Transcript Which VoIP Security mechanisms do[n`t] you use?

A Survey of VoIP Security
Practices in Higher Education
H. Morrow Long
Director, Information Security
Yale University
Security Professionals Conference Session
Wednesday, April 11, 2007
3:15 p.m. - 4:15 p.m.
Introductions
2
Overview
This presentation will discuss a survey and
informal poll of the current campus
network VoIP security practices and
products in higher education on both
wired and wireless networks.
3
Agenda
Introduction
What is VoIP?
VoIP Threats
VoIP Security Checklists
VoIP Effective Practices in Higher Ed
Survey of VoIP Security in Academia
Discussion and Questions
4
VoIP Security Goes
Mainstream
In 2006, VoIP Security entered the SANS Top
20 for the first time:
http://www.sans.org/top20/#n1
N1 VoIP Servers and Phones
5
VoIP Security Flaws Go
Mainstream
2006 VoIP Security vulnerabilities:
Asterisk
CVE-2006-2898, CVE-2006-4345, CVE-2006-4346,
CVE-2006-5444
Cisco Call Manager
CVE-2006-0368, CVE-2006-3594
VoIP Phones
CVE-2005-3717, CVE-2005-3722, CVE-2005-3723,
CVE-2006-0305, CVE-2006-0374, CVE-2006-0834,
6
CVE-2006-5038
VoIP Security Flaws Go
Mainstream
2007 VoIP Security vulnerabilities:
Asterisk
CVE-2007-1306
Cisco Call Manager / IOS / PIXOS
CVE-2007-0648, SA24180/cisco-sa-20070214-fwsm,
SA24179/cisco-sa-20070214-pix
VoIP Phones
CVE-2007-1072, CVE-2007-1062, CVE-2007-1063
7
What is VoIP?
Voice over IP
IP Telephony
Converged Data/Voice Networking
Unified Messaging
8
What is VoIP?
2 Major Protocols:
 H.323
 SIP / SIPS
Popular Internet VoIP
 Proprietary
• Skype
• Vonage
Other
 Zfone/ZRTP (Phil Zimmerman)
Internet Standards related to VoIP Security:
 IPSEC
 SSL/TLS
 SRTP (RFC3711)
9
H.323 and SIP
The 2 Major (Local and Enterprise) VoIP Protocols:
 H.323
 SIP
Both protocols:
Are hard (but not impossible) to firewall
Were not designed for security…
Use separate signaling and media (content) channels
Use dynamic ports
Were not designed to be NAT “friendly” (embed IP
addresses inside signaling/control information)
But: H.323 is more like ISO X. protocols (uses ASN.1/PER)
and SIP is more like Internet FTP/SMTP/HTTP/NNTP.
10
H.323
Older protocol than SIP, implemented earlier
ITU Umbrella Standard - built of other H stds
First VoIP std to use RTP
Interoperates with ISDN PBX systems
Used by several voice and videoconferencing
systems
Built into NetMeeting, other commercial and open
source programs available
GNU Gatekeeper - accounting/authorization/NAT
traversal/H.323 proxy/H.235 security
11
H.235 Security
H.235 provides security for H.323
Optionally nine security profiles can be
used to apply one or more of six security
services (authentication, nonrepudiation,
integrity, confidentiality, access control,
key management) to H.225, H.245 and
RTP traffic.
12
“Skinny” - Cisco H.323
“Skinny” is Cisco’s lightweight
proprietary version of H.3323.
SCCP is the acronym for Skinny Client
Control Protocol.
It is a lower overhead control protocol
between the client and Call Manager.
13
SIP - Session Initiation
Protocol
Overtaking H.323 on LANS - many clients.
Created 1996. SIP 2.0 defined in RFC 2543 (1999)-refined in RFC 3261 (2002).
Lightweight, text-based protocol run on top of UDP
or TCP (e.g. port 5060- mod P2P model.
Uses HTTP “style” status codes & email addresses.
Interoperates with XMPP IM (Japper)
STUN & newer TURN enable SIP through NAT using
public Internet servers.
Uses other protocols: SDR, RTP, MGCP, RTSP.
Can be stateful/less, client/server or P2P.
14
SIP/RTP Architecture
VoIP User-Agent
RTP
SIP
SRTP
TLS
UDP and TCP
IP
Data Link Layer
15
Credit: Practical VoIP Security, Syngress
SIPS - Secure SIP
Secure SIP is a security mechanism defined by
SIP
RFC 3261 (2002) defines Secure SIP -- a
security mechanism using TLS to send SIP
messages over an (Transport Layer Security)
encrypted channel.
Fairly new, competes with IPSEC, VPNs, SRTP -often referred to as SIP with TLS -- used when
IPSEC is overkill or SIP proxies must be used.
16
SRTP
Adds message encryption, authentication, integrity
and replay protection to to RTP
Sister to SRTCP (Secure RTP Control Proto)
SRTP/SRTCP encryption, authentication and integrity
are independent and can be disabled (“Null”
encryption).
Single Cipher (AES), 2 modes (counter & feedback
modes)
External Key mgt (ZRTP, Mikey, …)
Credit:
http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol
17
SRTP Interoperability
Hard IP Phones
 Avaya, Cisco, Ericsson (&TLS), Siemens, Linksys,
Snom (&TLS)
Soft IP phones
 Gizmo, Kphone, Snom360 (&TLS), minisip (&TLS)
Hard IP PBX - Alcatel and Ericsson
Soft-IP-PBX - Asterisk (SIP & H323) and pbxnsip
SBC (Session Border Ctrlr) / SIP Firewall
 Covergence (& SIP & H323)
 InGate (SIP aware firewall)
Credit:
http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol
18
Zfone/ZRTP
Created/driven by (Phil Zimmerman)
2nd attempt (PGPfhone)
Designed to work with current SIP phone programs (via
plug-ins).
Zfone is the program.
ZRTP is an extension to RTP (Real-time Transport
Protocol) providing secure real-time transport to secure
sessions (SIP, H.323, etc.) already established.
 Keys are transmitted and managed outside the std signaling.
 Protection against MitM (man in the Middle) attacks.
19
Skype
Peer to Peer Model
Supernodes route traffic for other calls
Can be blocked and bandwidth managed
Outlawed at some institutions
Proprietary strong encryption
Non-CALEA compliance?
20
More VoIP Terminology
“Presence” (R U there?)
Convergence (Data + Voice = Synergy)
Voice Messaging
Unified Messaging Systems
21
More VoIP Acronyms
ACD
IVR
ICE
RSVP
RTSP
SDP
STUN
TLS
TURN
TTS
Automatic Call Distribution(Call Ctr)
Interactive Voice Response
Interactive Connectivity Establishment
Resource Reservation Protocol
Real Time Streaming Protocol
Session Discovery Protocol
Simple Traversal of UDP through NAT
Transport Layer Security (ala SSLv3)
Traversal Using Relay NAT
Text-to-speech server
22
Non-Cyber Securityrelated VoIP Issues
911 - where does 911 ring?
E-911 - need to provide location information?
Emergency access  during network or power outages
• Use Power-over-Ethernet (PoE AKA IEEE 802.3af) cabling
• Provide at least the minimal # of land lines per # rooms
(e.g. or as required by law)
23
PBX System Components
PSTN
Endpoints (Phones, Faxes, Modems.)
Lines (e.g. Station lines)
Trunks
Remote PBXes
Adjuncts (VM, ACD, IVR, …)
CDR (Call Detail Recording)
Voice/PBX Firewalls
24
VoIP System Components
Media Gateways -- e.g. to PSTN/PBXes
Endpoints (User Agents): softphones,
IM/Video/VoIP/ATA (Analog Telephone Adatper)
Media Servers (VM, ACD, IVR, TTS,VC)
H.323 Gatekeepers
SIP Registration, Redirect Servers
SIP Proxy Servers
Firewalls/ALGs
25
VoIP Threats
VoIP Networks have many of the same threats to
security, privacy and reliability as data networks do,
but they also bring in the problems of the telephone
system and have some special threats all their own.
Converged networks can combine threats from the data
and VoIP world -- making the new network less secure
(in the opinion of some).
Data network people are afraid VoIP infrastrucutre will
weaken the security of their data network and the
voice/telecom people feel the same about data / IP
networks.
26
Other VoIP Architectures
Skype
IAX
H.248
Microsoft Live Communication Server 2005
(MLCS)
 TLS between client and server
 Mutual TLS server-to-server
27
VoIP vs. PSTN
Remember that “POTS” telephones have
little security -- ordinary phone
conversations are not encrypted and can
be tapped or eavesdropped.
You can actually have better security
using VoIP IF you use strong encryption
(and a good implementation).
28
VoIP Threats
DDoS / DoS Attacks
 ICMP Flood (eg ‘pings’) to Phone or Call Mgr
Unauthorized Access
Toll Fraud
Voicemail hacking
Eavesdropping (Call and/or Control)
Call Hijacking
Application Level Attacks
Credit: Juniper Networks
29
IP Network Threats
Ethernet, IP and DNS address spoofing
ARP and DNS Cache Poisoning
Quantity-based packet flooding
Stack DoS attacks
VLAN “jumping”
QoS / prioritization attacks
30
Organizing VoIP Threats
Standard IP Network Threats
(to the CIA triad)
C Confidentiality
I Integrity
A Availability
31
Organizing VoIP Threats
Advanced IP Network Issues/challenges
(triple A)
A Authentication
A Authorization
A Accounting
32
Application-Specific
VoIP Threats
“Phone” spoofing - registering a SIP client with
someone else's identifier (no auth.).
 a successful attack would cause the similarly
registered phone to ring when someone called the
legitimate owner of the number.
Credit: Jeremy George, Yale University
33
Threat to Confidentiality
Programs exist to listen to SIP and other
VoIP streams (and record them).
It is possible to capture packets on
switched networks (by overflowing ARP
tables, poisoning ARP caches, etc.).
Encryption should be used but has sideeffects: : on latency, on sound qulaity
(packetization and compression chunking
can lead to clipped staccato speech).
34
Application-Specific
VoIP Threats
Caller-ID / ANI “Spoofing” (faking source #)
 Trivial to do -- don’t trust Caller-ID -- OK to
screen w/
Credit: Jeremy George, Yale University
35
Threat to Integrity
It is possible to ‘hijack’ sessions.
It is possible to modify voice over IP
streams.
Once again, use encryption (or at least
cryptographic integrity checks) to
prevent this.
36
Application-Specific
VoIP Threats
MitM “spoofing”
 CALEA is a ‘legit’ application of this.
 DoS attacks are known immediately by communicating
parties
 Call content is neither overheard nor compromised.
 Some proxies have logic in them that identifies a likely
DoS attack and discard those packets (ask your
vendor!).
 Encryption is the best proection against MitM spoofing.
Credit: Jeremy George, Yale University
37
Threats to Availability
Quality of Service (QoS) problems:
 Latency - time for traffic to go from source
to destination (one-way and round-trip).
150ms is Max RTT for PSTN. VoIP at 400ms is
at outer limit of tolerable range.
 Jitter - variability in latency and out-of-order
packet arrival times. Buffering can help
here.
 Packet Loss - results in gaps in
communication.
38
Application-Specific
VoIP Threats
“Special DoS (Denial of Service) attacks




high volume flood of SIP INVITEs
high volume flood of SIP REGISTER commands
Control Packet / Call Data Floods
Packet Replay / Injection / Modification
Credit: Jeremy George, Yale University
39
Application-Specific
VoIP Threats
“BID attacks on SIPS”
 Get SIPS devices to downgrade to ordinary SIP
Credit: Jeremy George, Yale University
40
Application-Specific
VoIP Threats
Rogue SIP Proxies
 Impersonate a proxy to a User-Agent
Credit: Practical VoIP Security, Syngress
41
VoIP Security Checklist
Practical VoIP Security “high level short list”:
Create, publish and enforce security policies.
Practice rigorous physical security.
Verify user identities.
Actively monitor logs, firewalls & IDSes.
Logically segregate data & voice traffic.
Harden Oses.
Encrypt whenever and whatever you can.
42
VoIP Security Checklist
Juniper Best Pracices Security Measures
1. Maintain Current Patch Levels
2. Install a Good Anti-Virus System and Update it Regularly
3. Apply State-of-the-Art Intrusion Detection and Prevention Systems
4. Install Application-Layer Gateways between Trusted and Untrusted Zones.
5. Enforce SIP security by means of Authentication, Authorization and IPSec
6. Establish Policy-Based Security Zones to Isolate VoIP Segments.
7. Run VoIP Traffic on VPNs to Minimize Eavesdropping Risk on Critical
Segments.
8. Use VLANs to Prioritize and Protect Voice Traffic from Data Network Attacks
9. Apply Encryption Selectively
10 Protect Against UDP Flooding
11. Develop a Holistic Security Program
43
Metagroup Checklist
IP Telephony-Specific Security Features
The Call Control Server
1. Harden/Strip down OS.
2. Use secure OS.
3. Authenticate & authorize all user & device
access to servers.
4. Require strong authentication for all
configuration and software upgrades.
5. Should support app level signaling message
auth.
6. Should support call setup info encryption.
44
Metagroup Checklist
IP Telephony-Specific Security Features
The Voice Gateway:
1. Require strong authentication for all configuration
and software upgrades .
2. Provide DoS protection on IP inteface.
3. Should be configured to route calls only via the call
control server.
4. Secure OS w/anti-virus AND host-based IDS.
5. Should support call setup info and media (voice
content) encryption.
6. Should support a media (voice content) protocol
authentication on a per-packet basis.
45
Metagroup Checklist
IP Telephony-Specific Security Features
The IP Phone:
1.
Must authenticate itself to the call control server or a proxy
server upon initial registration
2.
Must support strong authentication for any remote configuration
and software upgrades .
3.
Should support a configurable access control list to control any
incoming traffic (e.g. H.323/SIP, RTP, HTTP, FTP, DHCP)..
4.
When supporting an additional Ethernet port for PC connectivity,
should have this implemented via a switching function combined
with VLAN functionality.
5.
Should support encryption of both call setup info and media as
needed. Using encryption can add an additional end-to-end
delay on each media packet.
46
VoIP Security Checklist
Detailed and Specfic list:
Use a separate VLAN with 802.1p/q QoS w/priority
VLAN tagging for the VoIP network.
Use a private (RFC1918) IP network for the VoIP LAN.
Use NAT and/or proxies to hide internal addresses.
Use a firewall (packet filtering or ALG) to protect &
connect the VoIP network to the data IP network.
Use an IDS or IPS to examine the traffic allowed
through the firewall (may be built into the firewall).
Use TLS to protect SIP and SRTP to protect RTP.
Use NAC, 802.1X & RADIUS auth & SIP-aware FW. 47
Listservs & Newsgroups
EDUCAUSE Security Discussion Listserv
http://www.educause.edu/SecurityDiscussionGroup/979
VOIPSA Best Practices Working Group
http://www.voipsa.org/Activities/bestpractices.php
VOIPSA Best Practices WG List
http://voipsa.org/mailman/listinfo/bestpractices_voipsa.org
NIST Publication Mailing list
http://csrc.nist.gov/compubs-mail.html
48
VoIP Security Effective
Practices in Higher Ed
One anonymous school:
Uses separate VLAN, L2 switches and RFC1918
IP addresses for VoIP network.
Provides separate connections (and bandwidth)
to each building with VoIP.
Softphones can participate from regular campus
LAN (aren’t required to use a 2nd NIC on the
VoIP network).
49
VoIP Security Effective
Practices in Higher Ed
A 2nd anonymous school:
Has enterprise polycom gateways (a bunch of
them) that have priority in QOS on the routers..
Allows traffic via ports inbound on the above routers
for this ‘legit’ traffic.
Doesn’t restrict H.323.
Blocks SIP and Vonage because they don’t open the
inbound ports.
Packet8 and other SIP applications which use STUN
work fine (because of tunneling).
Skype is a problem (paritcularly Supernodes at times).
50
VoIP Higher Ed Security
Survey
Official VoIP Technologies
35.00%
30.00%
25.00%
20.00%
15.00%
10.00%
5.00%
0.00%
H.323-Cisco
H.323-Other
SIP-Cisco
SIP-Other
Vonage
Skype
zPhone
Other-Nortel
51
VoIP Higher Ed Security
Survey
Official VoIP Technologies
4
3.5
3
2.5
2
1.5
1
0.5
0
H.323-Cisco
H.323-Other
SIP-Cisco
SIP-Other
Vonage
Skype
zPhone
Other-Nortel
52
VoIP Higher Ed Security
Survey
Do you use any VoIP Security
techniques?
80
60
40
Yes
No
20
0
53
VoIP Higher Ed Security
Survey
What VoIP Vendor Products or Open
Source Solutions do you use?
60%
50%
40%
30%
20%
10%
0%
3Com
Alcatel
Avaya
Cisco
Cov ergence
Ericsson
Mitel
NEC
Nortel
Shoretel
Siemens
Sphere
Quintum
VegaStream
Vertical
Vonage
PBXnSIP
Asterix
GNU-Gatekeeper
zPhone
Other-Aastra 54
VoIP Higher Ed Security
Survey
Us e SRTP for enc ryption
Which VoIP Security mechanisms
do you use?
Us e SRTP for authentication
IPSEC transport or VPN use required for VoIP phone
use (for auth and enc ryption)
Loc k VoIP phone info/config w ith pass w ord or PIN
100.00%
80.00%
Require netw ork registration of VoIP phones
Require manual authorization of VoIP phones
Bloc king of Internet acc es s to unauthoriz ed H
60.00%
40.00%
20.00%
0.00%
Bloc king of Internet acc es s to unauthoriz ed SIP
Bloc king of Internet acc es s to Vonage
Bloc king of Internet acc es s to Skype
Prev ent Sky pe us ers from becoming Supernodes
Deny ing internal VoIP ac cess to unauthorized phones
Us e of s eparate VoIP VLAN for s egregation from data
IP netw ork
55
VoIP Higher Ed Security
Survey
Which VoIP Security mechanisms
do you use?
70%
60%
50%
40%
30%
20%
10%
0%
Us e of s eparate VoIP subnet address es for
s egregation from data IP netw ork
Us e of firew all (or IP packet filter such as router A CLs )
betw een VoIP netw ork and data IP netw ork
Us e of a s pecial VoIP or SIP-aw are firew all betw een
VoIP netw ork and data IP netw ork
Us e other forms of ac cess control to bloc k/filter IP
traffic to VoIP servers
Us e other forms of ac cess control to bloc k/filter IP
traffic to VoIP hard phones
IP acc es s to the enterprise VoIP servers is res tricted
and controlled (blocked or filtered)
Softphones are not allow ed
Us e other forms of ac cess control to bloc k/filter IP
traffic to s oftphones
NAT all VoIP traffic outbound to the Internet
VoIP server management traffic is enc rypted
VoIP server management traffic uses a s eparate LAN
VoIP servers are dedicated to telephony services
Prov ide s eparate dedicated bandw idth for VoIP traffic
internally
56
VoIP Higher Ed Security
Survey
Which VoIP Security mechanisms do[n’t] you use?
Use H.235 for H.323 security profiles (for H.225, H.245 and RTP traffic).
Use SIPS (Secure SIP - RFC3261 - SIP over TLS).
Don't allow SRTP with null cipher (e.g. don't allow use of SRTP for just
authentication).
Use zRTP for key management.
Use Mikey for key mgt/exchange.
Use SDES for key exchange.
Use SRTCP for authentication.
Use SRTCP for encryption.
IPSEC to secure MGC (Media Gateways/Controllers) communication.
Use of separate physical LAN(s) for VoIP for segregation from data IP
network.
VoIP Higher Ed Security
Survey
Which VoIP Security mechanisms do[n’t] you use?
Use of IPS between VoIP network and data IP network.
Use of IDS between VoIP network and data IP network.
Use NAC (network access control) such as 802.1X and RADIUS to authenticate
hard phones.
Softphones require the use of the separate VoIP network (physical LAN, VLAN,
subnet address, etc.) from the data IP network.
Softphones are allowed with IPSEC transport mode.
Softphones are allowed with IPSEC VPNs.
Use NAC (network access control) such as 802.1X and RADIUS to authenticate
hard phones.
Allow NAT traversal via STUN or TURN Internet proxies.
Provide separate dedicated bandwidth for VoIP traffic to the Internet.
58
Wrap-Up
Question & Answer
Session Evaluation & Feedback
59
Contact Info
H. Morrow Long
[email protected]
Security.yale.edu
60
Credits:
Cisco - Configuring SIP High Availability Applications,
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/vvfax_c/callc_c/sip_c/sipha_c/hachap2.htm
Jeremy George, Yale University, “
“SIP.edu Cookbook - Security Considerations”
http://mit.edu/sip/sip.edu/security.shtml
Deb Shinder, 2006/12/1 “Make a SIP-based VoIP network more
secure”, http://articles.techrepublic.com.com/5100-1035_11-6145231.html?part=rss&tag=feed&subj=tr
Deb Shinder, 2007/1/7 “Take a multi-layered approach to VoIP
security”, http://articles.techrepublic.com.com/5100-1035_11-6145231.html?part=rss&tag=feed&subj=tr
Jose J. Valdes, Jr., Colorado State University “Voice over Internet
Protocol (VoIP) Security”, Net@Edu Conference, ICS – Wireless Group
Meeting, Tempe, Arizona, February 6, 2005
61
Credits:
Practical VoIP Security by Larry Chaffin,
Jan Kanclirz, Jr., Thomas Porter, Choon
Shim, Andy Zmolek, Syngress, March 2006
Wikipedia (pages on H.323, SIP, SRTP,
ZRTP), Zfone, etc.)
62