|
|
Threats in VoIP
2007-08-15
Therefore, focusing the analysis on the VoIP application layer is a logical continuation from the existing foundation of best practices and procedures to secure a network. On the other hand, the threats listed in the IETF “VoIP Security Threats” draft are threats that should be considered in the protocol design. The first version of the IETF draft listed the following threat categories:
* Interception and modification threats
* Interruption-of-service threats
* Abuse-of-service threats
* Social threats
There are many different categorizations and taxonomies, and different classifications have different purposes. The VOIPSA takes a very detailed look at threats, to give as much information as possible, which might be overwhelming for some organizations. Nevertheless, it is an important contribution that helps us understand the associated threats. The IETF threat classification categorizes threats based on how the protocol specifications can be improved to minimize the impact of an attack and therefore does not consider issues associated with the supporting infrastructure, such as operating system platforms and network configuration.
Here, we build on and extend the threat taxonomies to distinguish certain attacks that overlap and include attacks that are not specific to the protocol design. Threats associated with VoIP are narrowed into the following categories:
Service disruption and annoyance — The attempt to disrupt the VoIP service, including management, provisioning, access, and operations. Attacks in this category can affect any network element that supports the VoIP service, including routers, DNS servers, SIP proxies, session border controllers, and so on. Such attacks can be initiated either remotely, without having direct access to the target network elements and manipulating the VoIP protocols, or locally, by issuing disruptive instructions or commends. An attacker can target an edge device (for example, a VoIP phone), a core network component, or a collection of components such as SIP proxies that may impact a community of users. This category also includes annoyance attacks such as SPIT (spam through Internet telephony).
Eavesdropping and traffic analysis — The attempt to collect sensitive information to prepare for an attack or gain intelligence. In VoIP (or, generally, Internet multimedia applications), this means that the attacker has the ability to monitor unprotected signaling or media streams that are exchanged between users. This category includes traffic analysis and can be passive or active (that is, collect, store, and analyze or real-time decoding/translation of media packets). The attack aims to extract verbal or textual (for example, credit card number or pin) content from a conversation or analyze communications between parties to establish communication patterns, which can later be used to support other attacks.
Masquerading and impersonation — The ability to impersonate a user, device, or service to gain access to a network, service, network element, or information. This is a distinct category because masquerading attacks can be used to commit fraud, unauthorized access to information, and even service disruption. A special case of a masquerading threat is impersonation, where the attacker can pretend or take over someone’s identity in the service. In this category, targets include users, end user devices, and network elements and can be realized by manipulating the signaling or media streams remotely or through unauthorized access to VoIP components (for example, signaling gateways, the SIP registrar, or DNS servers). For example, if a telecommunications provider is using only caller ID information to authenticate subscribers to their voice mailboxes, it is possible for an attacker to spoof caller ID information to gain access to a user’s voice mailbox. Masquerading attacks in VoIP networks can also be realized by manipulating the underlying protocols that provide support for VoIP (such as ARP, IP, and DNS).
Unauthorized access — The ability to access a service, functionality, or network element without proper authorization. Attacks in this category can be used to support other attacks—including service disruption, eavesdropping, masquerading, and fraud—because the attacker has control of a device, resource, or access to a network. The difference between masquerading and unauthorized access is that the attacker does not need to impersonate another user or network element, but rather can gain direct access using a vulnerability such as a buffer overflow, default configuration, and poor signaling or network access controls. For example, an attacker that has administrative access on a SIP proxy can disrupt VoIP signaling by erasing the operating system’s file system, and thus cripple the host and service. Another example is where an attacker has access to a media gateway and installs malicious software to collect media packets and ultimately perform passive eavesdropping on subscriber communications. Unauthorized access can be correlated with threats such as eavesdropping, masquerading, and fraud.
Fraud — The ability to abuse VoIP services for personal or monetary gain. This category of attacks is one of the most critical for telecommunication carriers and providers, along with service continuity and availability. Fraud can be realized by manipulating the signaling messages or the configuration of VoIP components, including the billing systems. Some fraud scenarios feasible in current VoIP implementations can be performed by manipulating the signaling flows of a call. It is expected that more sophisticated fraud techniques will surface as VoIP becomes mainstream.
These categories provide a succinct structure in which current and new attacks can be categorized. For example, an attack against the authentication mechanism used by a signaling protocol can be categorized under unauthorized access if the attack allows access to information but does not have financial impact on the organization, or it can be categorized as fraud if it has a financial impact (or overlap in both if necessary).
By Peter Thermos and Ari Takanen
|
|
|
|
VoIP Providers List Information |
|
|
|
If you have any constructive thoughts, creative ideas, or reasonable offers, please, contact us.
|
|
Send Email to Helen O'Neill if you have any questions either about this website, or about VoIP providers, or VoIP in general.
|
|
Send Email to our technical support if you have any technical queries.
|
About VoIP Providers List
VoIP Providers List services save time for companies searching both for information and interconnection partners, interested in voice minutes exchange, i.e. VoIP minutes termination and origination, as well as hardware and software trade. We provide information on interconnection services, VoIP hardware solutions and VoIP software , as well as overall situation in the VoIP industry.
VoIP Providers List is constantly moderated, and thus we can guarantee that any VoIP provider published in the web-based company catalogue has provided accurate details on its services and operations.
We are constantly working on improvement and development of our services. Your comments and proposals regarding the services are highly welcome. Please, do not hesitate to contact us providing with your ideas, opinion, and feed-back. We will be grateful for any information and useful links on Voice over IP, VoIP hardware, VoIP software, and VoIP Providers. |
|
|
|
|
VoIP Providers Statistics |
|
|
Providers in database: 3315
Users Online: 271
|
|
|
