PowerPoint Presentations

Telecommunications SecurityChapter Ten

Prepared by: Raval, Fichadia

Raval • FichadiaRaval • FichadiaJohn Wiley & Sons, Inc. 2007

2

Chapter Ten Objectives Learn the basic concepts of telecommunications (PSTN,

PBX, VoIP) and associated terminology.

Understand the risks that impact telecommunications and the controls to mitigate them.

Gain the skills to assess the security posture of a telecommunications infrastructure and make management recommendations.

Apply security principles and best practices to a telecommunications infrastructure.

3

The Big PictureElements of the

telecommunications infrastructure.

Some risks that impact the infrastructure.

4

Telecommunication primerTelecommunication: telephone-based communication across

different parties using either PSTN or VoIP technologies. Traditional telephone communication occurs via the Public

Switched Telephone Network (PSTN). PSTN involves transmitting analog voice signals over

copper wires to a local station where it is digitized and sent on a dedicated network to its destination end node.

VoIP is newer technology that involves the digitized voice via small packets over shared network.

Vendors that provide PSTN includes AT&T, Qwest. VoIP providers include companies like Vonage.

5

Telecommunication primer

Telecommunication: PSTN components include the following:

End nodes are your basic telephones (for people), modems (for computers), telephony cards (for AVRs).

Phone switches are equipment where a dedicated channel between various callers and receivers is established.

Transmission media typically includes copper wire between end nodes and local phone switch and digital/fiber connections between various switches.

Signaling system that provides call control (connecting / disconnecting callers, determining best route etc.)

6

Telecommunication primerTelecommunication: Need for phone switches Connecting phones to every other phone is untenable. For

e.g., 10,000 phones need ~50M connections (n*(n-1)/2). Phone switches solve this problem by acting as a central

hub which connects to all phones. 10,000 phones need 10,000 connections (n).

7

Telecommunication primer

Telecommunication: Function of phone switches

Phone switches act as a broker by opening a dedicated circuit when a caller request for it.

Number of circuits are determined by Earlang equations.

Different categories of phone switches: Private Branch Exchange (PBX): is a privately owned switch

Central Office (CO) is a phone company owned switch that interfaces with end users phones.

Tandem switches: large scale switches that interface to various COs and other tandem switches.

8

Telecommunication primer

Telecommunication: Hierarchy of phone switches

Phones connect to CO switch via local loop.

CO switch connects to tandem switch via trunk lines.

Tandem switches connect to each other.

9

Telecommunication primer

Telecommunication: Transmission media allow a path for user-to-network and network-to-network communication.

User-to-network communication, from home phone to CO, typically occurs over copper wires in an analog format.

Dual-Tone Multiple Frequency (DTMF) is used to signal CO for a communication channel.

10

Telecommunication primer

Telecommunication: Transmission media allow a path for user-to-network and network-to-network communication.

Network-to-network communication, from switch to switch, typically occurs over fiber in a digital format.

Analog signals are digitized via pulse-code modulation (PCM), combined via time-division multiplexing (TDM) and sent over PSTN.

11

Telecommunication primer

Telecommunication: Transmission media allow a path for user-to-network and network-to-network communication.

Over the PSTN tandem switches carry the signal over the network to the destination CO for delivery to the end node.

12

Telecommunication primer

Telecommunication: Signaling system is needed to build a route among switches and to provide call control.

Before a call is sent over the PSTN, a dedicated path (circuit) has to be setup.

Messages to setup a circuit, tear it down, provide busy tones, etc. need to be passed back and forth (call control).

This signaling is accomplished via an out-of-band network called common channel signal (CCS) network.

SS7 is the current implementation of CCS network.

13

Telecommunication primer

Telecommunication: Signaling system is needed to build a route among switches and to provide call control.

SS7 is a packet switched shared network for signaling (PSTN is a circuit switched dedicated network for transmission of voice signals).

14

Telecommunication primer

Telecommunication: VoIP components include the following:

End nodes are VoIP-enabled telephones. They could be like regular phones (hardphones) or be softphones.

Call processors – also known as softswitches – that setup calls, translate phone numbers into IP addresses, do signaling, authorize users, etc.

Media processors that broker transmissions between VoIP and PSTN networks.

Signaling gateways that mediate between signaling on VoIP networks and signaling on PSTN networks.

15

Telecommunication primer

Telecommunication: VoIP networks currently coexist with PSTN networks.

Media processors and signaling gateways bridge the gap between PSTN and VoIP networks.

16

Telecommunication primer

Telecommunication: Advantages of VoIP includes:

Data networks can be reused for voice traffic (convergence).

Enhanced features and functionality compared to PSTN.

Cheaper calls than PSTN networks. Cost doesn’t vary as much by time-of-day or distance.

VoIP allows for location independence – calls follow you.

Allows for efficient use of bandwidth – silence doesn’t consume any bandwidth.

However, quality for VoIP calls still has to catch up with PSTN calls.

17

Telecommunication primer

Telecommunication: Comparison of VoIP vs PSTN:

PSTN VoIP Circuit switching technology Packet switching technology Dedicated circuits for communication Shared bandwidth for communication Fairly proprietary methods/hardware Open standards based protocols/hardware Well-established and very reliable New technology with some reliability concerns More expensive calls Relatively cheaper calls Cost depends on time and distance Costs not as dependent on time and distance Needs separate voice network Can leverage existing data network Low-moderate security concerns Moderate-high security concerns Standardized features and functions Enhanced features and functions available

18

Management concerns

Concerns about telecommunications system security typically include the following:

Maximizing the communication infrastructure availability for employees and customers.

Ensuring the integrity of communications infrastructure.

Keeping up with existing and upcoming telecom scams, toll frauds, social engineering attacks and implementing mitigating controls.

Having an effective backup, recovery, business resumption and a disaster recovery plan.

19

Risks and controls

Remote Access: Feature of PBX that allows long-distance calls to remote users.

Also known as Direct Inward System Access (DISA).

Employees on the road call a toll-free number paid by the company.

The PBX prompts for a passcode and gives a dial tone to make a long-distance call at company’s expense.

20

Risks and controls

Remote access risks:

Phreakers war-dial/dumpster dive/social engineer to identify remote access numbers & crack the passcodes leading to toll-fraud.

Controls:

Disable DISA if not reqd. Else, use strong passcodes.

Don’t make 800 #s readily available.

Disable dial tones on DISA ports to foil war-dialers.

Limit places to which long distance calls can be made.

Analyze the logs to identify toll-fraud.

21

Risks and controls

Maintenance ports: Feature of PBX that allows support personnel to administer various features remotely.

Also known as Remote Administration.

Support personnel and vendors call into the PBX and can administer various PBX features.

The PBX prompts for a passcode before allowing access.

22

Risks and controls

Remote access risks:

Phreakers war-dial/dumpster dive/social engineer to identify maintenance port numbers & crack the passcodes leading to toll-fraud, silent monitoring, call rerouting and deny service.

Controls:

Disable maintenance ports if not reqd. Else, use strong passcodes or stronger authentication means.

Enable intruder lockouts.

Disable dial tones on DISA ports to foil war-dialers.

Analyze the logs to identify intrusion attempts.

23

Risks and controls

Silent monitoring: Feature of PBX that allows a user to listen in on other’s conversations.

Businesses often have a need to silently listen, record, and/or store conversations among users.

Supervisors listen in on conversations to ensure customer service in a call center/telemarketing type environment.

Sometimes calls are recorded and/or stored for liability or compliance reasons (e.g. air traffic controller).

24

Risks and controls

Silent monitoring risks:

Legal ramifications can arise if calls are monitored without reviewing applicable law. Laws vary by state.

Unauthorized monitoring could occur if administrators aren’t diligent.

Controls:

Procure legal consultation before enabling the feature.

Inform callers and employees about the monitoring/ recording practice. Obtain consent forms from latter.

Periodically review the business need for users with the privileges to monitor.

25

Risks and controlsTelecom scams: Several scams usually aimed at toll-fraud,

are prevalent within telecom industry. Shoulder surfing attack includes attackers filming use of

calling cards by callers. Pager/beeper/fax-back scam aims at tricking people

calling into expensive toll-numbers. Operator deceit is a social engineering attempt wherein

callers fool company employees to transfer them the operator and asking the operator to make a long-distance call on behalf of the employee.

Employees can misuse call-forwarding feature by forwarding calls to their home numbers and having their friends call the company toll-free number reach them.

26

Risks and controls

Telecom scam risks:

Toll-fraud.

Controls:

Educate users about these scams and implement technical controls where possible.

Restrict places to where calls can be made.

Log long-distance activity and analyze logs for abuse.

Limit the call forwarding feature.

27

Risks and controls

Voicemail & conferencing systems: Allows for exchanging message exchanges & conducting conference calls.

Often sensitive information is exchanged via voicemails and/or discussed on conference calls.

Security on these systems is often ignored. Passcodes are almost never changed. Recurring conf calls typically have the same passcodes.

Sometimes these systems allow for zero-out options where the caller can reach an operator – leading to an operator deceit scenario.

“Yes-Yes” scam with mailboxes can lead to third-party billing abuse.

28

Risks and controls

Voicemail & conferencing systems risks:

Poor passcodes can lead disclose sensitive information.

Toll-fraud.

Controls:

Ensure strong password & password management.

Educate users and operators about scams.

Disable zero-out and third-party billing options.

Delete unused mailboxes.

29

Risks and controls

VoIP: Technology that involves transmission of digitized voice packets over a shared packet-switched network.

VoIP transmissions are no different that data network transmissions. Hence it suffers from same security issues (see Network security chapter).

VoIP devices are less proprietary in nature (than PSTN devices) and communicate via standard TCP/IP protocols. Hence it is more prone to attacks.

A compromise of data network impacts both computer and telephone traffic.

A compromise of user’s computer could easily impact voice traffic (softphones, web-based voicemail etc.).

30

Risks and controlsVoIP risks: Sniffing attacks could capture transmissions. Calls could be hijacked. DoS attack could disable voice communications.

Controls: Encrypt all VoIP traffic to mitigate sniff risk. Use Virtual LANs to logically segregate VoIP traffic from

the rest of the traffic. Secure operating systems for PCs and VoIP devices. Secure networks via firewalls and Intrusion Detection

Systems.

31

Assurance considerationsAn audit to assess telecommunication security should

include the following:

Evaluate the physical security of telecommunications equipment.

Assess the security pass-through/zero-out features available via the PBX, voicemail systems, and conferencing systems.

Review end user education programs to warn them of various telecommunication scams and social engineering attacks.

Ensure that the DISA and maintenance ports are secured against attacks.

32

Assurance considerations Review the security all servers that allow for VoIP

communications (operating system audit).

Review the security of the network that carries VoIP traffic (network security audit).

Ensure that functional plans for backup and recovery, business resumption, disaster recovery are in place.

33

Recap