Access to network services is now more important than ever.The growing avail-ability and maturity of Web services combined with advanced directory integration makes it easier to integrate information systems between business partners.
Companies are moving their applications out from behind the firewall and onto the edges of their networks, where they can participate in dynamic, Internet-based trans-actions with customers and business partners.The network perimeter is becoming impossible to define as Intranets, extranets, business partner connections, VPN (Virtual Private Networks), and other RAS (Remote Access Services) services blur the definition of a trusted internal user; and critical corporate data may be located on handhelds, laptops, phones—anywhere.
VoIP distributes applications and services throughout the network. In a VoIP environment, IP phones (obviously) are distributed throughout the infrastructure as well.These devices incorporate microcontrollers and digital signal processors in order to perform voice compression and decompression, line and acoustic echo cancella-tion, DTMF (Dual Tone, Multi-Frequency—Tone Dial) deteccancella-tion, and network
16 Chapter 1 • Introduction to VoIP Security 372_PRAC_VoIP_01.qxd 2/28/06 2:47 PM Page 16
management and signaling. IP phones are smart, and depending upon the vendor, IP phones act as clients for a number of network protocols.This means that the number of network ingress/egress points will increase, and that processor cycles and
memory—intelligence—are shifted to the logical edge of the network.This is a reversal of the traditional security model, where critical data is centralized, bounded, and protected.
This means that from a strategic viewpoint, converged networks, regardless of whether they are based upon H.323, SIP, or some other protocol, require a new way of thinking about information security (see Figure 1.3).
Figure 1.3The New Security Paradigm
“Trust no one” is an obvious bit of overstatement since every functioning system has to trust someone at some point or it won’t work at all. A more concise (but not as catchy) axiom might be: “Don’t assume you can trust anyone.”The point here is this—Any system administrator, user, or device must be authenticated and autho-rized, regardless of its location, before it is able to access any network resources.
Period.
www.syngress.com
Introduction to VoIP Security • Chapter 1 17
Summary
We have all heard “Consultant-speak.” Many of us practice it as well. I have done my best in this book to stay away from empty, jargon-laden speech, but I am sure that it creeps in at times. Here is my favorite example:
Consultant-speak: VoIP Security is dependent on management of Process.
What this really means: Processes define how individuals perform their duties within an organization. For securing VoIP networks, the processes include proactive ones such as formulation of security policies, identity ver-ification management, hardening of operating systems, firewall deployment and configuration, system backup procedures, and penetration testing; and reactive processes such as log analyses, network monitoring, forensics, and incident response. If a process doesn’t exist (e.g., if a task is performed in an ad hoc fashion), then one should be created.The security policies, pro-cesses, and standard operating procedures (SOPs) that have already proven successful in securing your data networks need to reused and extended.The ones that don’t work should be discarded.
Organizations that deploy or plan to deploy VoIP networks will have to work harder at security than before. Security will cost more and it will require better trained administrators. We are getting to the point in networking where naïve system adminis-tration is not just bad practice, it may also be criminal. Regulations such as Sarbanes-Oxley (SOX), GLBA, and CALEA in the United States, as well as DPEC in Europe, have been interpreted to mean that privacy violations will be treated as a criminal acts.
In Chapter 15, VoIP-related regulatory compliance is discussed in detail.
I’ve said earlier that the purpose of converging voice and data is to save money by running both types of traffic over the same physical infrastructure and to expand the spectrum of applications that can run over this infrastructure. In this architecture, packetized voice is subject to the same networking and security issues that exist on data-only networks. It seems to me that as organizations transition to this contempo-rary architecture there exists an unvocalized assumption: Users who have come to expect and accept short outages and sometimes erratic data network performance will notaccept this same type of performance when it comes to voice communica-tions. Perhaps this is true, or perhaps not. Cellular telephony come to mind here.
Traditional telephone systems have an excellent track record for reliability, and most people never question whether they will receive a dial tone when they pick up the receiver on their handsets. Contrast this with the reliability of most traditional IP
18 Chapter 1 • Introduction to VoIP Security 372_PRAC_VoIP_01.qxd 2/28/06 2:47 PM Page 18
networks.These same people who would never question the reliability of their tele-phone systems are accustomed to IP network outages and outages of systems that connect to the IP network. In a converged network, the loss of availability of the underlying IP network or the loss of availability of the IP telephony equipment (call management and adjunct servers) means the loss of availability of the telephone system.
Many organizations have reasonably well-secured logical perimeters (in so far as they can define those perimeters); however, their overall security environment offers no real defense in depth. Ideally, an enterprise network should offer multiple layers of defense—an intruder who manages to bypass one layer should then be confronted with additional layers, thereby denying the intruder quick access. On most of these networks, an unauthorized user who manages to bypass the logical (and/or physical) perimeter security controls has essentially unlimited access to all of internal assets on the internal IP network.
Authorized users are also assumed trustworthy; they have essentially unlimited access to all assets on the network as well.The lack of network-level security con-trols on the internal IP network exacerbates the risk of either malicious or accidental network activity, including propagation of worms and viruses.
Most people associate security attacks with the image of the lone hacker, a highly intelligent and motivated individual who attempts to penetrate an organiza-tion’s IT infrastructure using a public network such as the Internet. Although remote unauthorized users do pose some risk to an organization’s IT assets, the most signifi-cant IT-related risk to most enterprise organizations is potential financial loss due to direct or collateral damage from a worm or virus.
This point cannot be emphasized enough.The introduction of VoIP into an organization’s IP network exacerbates the potential financial losses from a virus or worm outbreak.
The key to securing these networks—as we will see throughout this book—
is to:
1. Communicate and enforce security policies.
2. Practice rigorous physical security.
3. Verify user identities.
4. Actively monitor logs, firewalls, and IDSes (Intrusion Detection Systems).
5. Logically segregate data and voice traffic.
6. Harden operating systems.
7. Encrypt whenever and wherever you can.
www.syngress.com
Introduction to VoIP Security • Chapter 1 19