More VOIP, More Security: What needs to be done when securing VOIP
VOIP adoption seems to be speeding up, as bandwidth and hardware becomes more affordable and as legacy systems are being displaced. IT professionals are now becoming telecoms experts and in turn needing to pay more attention to VOIP. This move towards an integrated Voice into IT/IS systems has significant security implications that need to be understood so that reasonable counter measures can be implemented. In this article we will cover how to implement a VOIP solution whilst abiding by a security framework, and the challenges that we can expect when implementing VOIP.
As technology moves forward the prices of the solutions drop and more features are bundled with the solutions, the more people and organisations that adopt the solutions the cheaper and easier the solutions are to implement. Unfortunately security takes time to catch up and security is often retrofitted onto the solution as an afterthought. This is true for solutions that incorporate VOIP. For this reason it is important to work with a security framework that secures the implemented solution. Devices today are computationally powerful enough to handle present and future encryption ciphers making encryption a possibility.
Before a user can use the VOIP service they will need to authenticate, and identify themselves to the service. This process seems simple enough but there are some factors that need to be understood and some challenges that need to be overcome. The authentication mechanism should be structured so that firstly the device is identified and authenticated and then the user, this can be achieved by quarantining any device prior the authentication phase. Once the device is identified and authenticated the device can then be logically moved to the production communications VLAN at this point a security policy on the switches can enforce encryption, meaning that any credentials transacted by a user remains in an encrypted thus secure state.
When it comes to authentication, identity management is something that goes hand in hand. Utilising the existing authentication directories like AD or other LDAP type directories is important. This way the existing investment is leveraged and a unified already existing mechanism is used, saving time and improving security, vendors are working hard make this secure.
To address confidentiality, the technical control is encryption; this will ensure that communications are kept secure and that unauthorised users are not able to eves drop on the communications. The complexity manifests when the traffic traverses multiple gateways that are not controlled by your organisation. This is why it is important to leverage a technology that complies with standards and that is easily configurable. This will ensure that the VOIP packet will remain encrypted for the packet's lifetime.
One thing to look out for is expanding the packet size that would result in latency (delays), you can do this by selecting the incorrect encryption type for the mode of transport.
Protocols like RTP, SRTP, ZRTP and MIKEY are common in modern VOIP deployments these protocols are secured using AES encryption (in counter mode).
SIP or Session Information Protocol is quickly being adopted as the preferred VIOP protocol, in early 2005 I wrote an article highlighting how this protocol worked, this can be found at Session Initiation Protocols and its Functions. Using SIP clients, users will be able to create an identity bound to a SIP server, this identity can then be used to log on to the server and use it as a gateway, to route calls both internally and externally. The neat thing is, this can be achieved from anywhere, locally and remotely, making remote working a possibility. Leveraging security mechanisms proposed in the NISC framework IT professionals are able to offer these features to their user base. Users are then able to securely log on, and communicate using SIP clients (soft phones) as if they were based at the office. Vendors like Cisco, Mitel, Avaya and many others have and are developing SIP based solutions.
Key management is always something to pay attention to when dealing with encryption, SRTP lightens the key management overhead as single master key can provide keying material for confidentiality and integrity protection, both for the SRTP stream and the corresponding SRTCP stream. In some instances a single master key can protect several SRTP streams.
New protocols like RSIP (Realm-Specific IP) will help in the future to resolve some of the complexities of NAT/IPsec challenges. IP Next Layer (IPNL) are solutions that provision a clear tunnel between both communicating hosts. This will make future communications more secure, quicker and more efficient.
When looking for a VOIP solution or gateway ensure that the solution you select supports H.323.
Building a secure VOIP network requires insight into VOIP hardware and software; this lends itself to the possibility of compromise. For simplicity's sake it is a lot easier to separate the VOIP network out into its own isolated network only linking the elements of the network to the corporate data network where necessary and through secure means like application layer firewalls. This is to ensure that any soft spots on the VOIP network are not easily exploitable and that strong access control mechanism are in pace to manage the traffic flow between your corporate LAN and your VOIP network.
Network to Network VPNs are essential to ensure that internet work traffic remains secure and that its integrity remains.
Wireless has received a lot of attention where security is concerned, this is with good reason. Encryption of VOIP over wireless is mandatory and without it a compromise is virtually guaranteed. IPSec is a fair countermeasure, when securing wireless. There are projects currently running that focus on VOIP security like Phil Zimmermann's zfone project.
Devices and servers need to be kept physically secure from unauthorised use. Logical security is also important as now the solution lends itself to remote exploitation. Your phone account is a resource like any other and there are already many horror stories of how accounts have been abused by remote exploitation. Because of unified identity management it is important to ensure that your users are changing their passwords on a periodic basis as described in your security policy (administrative control).
Recently on a UK television program it was demonstrated how office phones were modified by scammers so that small wireless cameras could be hidden into them so that the user's credentials could be captured.
Another common attack is that the server is impersonated in order to capture the user's credentials, once this occurs the user is redirected to the legitimate server. The countermeasure to this is that the legitimate server is physically and logically protected and that it needs to authenticate to the user or client software before the user authenticates to it.
Messaging and storage
Often overlooked is the messaging and storage component of any VOIP solution, in previous years a common attack was to log on to someone's voice mail remotely by typing in the default network password 1234 or 0000. This would give you access to voice mail and in fact an element of control is possible remotely with this feature. The countermeasure is force a change of password before the service is used, this will ensure secure operation of the service. The storage can also be attacked, this would typically make the solution vulnerable, this could be achieved both physically and logically and countermeasures need to be implemented to mitigate any attacks.
When considering a VOIP security solution it is vital to comply with existing standards, VOIP technologies are still evolving, security is still being retrofitted and it is not part of the solution, out of the box. If VOIP solutions are properly implemented the end result will be a more secure more reliable efficient, cost effective solution that will be around for years to come.