Architecture Considerations for Securing Converged Networks
Download
Report
Transcript Architecture Considerations for Securing Converged Networks
Challenges in Securing Converged Networks
Prepared for:
2007 CQR Conference
Copyright © 2007 Telcordia Technologies
Telcordia Contact:
John F. Kimmins
Executive Director
[email protected]
732-699-6188
Outline
Threats
Vulnerabilities
Architecture Boundaries
Insider
External
Application
Logical Domains
Other Challenges
Market Perspective
Example Service Provider Architecture
SIP Endpoints
Soft Phones, VoIP Phones,
Attached Terminal Adaptors
(ATA)
SoftSwitch
Signaling Gateway
Media Gateway
Media Gateway Controller
Session Border Controller (SBC)
Registration & Location Servers
Supporting Servers
Authentication, Authorization,
and Accounting (AAA) servers
Call Data Record (CDR)
servers
Domain Name Service (DNS)
servers
Network File Server (NFS)
IP Softphone
IP Phone
Internet
Customer
Network
Signaling Gateways
(SG)
IP PBX
SBC
Customer
Network
Carrier IP Network
Media Gateway
Controllers
(MGC)
Voice Router
Voice
Gateway
Media Gateways
(MG)
Voice
Gateway
Peer Network
OSS
Backoffice
Provisioning Servers
DHCP Servers
DNS Servers
TFTP or HTTP Servers
SYSLOG Servers
NFS Servers
Record Keeping Servers (RKS)
PSTN
Threats
Confidentiality
Eavesdropping (including traffic analysis)
Interception of Signaling or Media Stream
Integrity
Modification of Signaling (Rerouting/Masquerading)
Modification of Media Stream (Impersonation)
Fraud (cannot trust Caller ID)
Integrity of stored data and systems
Availability
Service disruption (amplification attacks DoS/DDoS)
Denial of Service against Signaling or Media Stream
Spam Over Internet Telephony (SPIT)
Unauthorized access (compromise systems with
intentions to attack other systems or exploit
vulnerabilities to commit fraud and eavesdropping).
Types of Vulnerabilities
Applications:
Buffer overflows, format-string exploits, scripts, password
exploits, overload (DoS, DDoS)
Protocols:
Session tear-down, impersonation, session hijacking,
SIP>SS7 boundary messages tampering, malformed
messages, overload (DoS, DDoS)
Supporting Services
Address resolution and directory services (DNS, LDAP,
ENUM), email (SMTP), supporting databases (SQL),
SNMP, STUN used for NAT traversal
OS and Networking:
Buffer overflows, format-string exploits, scripts, password
exploits, overload (DoS, DDoS), ARP cache poisoning
End-to-End View
Source: ITU Y.2701 (Security Requirements for NGN)
ANI
3rd Party
Provider
Service Provider A
Domain
Users
Devices and CPEs
ANI
Service Provider B
Domain
Devices and CPEs
NNI
Application Servers
Application Servers
Service Stratum
Softswitch
Home
networks
Enterprise
Access
(xDSL, Cable,
FTTP, WiFi,
WiMAX)
UNI
Users
Service Stratum
CSCF
Softswitch
Transport
Transport
Transit
NNI
CSCF
NNI
Access
(xDSL, Cable,
FTTP, WiFi,
WiMAX)
UNI
Home
networks
Enterprise
Insider Perspective
GSX
Internet
SBC/GW
SGX
PSTN
VoIP
Attack Station
PSX
NFS Server
Attacks
Operations Network Interfaces
PSX
SGX
VLAN XX
Operations
Network
Attack Station
Performs Local
and Inter-VLAN
Vulnerability
Scanning
VLAN XX
Attack Station
Attack Station
Performs
Operations
Network to VLAN
Vulnerability
Scanning
SGX
Performs Local
and Inter-VLAN
Vulnerability
Scanning
External Perspective
SGX
DNS
Attacker
LAN
VoIP
PSX
Router
Internet
SBC/GW
Attack Station
Attacks
Attempted Attacks
Other external components
supporting the VoIP
infrastructure
Attempts to Bypass Filtering
Application³ Interface Security
OSA/Parlay Interface
OSA/Parlay
Application A
OSA/Parlay
Application A
OSA/Parlay
Application A
Enterprise/Third
Party Providers
OSA/Parlay
APIs
OSA/Parlay
Framework
Service
Control Features
IMS Third Party
Access
OSA/Parlay Gateway - Service Capability Server
IMS Core Components
* Application³ means Third Party Application
IMS Network
Logical Segmentation Challenges
Logical segmentation of the management/signaling/user layer between
locations:
Secure logical separation of domestic and international VoIP/NGN
components
An intruder from a foreign location could attack key domestic
network elements because there may be insufficient barriers
between domestic and international domains.
Internal Security Boundaries Needed?
An End-to-End View of Potential Security
Vulnerabilities
Application Servers
Third Party
Application Access
Proxy Servers
•
•
•
•
•
•
•
•
User Impersonation
Bid-Down Attacks
Replay Attacks
SIP Parameter
Manipulation
Policy Mis-configuration
SNMP/Management
Vulnerabilities
Denial of Service
Priority Handling
• OSA / Parlay / Parlay X
Vulnerabilities
• CORBA Vulnerabilities
• Malicious Applications
• Authentication &
Authorization Flaws
• Interface Confidentiality &
Integrity Violations
• Insecure Partner Networks
• Unpatched App/OS Exploits
• Insecure Configuration
• Open Systems Vulnerabilities
• Denial of Service
SIP AS
IM-SSF
PDF
NASS
•
•
•
•
•
•
•
•
Spyware/Adware
Worms/Viruses
Keyloggers
Trojan Horse
OS Vulnerabilities
Network Impersonation
Insecure Customer
Network Extensions
Malicious Applets
Active X Vulnerabilities
XSS/XST
Shell Shoveling
Phishing/Pharming
Device Theft
Stolen Password
Data Theft
Eavesdropping
Integrity Violations
Manipulation Attacks
Traffic Analysis
Man-in-the-Middle
Attacks
• Session Hijacking
• Reset Connection
I-CSCF
IP Peering &
Interconnection
MGW
OSS
RACS
Access
•
•
•
•
•
MGCF
HSS
Subscriber
Data
P-CSCF
User Device
SGW
BGCF
S-CSCF
•
•
•
•
•
•
•
• SIP Protocol Weaknesses
• User Deregistration/Dos
• SNMP/Management
Vulnerabilities
• Priority Handling (ETS)
• E9-1-1 Service Weaknesses
• Unpatched App/OS Exploits
• Insecure Configuration
• Reliability & Availability
• New Entrant Vendors
PSTN
Interconnection
OSA GW
Access Network
/ Internet
Control Servers
• SIP Protocol Weaknesses
• Malicious Code in SIP/HTTP
• IN/Legacy System
Weaknesses
• Unpatched App/OS Exploits
• Insecure Configuration
• Service Authentication &
Authorization Flaws
• Denial of Service
• Inadequate Security Logs
• Open Systems Vulnerabilities
Network Attachment
•
•
•
•
•
•
•
•
Weak Authentication
DNS Cache Poisoning
Policy Mis-configuration
SNMP/Management
Vulnerabilities
Denial of Service
Open Ports / Port Scanning
IP Attacks
IP Spoofing
•
•
•
•
•
•
•
•
•
•
•
•VoIP Fraud
•Traffic Smuggling
•SS7 Message Spoofing
•SBC Vulnerabilities
•Denial of Service
•Policy Mis-configuration
•Routing Table Attacks
•Network Topology Exploits
•IP Attacks
•IP Spoofing
Web Servers
Back-End Systems
Inadequate Input Validation
Buffer Overflow
Root Access Exploit
Command/Code Injection
Authentication Flaws
User Impersonation
Authorization Flaws /
Privilege Escalation
Insecure Sessions
Error Mishandling
Directory Traversal
Denial of Service
•
•
•
•
•
•
Location Misdirection
SQL Injection
Command Injection
Insecure Information Storage
Trust Relationship Attacks
Weak App-tp-App
Authentication
Other Challenges in Security
End-to-End Security Management
Scaling across network domains, national and
international domains (e.g., countries/continents)
Hop-by-hop or end-to-end
Identity Management
Identity across network domains, national and
international domains (e.g., countries/continents)
Associated with a location
Private/public identities, role and context based
identifiers
Evolving Trust Model
Source: ITU Y.2701
NNI Trust Model
Source: ITU:Y.2701
Market Perspective
How’s security in VoIP/NGN products today?
Poor to average
Security controls are not mature
Not well implemented in deployments
Implementations inherit traditional vulnerabilities (e.g. Buffer
Overflows)
Security performance and reliability are critical elements and need to
be improved
Security features to enforce stronger security posture (protocol, user
and boundaries) are not uniformly implemented
Baseline security requirements for product vendors are many times
vague
Signaling and media security are not fully recognized by the market
Integration of security functionality still evolving
Organizational issues are not fully identified and addressed