says.
Collier agrees. "Once MCI gets 1000 customers on their VoIP network, it will be considerably more difficult to control security threats," he says.
Sceptics point out that avoiding softphones and keeping voice completely separate from data is unrealistic. "The interconnection between voice and data is where all those cool converged applications will evolve over time," Collier says. Jeff Rothel, CEO of CentricVoice, a provider of enterprise VoIP services taking advantage of VoIP security solutions from BorderWare, agrees. "We plan to move forward with a host of offerings that bolt voice directly into the software layer of enterprise data applications," he says. In fact, Rothel and others see a future in which enterprises purchase a range of voice services and applications from many different providers large and small, all standardised on IP and SIP.
Rothel asserts that traditional voice providers are not particularly savvy about potential VoIP threats: "Many of them just don't understand the data world. They never had a virus take down their PSTN switch."
There are also disruptive applications such as peer-to-peer voice apps from Skype and other providers. "There's a host of VoIP apps that will likely infiltrate enterprises that don't fit into the standard enterprise VoIP model," says David Endler, director of security research at IPS provider TippingPoint (now part of 3Com) and chairman of the VoIP Security Alliance, an organisation of VoIP and security vendors looking to advance security research.
Sceptics also point out that many of the security measures suggested by VoIP vendors are neither especially practical nor widely used. "Sure you can implement voice and signalling encryption and strong authentication, but they're a pain in the butt to configure," says SecureLogix's Collier. Brian Ham, CTO of Sentegrity, an IT security provider, observes that current key exchange standards such as the Diffie-Hellman key agreement protocol don't scale well enough for widespread VoIP authentication and encryption: "If you look at forums, bulletin boards, and industry leaders, everyone is asking, ‘How can we do proper key exchange?'" Sentegrity offers its own lightweight key exchange solution.
Just because there haven't been any widely publicised attacks on IP telephony yet doesn't mean they aren't happening. BorderWare has made it known that call centres and financial institutions have already come under attack, but officials there are not about to name names.
"Typically you don't see widespread threats until a technology is widely deployed and tools are made available to the masses to automate attacks," Collier says. Endler agrees: "As applications are more widely deployed, they become sexier targets." VoIP security vendors such as BorderWare, SecureLogix, and even TippingPoint are offering specialised VoIP firewalls and IPSs, targeting the application layer exploits that are likely to affect VoIP down the road.
Ultimately, VoIP may start to suffer the same types of invasions that plague e-mail, IM, and other PC communications. The good news is that VoIP and security vendors are jumping on the problems early. "There's no question that VoIP security options are getting better and better very quickly," Kuhn says, adding that the benefits of converging voice with data applications are so great that it's unlikely security issues will thwart deployment.
James Largotta, CEO of Sentegrity, agrees. "The idea behind VoIP is too brilliant," he says. "Once some of the bugs are worked out, it's pretty much a slam dunk."