With the huge number of potential threats and vulnerabilities, will VoIP users soon find themselves plagued by service interruptions and eavesdropping? To date, there have been no devastating, widely publicized attacks on enterprise VoIP systems. Why? Vendors and analysts offer several valid reasons.
Most newer enterprise VoIP solutions are closed systems in which packetized voice is running across the LAN only, and most external traffic is running across the PSTN via a gateway. “If you’re running VoIP on the LAN only, it’s relatively easy to get toll quality and maintain security,” says David Fraley, director of Federal Practice at Gartner. Interoffice traffic is normally running on a protected office-to-office connection, so in many cases securing internal VoIP means hardening your call servers, switches and gateways and protecting them with the right kinds of firewalls and IPS.
Vendors also recommend separating voice from data traffic on the LAN to protect it from malware, eavesdropping, and DoS attacks. Building a separate infrastructure for voice negates the cost benefits of VoIP. However, much of the same kind of protection comes with the 802.1Q features of your switches to put voice and data on separate VLANs, and protecting the intersection points between voice and data VLANs, such as the messaging server, with a voice-aware firewall and/or an IPS.
In fact, VoIP vendors and security experts say it’s best to avoid softphones — phone software that runs on a PC — in favour of IP telephony handsets because softphones make it almost impossible to separate voice from data. Assigning an IP handset’s IP address to its MAC (media access control) address is a good way to help thwart IP address spoofing. Several solutions use digital certificates for device and server authentication, and you can require passwords or PINs to access handsets. Key is encrypting voice-signaling data, VoIP management interactions and, in high security environments, even voice streams.
These arguments make a lot of sense today, but what about tomorrow? “At the end of the day, enterprises want to use VoIP to capitalize on international call cost-savings,” says Andrew Graydon, vice-president of technology at BorderWare Technologies. That means replacing PRIs and other PSTN trunking with VoIP trunks in order to route calls to a gateway closer to your international call destination. “As soon as the enterprise opens up VoIP to the Internet, it puts a potentially huge security hole in the network,” Graydon says. Essentially the days of closed corporate VoIP systems are over. He also points out that telcos are changing their internal infrastructure from PSTN over copper to IP over fiber to cut their own costs, and moving to IP-based peering connections with other providers.
Mark Collier, CEO of SecureLogix, agrees. “Once MCI gets 1,000 customers on their VoIP network it will be considerably more difficult to control security threats,” he says.
Skeptics point out that avoiding softphones and keeping voice separate from data is unrealistic. “The interconnection between voice and data is where all those cool converged applications will evolve over time,” says Collier.
Skeptics also point out that many of the security measures suggested by VoIP vendors are neither especially practical nor widely used. “Sure you can implement voice and signaling encryption and strong authentication, but they’re a pain in the butt to configure,” says Collier.
Brian Ham, CTO of Sentegrity, an IT security provider, observes that current key exchange standards such as the Diffie Hellman key agreement protocol don’t scale well for widespread VoIP authentication and encryption: “If you look at forums, bulletin boards, and industry leaders, everyone is asking, ‘How can we do proper key exchange?’ ” Sentegrity offers its own lightweight key exchange product.
Just because there haven’t been any widely publicized attacks on IP telephony yet doesn’t mean they aren’t happening. BorderWare has made it known that call centres and financial insitutions have already come under attack, but officials there are not about to name names.
“Typically you don’t see widespread threats until a technology is widely deployed and tools are made available to the masses to automate attacks,” says Collier.
David Endler, chairman of the VoIP Security Alliance, agrees: “As applications are more widely deployed, they become sexier targets.” VoIP security vendors such as BorderWare, SecureLogix, and even TippingPoint are offering specialized VoIP firewalls and IPS that target the application layer exploits that are likely to affect VoIP down the road.
Ultimately, VoIP may start to suffer the same types of invasions that plague e-mail, instant messaging, and other types of PC communications. The good news is that VoIP and security vendors are jumping on the problems early. “There’s no question that VoIP security options are getting better very quickly,” says Richard Kuhn, a security specialist at the U.S. Institute of Standards and Technology, adding that the benefits of converged voice-data applications are so great that it’s unlikely security issues will thwart deployment.
“The idea behind VoIP is too brilliant. Once some of the bugs are worked out, it’s pretty much a slam dunk,” says James Largotta, CEO of Sentegrity.