The paper mainly covers a general overview of VoIP security issues for both commercial and agency users. It also outlines the basic steps needed to secure an organizations VoIP network. The security considerations of VoIP networks for Public Switched Telephone Networks (PSTN) are not within the scope of this study since they require much broader coverage.
The primary goal of this research paper is to provide a basic guideline in order to understand existing capabilities of VoIP and identify various security gaps. It also addresses the various threats and vulnerabilities in VoIP systems and poses several recommendations.
Voice over Internet Protocol (VoIP) refers to a set of hardware, software and standards that allow transmission of voice over a packet switched IP network. It is an important emerging trend in telecommunications. As a new technology VoIP faces various security issues. The VoIP architecture is different from that of conventional circuit based telephony and while it may be cheaper and more flexible, VoIP should be installed with careful consideration of the security issues introduced.
VoIP Security Issues:
VoIP systems include telephone handsets, mobile and conferencing units. Apart from these end-user components, VoIP systems also include call processors, routers, firewalls, gateways and protocols. While most of these components are similar to those used in data networks, VoIP performance demands require that software and hardware equipment be supplemented by special VoIP components. Critical services such as Emergency 911 services must also be incorporated.
Administrators, especially those new to VoIP, may have the assumption that since digitized voice is transmitted in packets, they can plug in VoIP components on already installed network architectures. However, VoIP introduces new challenges to existing network technologies and introduces new security concerns.
The Quality of Service (QoS) is crucial to for VoIP network operations to meet the required user standards. However, implementation of various security measures may cause significant QoS deterioration. Complications range from router and firewall delays, call-block set ups, delay variations and latency caused by encryption. Time is critical for VoIP and its low tolerance for packet loss and disruption disqualifies most security measures implemented in conventional data networks. Special VoIP components that meet QoS standards use one of two standards, Session Initiation Protocol (SIP) and H.323, or a proprietary protocol. SIP seems to be more popular and while none of these protocols have dominated the market yet, it is usually sensible to incorporate components supporting both. Two more standards can be used in addition to H.323 and SIP and these are Megaco/H.248 and media gateway control protocol (MGCP) which are useful when making large deployments needed for gateway decomposition. They can also be used to implement non-intelligent terminals, similar to phones connected to a PBX using the stimulus protocol or to ease media gateway message handling.
For successful operation, packet networks rely on various configurable parameters: MAC and IP, which are physical addresses of routers, voice terminals, firewalls, VoIP call managers and other call placing and routing software. Most of these network parameters are dynamically established when network components and VoIP telephones are added to a network or restarted. This wide array of configurable parameters provides an equally wide array of potential vulnerable points of attack.
Firewalls are usually the first defense lines against potential attackers and they work by blocking traffic that is considered intrusive, invasive or malicious. Acceptable traffic is determined by a set of firewall rules programmed by the network administrator into a firewall. Introduction of VoIP firewalls complicates VoIP operations such as call set-up procedures and port trafficking.
Network Address Translation (NAT) is handy tool for hiding internal network addresses and enabling the sharing of an external IP address by several LAN endpoints. The tool is quite powerful, but several issues arise when call attempts are into the network and also during voice data transmission such as IPsec compatibility issues. Although NAT usage may reduce with the introduction of IPv6, it will still remain a common network feature for years and thus VoIP systems must adapt to NAT complexities.
Gateways, firewalls and similar devices can be used to fend off intruders but in the case of an internal hacker, firewalls have no defense and thus another defense layer is necessary to protect voice traffic at protocol level. In VoIP, just like in data networks, this is easily accomplished by packet encryption at IP level using IPsec or application level using secure RTP, real-time transport protocol (RFC 3550). However, excessive latency in the VoIP packet delivery may occur due to packet size expansion, lack of QoS urgency in the cryptography engine and ciphering latency. The result is degradation of voice quality which highlights the quality versus security trade off hence the need for speed.
VoIP is an emerging technology and therefore developing a complete and mature simulation of how a worldwide VoIP network would look like in future is a difficult task. The emergence of SIP has shown the ability of new protocol designs and technological changes to cause radical changes in VoIP. Although the protocols and architectures to choose from are currently many and variant, there is optimism that a common standard will emerge. Unless there emerges a widely used and open standard, VoIP solutions will include various proprietary elements limiting future choices of enterprises.
Most commonly used competing standards are H.323 and SIP, and while observers postulate on the probability of SIP gaining dominance, major vendors are increasing their investments on developing SIP compliant products. Products supporting Instant Messaging are also being incorporated with a SIP extension standard i.e. SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE). Until a particular standard becomes dominant, organizations using VoIP should consider gateways, routers and other components supporting both SIP and H.323. This strategy will help ensure stable and robust VoIP networks for years to come independent of the prevailing protocol.
The design, deployment and securing of a VoIP network is a complex effort requiring careful preparation. Integration of a VoIP system into a congested and overburdened network can create serious security and performance problems for an enterprise. In short, there is no ‘one stop’ solution to all issues discussed above and thus the best bet is for an organization to study its network layout and find out the best fitting solution without leaving potential security loop holes.
The American National Institute of Technology recommends several VoIP deployment and security guidelines with practical cost and legal requirements considerations which may require organizational adjustments.
- Develop the appropriate network architecture: This includes logical data and voice network separation if feasible. Different subnets having separate RFC 1918 address blocks should be applied for data and voice traffic, each having separate DHCP servers to easily incorporate VoIP firewall protection and intrusion detection. The voice gateway interfacing with the PSTN should disallow all VoIP protocols such as SIP from the data network while access control and strong authentication should be used on the voice gateway system. The architecture should also have a mechanism for allowing VoIP traffic through firewalls to improve QoS e.g. by use of Session Border Controllers and application level gateways (ALGs). The use of state packet filtering to track connect connection status and denying packets not part of the original call may prevent rogue packets from intruding the system. The use of Secure Shell (SSH) or IPsec for all auditing and remote access is advised.
If performance becomes an issue while tweaking security, the use of encryption at the router or gateways is advised to provide for IPsec tunneling. This ensures the burden of encryption is lessened on the VoIP terminals and placed at a central point and all VoIP traffic from the point is encrypted.
- Ensure the organization has thoroughly assessed and can acceptably manage and mitigate the risks posed to their information, operations and continuity of crucial operations when deploying VoIP systems.
- Physical controls are important and should be deployed accordingly. These include physical security measures such as barriers, access control and authentication systems and locks to prevent insertion of physical network sniffers and monitoring devices into VoIP servers, gateways and other devices.
- Evaluate power backup costs to ensure continued operation even during power outages. This serves as protection of VoIP components from physical access, vandalism or theft.
- Installation of VoIP firewalls and other appropriate security mechanisms. Organizations should activate, use and continuously test security features included in VoIP systems and update when necessary.
- If feasible, ‘softphone’ systems implementing VoIP using an ordinary PC and headset with special software should be avoided where privacy and security are a concern. This is because computers are susceptible to various malware especially when connected over the internet and thus information may be compromised if users visit a malicious website or their PC is remotely accessed by an attacker using malware.
- Where wireless units are to be incorporated into the VoIP system, products that implement Wi-Fi Protected Access (WPA) should be used rather than the Project 802.11 Wired Equivalent Privacy (WEP). This is because WPA is significantly more secure and easily aids integration of VoIP with wireless technology.
- Careful review of all statutory requirements that regard record retention and information privacy with competent legal advisors. This is because laws exist governing the monitoring and interception of VoIP lines.
About.com Voice Over IP (n.d.). Security Issues. [online] Retrieved from: http://VoIP.about.com/od/security/Security_Issues.htm [Accessed: 16 Apr 2013].
Eandt.theiet.org (2011). VoIP: voicing security concerns - E & T Magazine. [online] Retrieved from: http://eandt.theiet.org/magazine/2011/07/voicing-security-concerns.cfm [Accessed: 16 Apr 2013].
Greene, T. (1996). VoIP requires strict attention to security best practices. [online] Retrieved from: http://www.networkworld.com/news/2007/081607-VoIP-security-best-practices.html [Accessed: 16 Apr 2013].
Kuhn, D. et al. (2005). Security Considerations for Voice Over IP Systems. [e-book] Gaitherburg: National Institute of Standards and Technology. Available through: National Institute of Standards and Technology http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf [Accessed: 15th Apr 2013].
PCWorld (2013). Is VoIP Secure? | PCWorld. [online] Retrieved from: http://www.pcworld.com/article/221118/is_void_secure.html [Accessed: 16 Apr 2013].
Sans.org (n.d.). Untitled. [online] Retrieved from: http://www.sans.org/rr/whitepapers/VoIP/1452.php [Accessed: 16 Apr 2013].
Symantec.com (2004). Voice over IP Security | Symantec Connect Community. [online] Retrieved from: http://www.symantec.com/connect/articles/voice-over-ip-security [Accessed: 16 Apr 2013].
VoIP-info.org (2013). VoIP Security - VoIP-info.org. [online] Retrieved from: http://www.VoIP-info.org/wiki/view/VoIP+Security [Accessed: 16 Apr 2013].
VoIP-info.org (2013). SIP security - VoIP-info.org. [online] Retrieved from: http://www.VoIP-info.org/wiki/view/SIP+security [Accessed: 16 Apr 2013].