Voice over Internet Protocol (VoIP) Security Issues and
Download
Report
Transcript Voice over Internet Protocol (VoIP) Security Issues and
Voice over Internet Protocol
(VoIP) Security
Affects on the IP Network Architecture
Net@Edu Conference
ICS – Wireless Group Meeting
Tempe, Arizona
February 6, 2005
Jose J. Valdes, Jr.
Colorado State University
1
Convergence
“Today’s networks are being architected with
converged, real time, voice, data, and video
applications in mind.”
“It is this ability to integrate voice, data, and
video applications using a single network
infrastructure that makes deployment of IP
telephony platform a essential step toward
creating a next-generation network.”
The next-generation network has different
and extended architectural requirements, in
part because of VoIP, e.g., security.
(1)
(1)
2
VoIP Security
“Security must prevent theft of service,
authenticate users, and repel a range of
attacks from outside and inside the firewall.”
“With the introduction of VOIP, the need for
security is compounded because now we
must protect two invaluable assets, our data
and our voice.” (video and mobile).
“The key to securing VOIP is to use the
security mechanisms like those deployed in
the data networks (firewall, encryption, antivirus, pop-up protection, O.S. updates,etc.).”
(2)
(3)
(3)
3
VoIP Security Challenges
Quality of Service
(QoS)
Latency
Jitter
Packet loss
Security Breaches
Access
Disruption
Confidentiality and
privacy
Network Elements
Denial of Service (DoS)
Power failure
Viruses, Trojan Horse
Physical security
Operating System
Life and Safety (E-911)
802.11
Protocols
H.323
SIP
4
Quality of Service (QoS)
“Quality of Service (QoS) refers to the capacity of
a network to provide better service to selected
network traffic over various technologies …, and
IP routed networks …” (4)
Latency is the time it takes for data to get from the
source to the destination and is introduced from
various network and VoIP components, e.g.,
encryption encoding and decoding.
Jitter is introduced when data packets have
different latency and packets become out of
sequence.
Packet loss is when data packets do not arrive at
the destination or arrive too late to be processed.
(4)
5
QOS
“The key to conquering QoS issues like
latency and bandwidth congestion is speed.”
“…every facet of network traversal must be
completed quickly in VoIP.”
Firewalls/NAT traversal and traffic
encryption/decryption are latency producers
and network congestion generators, but must
effective means to secure a network. The
“good and bad news”.
(3)
(3)
6
Security Breaches
Access
Unauthentication - intrusion detection and application
access control
Protection and updating of administrative passwords
Disruption
Denial of Service (DoS) – VLAN, firewall, routers, digital
certificates
Network congestion – QoS, increased bandwidth
Confidentiality and Privacy
Eavesdropping & IP spoofing
7
Network Elements
Denial of Service (DoS) – see slide # 7
Power failure – UPS, generators
Viruses, Trojan Horse – application and O.S.
patches and updates, security policies
Physical security – access controls, policies
Operating System – patches, updates
Life and Safety (E-911) – static IP address,
relocation policies
802.11 evolving IP mobile devices or dual
mode with cellular
8
IP Security Profiles
ITU – T H.234 v2 & v3 defines different
security profiles for product interoperability
under the H.323 suite of protocols’ Annex D,
E, and F. Suite designed for real time audio,
video, multimedia, and data.
SIP security features described in RFC 3261
(IETF). Designed for VoIP and updated for
video and messaging.
Some will argue that these protocols were
designed from different perspectives.
9
Bottom Line and Discussion
Expectations for VoIP will be based on the
performance and availability of legacy
telephony systems!!
How will VoIP affect the IP network
architecture?
Will “traditional” IP security mechanisms and
policies be effective or detrimental to VoIP on
a convergent network?
How to identify the accommodations or “trade
offs” that will be acceptable in support of VoIP
on a convergent network?
10
References
(1)
Broadcom. “Critical Steps for Successful VoIP
Deployment.” White Paper October 2004
Broadcom Corporation Irvine, CA.
(2)
Shore, Joel. “IP Telephony Security: An Overview.”
NetworkWorld URL: [email protected]
Kuhn, R.D., Walsh, T.J., & Fries, S., “Security Considerations
for Voice Over IP Systems: Recommendations of the National
Institute of Standards and Technology.” National Institute of
Standards and Technology, Gaithersburg, MD. January 2005.
Cisco. “Internetworking Technology Handbook.” 2003. URL:
http://www.cisco.com/univercd/cc/td/doc/cisintwrk/ito_doc (26
October 2004)
Tucker, G.S., “Voice Over Internet Protocol (VoIP) and
Security.” GIAC Security Essentials Certification (GSEC),
v1.4c, option 1, 26 October 2004
11
(3)
(4)
(5)