VoIP Security: The Basics

In my previous post I gave a brief overview of VoIP and how it can add tremendous value to an organization by reducing communication costs. This article talks about the various security related issues that needs to be addressed in any VoIP implementation. It would be a gross mistake on the part of administrators to assume that VoIP, being just another IP-based application, can be simply plugged into their already secure networks and remain secure. Due to its real-time nature and low tolerance for network disruptions and packet loss, many security measures deemed suitable for traditional IP-based applications are no longer applicable for VoIP.   VoIP implementation needs to address Confidentiality, Integrity, and Availability requirements that are relevant to this new technology.

Before implementing any VoIP initiative it is paramount that an organization conducts a comprehensive risk assessment and has a concrete plan to mitigate every major risk highlighted. These risks include (but are not limited to) administrators level of knowledge and training in VoIP technology, maturity and quality of existing security practices, controls, policies, and architecture.

Firewall

Firewalls are a de facto in today’s IP networks and form the first line of defense. Whether protecting a LAN, WAN, or a DMZ firewalls perform the basic operations of blocking traffic deemed to be malicious, intrusive, or invasive. Network Address Translation (NAT) is an additional tool deployed on the firewall that can enable internal endpoints to use the same external IP addresses. Virtual Private Network (VPN) further strengthens firewall security providing legitimate external users with an encrypted point-to-point connection making them a part of the internal network. Although firewalls offer strong resistance to external threats, they offer no defense against internal hackers.

Network Architecture

VoIP contributes heavy voice traffic to the existing data traffic, hence requires careful planning of the overall network architecture. It is widely recommended to separate voice and data traffic on logically different networks (vLan). However this might not always be feasible since it may require expensive upgrade of the network in terms of switches that support multiple vlans or laying new network cables. In any case consideration must be given to the expected volume of voice and data traffic and understand how this can be supported on the existing network.

Password Control

Needless to say that all default system (PBX and Operating System) passwords need to be replaced with strong passwords. This simple yet often overlooked measure can leave the most critical elements of the VoIP system vulnerable to attacks. Every voice terminal (IP phones, Softphones, Mobile devices) need to connect to the IP-PBX with a username and password. More often than not (for simplicity) administrators use the device extension as the username and password. Such a practice will help malicious users to masquerade as other users with higher privileges, resulting in system abuse.

Encrypted VoIP Traffic

By default, VoIP traffic is transmitted in clear form. This enables malicious internal users to sniff voice traffic and gather valuable information. Additionally, using freely available tools hackers can eavesdrop on conversations, record them into a voice file, and playback at a later time. The concept is similar to phone-tapping in traditional PSTN phones, just that doing so becomes very easy. To prevent this, administrators MUST employ some form of basic encryption: TLS or IPSec, Secure RTP, or AES. Several of these protocols have minimal processing overhead adding little or no burden on the quality of calls.

There are several businesses that specialize in VoIP security and offer hardware based solutions. No doubt these devices provide a comprehensive VoIP security solution. However, as long as the basic security measures (outlined above) are well implemented, specialized security hardware/software is not required. Undoubtedly VoIP systems can add value to an organizations existing infrastructure as long as the basic security principle is followed: trust no one, authenticate everyone, and protect systems wherever they are.