SecureLogix is releasing this suite of custom VoIP security assessment tools because we know that the security of your VoIP deployment, and indeed, your entire voice network, is of paramount importance to the integrity of your business-critical communications, systems, and applications, and to the security of your data network and the data on it. The first step to securing your voice network is identifying the vulnerabilities to which it is exposed.
These tools can be used to assess susceptibility to a wide variety of SIP threats, including Denial-of-Service (DoS) and Man-in-the-Middle attacks, eavesdropping, audio insertion and deletion, and even call teardown.
These new VoIP security assessment tools compliment the companyâ€™s voice network security scanner that identifies modem vulnerabilities in traditional circuit-switched networks, also available for free download from the SecureLogix website. Almost all organizations deploying VoIP maintain a significant amount of legacy voice infrastructure, especially at the voice network edge where it connects to long distance service providers. The combination of these VoIP and legacy scanning tools provides a comprehensive approach to identifying critical voice security vulnerabilities across an organizationâ€™s entire mix of VoIP and legacy infrastructure and systems. This full voice network security approach is unique to SecureLogix.
The set includes all of the tools released with the publication of the book Hacking Exposed: VoIP, (McGraw Hill, 2006), which SecureLogix CTO Mark Collier co-authored. The operation of many of the tools is explained in the book. The set also includes a number of other tools SecureLogix developed while completing publicly funded research into current and future threats to VoIP systems, protocols and application services.
Obviously, these tools cannot protect your network from the vulnerabilities they identify. They can only highlight the issues, providing important real-world data you can use to illuminate the risks and justify the need for a voice and VoIP-aware voice firewall and IPS system, such as the ETMÂ® System from SecureLogix.
Why Does SecureLogix Provide These VoIP Assessment Tools?
Because we have an opportunity to provide you with free tools to begin understanding some of the VoIP security threats to your operations. And we stand ready to assist you when you are ready to fully identify and solve the larger number of telephony security issues you and your organization face today and throughout migration to VoIP.
VoIP Vulnerabilities an Emerging Threat
As enterprises migrate from a pure TDM telephony infrastructure to include some mix of VoIP in their voice networks, they and their integrators are unfortunately not making security a major consideration during VoIP deployment. This is because, while the application is complex and vulnerabilities do exist, the real threat is still developing and very few real-world, well-publicized attacks have occurred. The primary reasons for attacking a VoIP system remain the same as they have been for traditional systems—namely, to steal service (toll fraud), harass users, or listen in on conversations or voice mail. VoIP does make some attacks much easier, such as Denial of Service (DoS) and other disruption of service attacks. But VoIP is a relatively uncommon application and not yet a frequent target of attack. Enterprises generally don’t invest in security until a threat has proven to be an issue.
VoIP is also primarily an internal application right now. Enterprises are upgrading or replacing their PBXs, upgrading or replacing applications such as contact centers, adding VoIP phones, using VoIP over the WAN, and even extending it out to teleworkers via a Virtual Private Network (VPN). Enterprises are not yet exchanging VoIP with other enterprises via a public network. Service providers are beginning to offer Session Initiation Protocol (SIP) trunks, but less than 1% of the enterprise voice access in the United States is SIP or VoIP. A VoIP attack must therefore originate inside of the network. This leads many enterprises to erroneously view VoIP as secure, because it is inside their perimeter—they have the opinion that “if an attacker gets inside my network, voice is the least of my concerns.” Of course, a capable attacker can gain entry to the network through a variety of means, including insider access, delivered malware, non-secure wireless/modems, and exploits of semi-public devices like lobby VoIP phones.
Common vulnerabilities in VoIP deployments, which these VoIP assessment tools can identify, include:
- Denial-of-Service (DoS) attacks—The greatest vulnerability in VoIP deployments is DoS in its various forms. A DoS attack results in degraded performance, total loss of performance, or in some cases, a system crash and reboot. Because DoS attacks can be so disruptive, and due to the large number of available, free tools, they are definitely the most significant vulnerability in enterprise VoIP deployments.
- Non-secure Administrative Interfaces and Default Passwords—Non-secure administrative services, such as telnet and proprietary applications that communicate in the clear, are still used on some IP PBXs. Since these network-based access protocols do not encrypt traffic, an attacker sniffing the network can retrieve usernames and passwords.
- Trivial File Transfer Protocol (TFTP)—TFTP is ubiquitously used to download firmware and configuration files to VoIP phones during initialization. More secure alternatives exist. TFTP has no security. The files are downloaded in the clear and no username or password is required to download files from a TFTP server. If you know the IP address of the TFTP server, which you can learn by scanning or sniffing during initialization of a VoIP phone, you can download any file you know the name for. Since TFTP configuration files are downloaded in the clear, they are possible to sniff. Configuration files contain a lot of useful information, including, for some vendors, the VoIP phone password.
- Simple Network Management Protocol (SNMP)—SNMP is a common protocol used to manage network hosts/devices. SNMP is often enabled by default and shipped with well-known passwords (known as community strings), including the popular “public” string. In most VoIP deployments, these defaults are left. By using free tools available on the Internet, an attacker can query an SNMP-enabled host and gather information that can be used for later attacks.
- Traditional System Attacks and Issues—Traditional system attacks and issues continue to affect both legacy voice and VoIP networks. These issues include unauthorized modems, poorly secured authorized administrative modems, toll fraud, and abusive calling patterns. Whether or not VoIP is used, industry experts say most enterprises have users who dial ISPs with modems so they can access the Internet without being monitored. Enterprises also continue to use authorized but poorly secured modems, especially into PBXs, for out-of-hand maintenance and management. Toll fraud continues to be an issue and, as described above, can actually be worse when VoIP is involved. Finally, abusive calling patterns, such as fax SPAM, harassing callers (who spoof their caller ID), phishing, etc., remain issues for enterprises.
Complete the VoIP Tool Set Registration.