Voice over IP security

Voice over IP security, Arkoon.

1- What is Voice over IP ?

VoIP (Voice Over Internet Protocol) is a generic term bringing together a collection of application protocols (UDP or TCP ports) specified by RFCs and sponsored by the various actors. Voice over IP protocols are all intended for sending audio (voice) or video over an IP network.

The special feature of Voice over IP communication is that it always consists of two channels: a signaling flow and a media flow.

- The media flow is the channel which carries the information (Voice and/or Video)
- The signaling is responsible for connecting the calling and called parties together and determining the conditions under which the media flow will operate.

2- Voice over IP Vulnerabilities

Voice over IP is sensitive to the risks of Internet protocols:

- DoS, DDos:
Flooding on the signaling channel
Flooding on the media channel
Badly-formed requests
Injection of packets to close communications
- worms, viruses
- transaction sniffing (called tapping or eavesdropping in Voice terms)
- unauthorized applications
- man-in-the-middle type attacks on the media or signaling channel
- phishing
- identity theft (at user, proxy, registrar and/or gatekeeper level)
- session replay
- etc…

In addition, there are the problems specific to voice communication:

- Pirating of the phone line. This enables the attacker to carry out "long distance" calls billed to the pirated company.
- War dialing: exhaustive dialing of all the numbers in a company to find an unprotected modem on the internal network.
- Spam: anonymous and/or unsolicited phone calls.
- Use of prohibited prefixes (premium rate lines, for example).
- Use of fax lines to make data connections to external modems.
- Telephone tapping.
- Transfer of calls externally at the company's costs.

3 - FAST360 Voice over IP Security

The initial protection provided by FAST360® appliances is implemented in the FAST protocol analysis engine. Specific modules have been implemented Voice over IP protocols :
- H323
- SIP
- MGCP
- SDP
- RTP
- RTCP

Standard analysis of Voice over IP protocols :
These analyses enable FAST360® appliances to check the syntax of Voice over IP protocols in real time.
For example: FAST MGCP checks the RFC compliance of the headers of the various packets exchanged. FAST SIP checks the return codes or the parameters exchanged in a SIP flow against a list of recognized parameters, etc.

Adaptive filtering, analysis of the media flow in relation to the signaling flow:
Adaptive filtering is an analysis technology for Voice over IP protocols which takes account of the broad interaction between the media flow and the signaling flow. In this way, the analysis of the media flow is relevant to its implementation as negotiated by the signaling flow.

ARKOON

Head Office
13A Avenue Victor Hugo
69160 Lyon Tassin
Tél : +33 (0)4 72 53 01 01
Fax : +33 (0)4 72 53 12 60

Ile de France
Immeuble Le Pelissier
220 Av. Pierre Brossolette
92240 Malakoff
Tel: +33 (0)1 57 63 67 00
Fax: +33 (0)1 57 63 67 37

Netletter subscription