Secure VoIP – an achievable goal

By | May 3, 2006

Of course there are a number of ways that theft of service attacks can be carried out on PSTN lines – unauthorised access to physical premises, and modifying call routing software to enable dial-through fraud are just two examples.

But with VoIP, opportunities for people to use phone services without permission can also result from inadequate network security, the connection of devices to a network without permission, and infection of IP phones and softphones by software that modifies their behaviour. And because the number of the phone is often defined when the user logs in, it is also possible to use stolen user identification details to charge calls to someone else’s account.

Basic security measures are once again essential: limiting entry to premises, closely guarding log-on details and installing anti-virus solutions to stop malware infecting IP phones. Strong authentication solutions coupled with device identification measures will help prevent unauthorised access. Challenge-response based client authentication – a cryptographic process that proves the identity of a user logging onto the network – can also ensure that only authorised personnel are able to use the phone system.

Telephone fraud

Telephone fraudsters make money by manipulating phone usage and/or billing systems.

As with conventional phone systems, opportunities exist for criminals to make money from users calling premium rate services. The principal difference is that, because VoIP is a computer technology, such services can be dialled automatically.

For example, an application received in a spam email, or inadvertently downloaded from the web, can install itself on a softphone – and then direct the phone to call premium rate numbers without the user being aware.

Alternatively, devices could be attached to an organisation’s network without permissions that then make frequent or prolonged calls to premium rate numbers. Such devices could exploit weaknesses in wireless security policy or could be planted by disgruntled employees or even cleaning and maintenance staff who have access to the office out of hours.

As with theft of service, VoIP call servers can be configured to reduce the opportunity for dial-through fraud. For example, phones on private networks can be given access only to selected number ranges relevant to the jobs of the users involved. Calls to premium rate and international numbers would normally be barred by default, and the call server can be set to ensure that phones that auto-register and are automatically given an IP number are only given access to numbers within the organisation concerned and the emergency services. Generally, an option also exists to disable the auto-register facility completely.

Software can also be used to report unusual calling patterns from ‘legitimate’ phones, drawing attention to any that might be running rogue dialler software.

To prevent fraudsters hacking into billing systems and adjusting records in their favour, conventional IT security measures can be applied.

Nuisance calls

SPIT – or Spam over IP Telephony – can be thought of as a new and potentially more disruptive way for people to make nuisance calls.

Because VoIP is a data service, the rate at which voice messages can be sent isn’t limited by the number of lines the caller has available, or the rate at which numbers can be dialled.

Instead, an audio file could be uploaded to a computer and sent to a list of target IP addresses in much the same way that email spam is sent to people’s inboxes. Depending on the performance of the computer and the capacity of its network connection, thousands of calls could be made every few minutes.

These might simply promote products and services that recipients don’t want or they could have a more malicious intent.

While not yet a major problem, SPIT has the potential to become an increasing irritation as IP telephony becomes more commonplace. Solutions similar to those used to remove spam messages from email inboxes will be required to prevent SPIT reaching its target.

Eavesdropping

The aim of eavesdropping is to listen in on calls or otherwise acquire confidential information.

One of the techniques that eavesdroppers can use is Voice over Misconfigured Internet Telephony, or VOMIT as the acronym-loving world of telephony delights in calling it. IP telephony packets are captured by a monitoring device connected to the network and are subsequently reassembled into WAV, MP3 or alternative audio files.

The technique can be used for legitimate purposes – to assist in debugging, for example – but also enables eavesdropping. The reassembled files can be collected later, emailed or otherwise sent on to the eavesdropper.

This problem occurs only where voice and data calls share the same logical network – for example in the public internet – and where physical access is available to eavesdroppers.

It can be addressed using a combination of logical separation of voice and data networks, and physical security measures. Management and signalling traffic, as well as the voice and data being transferred, can also be encrypted by a combination of secure socket layer (SSL), transport layer security (TLS), IPSec, and secure shell (SSH) authentication to protect sensitive data further.

Misrepresentation

The last of the major VoIP challenges is using misrepresentation to trick someone into taking action that enables theft or fraud – rather like social engineering techniques used by today’s spammers, hackers, phishers and fraudsters

Phishing attacks on VoIP networks involve attackers faking the number of the phone they are using, making it look as though a legitimate organisation is making the call. This increases the chance that the person on the receiving end will give away confidential information. However, anti-spoofing packet filters in the network will help prevent hackers or spammers hiding behind acceptable addresses.

Alternatively, a technique called ‘call sink-holing’ modifies network behaviour and, in addition to its legitimate uses, can be used to redirect calls to an impostor. This makes it essential for those operating VoIP systems to secure them effectively, limiting the ability to modify their configuration to appropriately authorised individuals.

Networks for the 21st century

Over the coming years, operators will be using IP networks to replace their current public switched telephone networks and older types of data networks. As a result, VoIP will eventually become the dominant – and potentially the only – way of providing public phone services.

These new networks will, however, be more like the current converged corporate voice and data systems than the pubic internet. The available capacity will be split to create a number of logically-separate networks that will carry different types of traffic. Phone calls will therefore be kept separate from other types of transmission, notably internet traffic.

The way in which networks operated by different companies will be interconnected is yet to be fully defined but what is sure is that these new public phone networks will, in effect, be private. Each one will be owned and operated by a single company and will give assurance that the highest possible levels of security are being provided.

In the meantime, users of VoIP need to ensure they have a robust, resilient and effective security policy and appropriate precautions in place. The good news is that as VoIP is becoming more widely available, so are the tools to protect it.

Leave a Reply