Voippresentation

VOIP (voice on internet protocol) Security Threats in VOIP

CONTENTS

Introduction

Vulnerabilities

VoIP Security Tools

Conclusion

Introduction

What Is IP Telephony

VoIP Phone

Working of VoIP

Protocols in IP Telephony

IP Telephony IP telephony is a technology in which IP networks are being used as the medium to transmit voice traffic.

Voice over IP (VoIP) Describes an IP telephony deployment where the IP network used as the medium to transmit voice traffic is a managed IP network.

Voice on the Net (VON) Describes an IP telephony deployment where the IP network used as the medium to transmit voice traffic is the Internet.

Working of VoIP PhoneVoIP Phone Requires broadband internet access and regular house phones which plug into an analog telephone adapter (ATA).

Working of VoIP works by the two-way transmission of voice over a packet-switched IP network

EquipmentsVoIP phonecall server gateway.

Protocols in IP Telephony Signaling protocols

perform session management and are responsible for

Locating a user

Session establishment

Session setup negotiation

Modifying a session

Tearing down a session

H.323 Standard

Session Initiation Protocol (SIP)

VulnerabilitiesConfidentiality Refers to the protection of data from being read by an unauthorized user.

Integrity Includes the unauthorized modification or deletion of voice/data content.

Availability Storage and transportation facilities for an information system are accessible to authorized users

ConfidentialityData Link Layer

Network Layer

Transport Layer

Application Layer

Address Resolution Protocol

Address Spoofing Identifying IP Address of the Phone

Real Time Protocol

MAC Address Spoofing

Integrity

Network Interface Layer

Network Layer

Transport Layer

Application Layer

Replay Attack

Availability Bandwidth consumption Comprise of flooding the network with a specific type of traffic.

Resource Starvation attacks Flood a device (opposed to links in a bandwidth consumption attack).

Routing Attacks Involve manipulating routing information or protocols in order to intercept / interrupt legitimate traffic.

Programming Flaws Unintended bugs in software that can be exploited by other user in order to gain access to a system .

VoIP Security Tools

VoIP systems become more prevalent and risk grows, network engineers need to make sure the proper precautions are taken to prevent security breaches.

Some testing tools

SiVuS c07-sip

SiVuS First publicly available vulnerability scanner for VoIP networks.

SIP Message generator

Used to test issues or generate demonstration attacks

SIP component discovery

Useful for identifying targets for analysis.

SIP vulnerability scanner

Used to verify the robustness and security of SIP phones, proxy servers and registrar servers .

Strengths

Windows-based GUI design

Reports are generated in an easy to read html page

Checks both the robustness and the presence of security features

Weaknesses

Lack of information

SIP device failed to locate the Asterisk server

Issues arose on required SiVuS to be restarted.

authentication were found to report inaccurate results.

Running the test cases repeatedly fails to find a target on the first attempt

ConclusionNone of the security tools evaluated were significantly effective for mitigating security risks in SIP-based VoIP networks

Early stages of adoption, attacks have been either largely unheard of or undetected

Particularly important to prevent DoS attacks

All tools today are still under heavy development and will no doubt evolve as VoIP adoption increases

VoIP specific security tools should play an important role in securing systems.

References

B. Charney, "VoIP threats 'must be dealt with now,'“ CNET News.com, 8 Feb. 2005; J. E. Canavan, Fundamentals of Network Security, Boston: Artech House, 2001 L.N.Vikram,Web Design And Multimedia Applications 4th Edition, Pearson Educations Sikinder S.R.R.C, Voice On Internet Protocol A Basic Approach, Charles House,2007 www.wikipedia.org.in www.google.com Digit magazine