VoIP Security – Basic Threats and Action Plan

The enterprise voice and trading communications ecosystems are moving inexorably from the seemingly closed and thus secure world of digital, time-division-multiplexing (TDM) to the open, threat-laden domain of Internet Protocol (IP)-based communications. Whereas privacy and security were essentially a given in the TDM world this is not the case with VoIP. And there is  no industry which depends more on  private and secure networks than financial markets where trillions of dollars worth of transactions flow through the ether on any given day.

In a recent entry we took a topical look at the VoIP security landscape and offered a pair of links to articles that aimed to give the reader a high-level understanding of the inherent vulnerabilities of Session Initiated Protocol (SIP) as well as a checklist to diagnose areas of vulnerability in a VoIP environment.

Today we are going to dig a little deeper into the subject by outlining the basic elements surrounding VoIP security, areas of concern and a checklist of best practicies.

Let’s start with a link to a white paper that endeavors to comprehensively define the various security and privacy threats to VoIP deployments, services and end users:  http://www.voipsa.org/Activities/VOIPSA_Threat_Taxonomy_0.1.pdf. The other goal this paper is equally important, to provide a definition of VoIP security and to make it something that is measurable and actionable.

Armed with this background we can now develop a list of common threats and summarize how best to minimize them:

VoIP Risk Action
Application-level attack Use Application Layer Gateway (ALG) and Intrusion & Detection Prevention (IDP) System
DDoS, Virus, Worm
  • Establish policy-based security zones
  • Deploy application-aware IDP
  • Maintain current patch levels
  • Install (and update) anti-virus software
  • Isolate voice traffic on VLAN
Eavesdropping Isolate VoIP traffic on VPN and use encryption
Protocol-targeted attack, SPIT Use Application Layer Gateway (ALG) and Intrusion & Detection Prevention (IDP) System
Unauthorized monitoring/spoofing Deploy strong authentication, authorization tools and IPSec

 

It might be worth noting at this point that this list comprises threats from outside of the enterprise. There is equal or greater potential threats residing inside your enterprise in the form of malicious or unintended employee (or employees at vendor partners) actions that can result in compromised security. These threats can only be mitigated by: education, a strong security policy, limitation of access rights and perhaps deterrence through surveillance.

Finally, in many firms the “IT Staff” may be a single person or even an outside contractor. Without resident security expertise it is critical to be in regular contact with the security resources of your vendors and service providers and establish a continuing security dialogue with them.

In the next part of our security series we will review specific elements and tools and their roles in the network security fabric including: firewalls, VPN, encryption, session border controllers and SIParators.

Tags »

Author:
Date: Friday, 11. November 2011 8:34
Trackback: Trackback-URL Category: Security

Feed for the post RSS 2.0 Comments and Pings are closed.

Comments are close