SECURITY 540

VoIP Security

If your organization utilizes voice communications or is thinking of migrating to VoIP (Voice over IP), you need to master VoIP security best practices and technologies in order to design, deploy, and audit trusted VoIP infrastructures. The best way to secure a VoIP network is to incorporate security in the design right from the beginning. However, even if you have security concerns about an existing VoIP network, this course will teach you all of the tips and tricks to protect your critical VoIP networks. You will learn practical tasks that you can directly apply when you go back to work.

VoIP has become a widely adopted technology, and it's here to stay. VoIP protocols and technologies, and especially VoIP security, are among the most complex fields in IT today. This course offers the in-depth knowledge required to understand how VoIP technologies work at the protocol level (mainly focusing on SIP and RTP). A detailed in-class analysis of infrastructure, signaling, and media attacks will reveal the security risks of VoIP networks for service providers, carriers, and enterprises, and students will be shown how to mitigate these risks.

By helping you understand how VoIP protocols work and giving you hands-on experience with attack mechanisms that impact your VoIP environment, this challenging course helps you design, build, and assess a secure VoIP architecture.

We will cover various VoIP attacks from VoIP signaling and media eavesdropping, caller ID impersonation, and VoIP authentication cracking to man-in-the-middle call manipulation and media injection. We will then examine multiple cutting-edge solutions, security devices, standards, and countermeasures that can be used to alleviate these vulnerabilities and threats, detailing the strengths and weaknesses of each, while guiding you through the best tools for securing your VoIP network.

As part of the course, you will receive a software VoIP PBX based on Trixbox (Asterisk), an audio headset, and several VoIP analysis and attack tools. This toolkit will help you build your own VoIP infrastructure, gain hands-on experience, and learn the attack tools used to exploit VoIP vulnerabilities from the attacker perspective. You'll learn to understand the insight gained from VoIP penetration testing, which you will be able to apply to protect your VoIP infrastructure from attacks. The extensive hands-on labs, plus the instruction from industry VoIP security experts, provide you with the skills needed to architect and evaluate your VoIP infrastructure.

The course includes an extensive list of references for each module for further analysis and staying up to date in future VoIP security trends.

Prerequisites

Students should have a working knowledge of TCP/IP networks and protocols, general security attacks and defenses, and VoIP concepts and experience in the design or deployment of network and security technologies.

The SANS SEC540 VoIP class is quite technical, but I would highly recommend it for any manager considering the implementation of VoIP in their network. Many are simply blinded by the huge potential savings from VoIP and fail to understand or recognize the inherent risks associated with it. SANS clearly outlines the risks literally hands-on that every manager must be aware of when implementing VoIP. Paul A. Henry

Since I am fresh out of college this was a definite eye opener. This course was very valuable in that it gives a view of most tools available for auditing networks.
-Ryan Awai, Eisner LLP

Author Statement

When VoIP is mentioned, two main concepts emerge into people's minds: lowering telecommunication costs, and security. Obviously, VoIP provides a lot of advantages versus the legacy voice infrastructures, where reduction, computer application integration, and unified communications cost seem to be the most notorious. However, many organizations do not think of security when they implement VoIP. While VoIP has many benefits, it changes the rules on security. At the same time, it is interesting to analyze the level of trust we have in the legacy telephony infrastructures, like the PSTN or cellular networks (GSM, GPRS, or UMTS). We believe they are completely secure and that only law enforcement, or high-technology spies (like those in the movies), would be able to control our voice calls. This level of trust is associated with its closed and proprietary nature, versus the open and distributed nature of VoIP infrastructures, and it is what sets our expectation of privacy and level of trust in these networks making us think VoIP is inherently insecure.

However, nothing could be further from the truth. If implemented properly and securely, VoIP infrastructures can be more secure and trustworthy than the legacy voice networks. A couple of basic scenarios can exemplify this statement. Nowadays, caller ID spoofing is trivial and unavoidable in the PSTN; however, strong authentication methods are available in VoIP to mitigate impersonation attacks. Similarly, voice conversations crossing the PSTN travel in the clear, so anyone in the path between caller and callee can intercept and listen to the conversation. VoIP allows applying strong encryption techniques to protect the audio contents of a voice call and avoid eavesdropping attacks. The solutions are available; you only need to learn them and know how to deploy them. This advanced course is designed to provide you with the skills required to do so and master VoIP security.

---Dr. Eric Cole

Voice Over IP (VoIP) has become commonly used by enterprises, service providers and consumers. In particular, enterprises are converting their legacy PBXs, phones, adjunct systems, and even public trunking to VoIP. While VoIP offers many advantages, including new features, potentially lower costs, easier administration, and so on, it does introduce new security challenges.

Voice security issues, whether they are with legacy or VoIP, continue to be a major concern for enterprises. These issues are present whether VoIP is used or not. VoIP itself can make voice application issues a greater concern and introduces new vulnerabilities, which are inherent in any IP-based application. VoIP introduces new systems, applications, and protocols, each of which adds new vulnerabilities.

The class introduces voice and VoIP, along with the key VoIP protocols, such as SIP, H.323, and RTP. The class covers the different types of attacks, including scanning, social/application attacks, and IP network infrastructure attacks, as well as entirely new attacks unique to VoIP. The class wraps up with a discussion on countermeasures, including VoIP security devices, standards-based protocols, architectures and best practices. After attending the class, you will understand the basics of VoIP, the attacks you need to worry about the most, and how to address them in your enterprise.

-- Mark Collier

As VoIP deployments continue to increase in enterprises, the opportunity and likelihood to exploit the VoIP resources will continue to increase. This will include toll fraud attacks, denial of service attack s and other exploits of opportunity that will result in loss of data, privacy or potentially revenue.

One of the things we can do as information security professionals is to raise awareness of VoIP security issues within our organization and to ensure that we practice good VoIP security as we would practice good network security. The goal of the SEC540 VoIP Security class is to provide organizations with tools and a methodology necessary to both assess and secure VoIP networks against common attacks.

-- Brian Lutz