Transcript Voice over Internet Protocol (VoIP) Security Issues and

Voice over Internet Protocol
(VoIP) Security
Affects on the IP Network Architecture
Net@Edu Conference
ICS – Wireless Group Meeting
Tempe, Arizona
February 6, 2005
Jose J. Valdes, Jr.
Colorado State University
1
Convergence
 “Today’s networks are being architected with
converged, real time, voice, data, and video
applications in mind.”
 “It is this ability to integrate voice, data, and
video applications using a single network
infrastructure that makes deployment of IP
telephony platform a essential step toward
creating a next-generation network.”
 The next-generation network has different
and extended architectural requirements, in
part because of VoIP, e.g., security.
(1)
(1)
2
VoIP Security
 “Security must prevent theft of service,
authenticate users, and repel a range of
attacks from outside and inside the firewall.”
 “With the introduction of VOIP, the need for
security is compounded because now we
must protect two invaluable assets, our data
and our voice.” (video and mobile).
 “The key to securing VOIP is to use the
security mechanisms like those deployed in
the data networks (firewall, encryption, antivirus, pop-up protection, O.S. updates,etc.).”
(2)
(3)
(3)
3
VoIP Security Challenges
 Quality of Service
(QoS)
 Latency
 Jitter
 Packet loss
 Security Breaches
 Access
 Disruption
 Confidentiality and
privacy
 Network Elements






Denial of Service (DoS)
Power failure
Viruses, Trojan Horse
Physical security
Operating System
Life and Safety (E-911)
 802.11
 Protocols
 H.323
 SIP
4
Quality of Service (QoS)
“Quality of Service (QoS) refers to the capacity of
a network to provide better service to selected
network traffic over various technologies …, and
IP routed networks …” (4)
 Latency is the time it takes for data to get from the
source to the destination and is introduced from
various network and VoIP components, e.g.,
encryption encoding and decoding.
 Jitter is introduced when data packets have
different latency and packets become out of
sequence.
 Packet loss is when data packets do not arrive at
the destination or arrive too late to be processed.

(4)
5
QOS
 “The key to conquering QoS issues like
latency and bandwidth congestion is speed.”
 “…every facet of network traversal must be
completed quickly in VoIP.”
 Firewalls/NAT traversal and traffic
encryption/decryption are latency producers
and network congestion generators, but must
effective means to secure a network. The
“good and bad news”.
(3)
(3)
6
Security Breaches
 Access
 Unauthentication - intrusion detection and application
access control
 Protection and updating of administrative passwords
 Disruption
 Denial of Service (DoS) – VLAN, firewall, routers, digital
certificates
 Network congestion – QoS, increased bandwidth
 Confidentiality and Privacy
 Eavesdropping & IP spoofing
7
Network Elements
 Denial of Service (DoS) – see slide # 7
 Power failure – UPS, generators
 Viruses, Trojan Horse – application and O.S.
patches and updates, security policies
 Physical security – access controls, policies
 Operating System – patches, updates
 Life and Safety (E-911) – static IP address,
relocation policies
802.11 evolving IP mobile devices or dual
mode with cellular
8
IP Security Profiles
 ITU – T H.234 v2 & v3 defines different
security profiles for product interoperability
under the H.323 suite of protocols’ Annex D,
E, and F. Suite designed for real time audio,
video, multimedia, and data.
 SIP security features described in RFC 3261
(IETF). Designed for VoIP and updated for
video and messaging.
 Some will argue that these protocols were
designed from different perspectives.
9
Bottom Line and Discussion
 Expectations for VoIP will be based on the
performance and availability of legacy
telephony systems!!
 How will VoIP affect the IP network
architecture?
 Will “traditional” IP security mechanisms and
policies be effective or detrimental to VoIP on
a convergent network?
 How to identify the accommodations or “trade
offs” that will be acceptable in support of VoIP
on a convergent network?
10
References
(1)
Broadcom. “Critical Steps for Successful VoIP
Deployment.” White Paper October 2004
Broadcom Corporation Irvine, CA.
(2)
Shore, Joel. “IP Telephony Security: An Overview.”
NetworkWorld URL: [email protected]
Kuhn, R.D., Walsh, T.J., & Fries, S., “Security Considerations
for Voice Over IP Systems: Recommendations of the National
Institute of Standards and Technology.” National Institute of
Standards and Technology, Gaithersburg, MD. January 2005.
Cisco. “Internetworking Technology Handbook.” 2003. URL:
http://www.cisco.com/univercd/cc/td/doc/cisintwrk/ito_doc (26
October 2004)
Tucker, G.S., “Voice Over Internet Protocol (VoIP) and
Security.” GIAC Security Essentials Certification (GSEC),
v1.4c, option 1, 26 October 2004
11
(3)
(4)
(5)