SECURITY 540

VoIP Security

If your organization utilizes voice communications or is thinking of migrating to VoIP (Voice over IP), you need to master VoIP security best practices and technologies in order to design, deploy, and audit trusted VoIP infrastructures. The best way to secure a VoIP network is to incorporate security in the design right from the beginning. However, even if you have security concerns about an existing VoIP network, this course will teach you all of the tips and tricks to protect your critical VoIP networks. You will learn practical tasks that you can directly apply when you go back to work.

VoIP has become a widely adopted technology, and it's here to stay. VoIP protocols and technologies, and especially VoIP security, are among the most complex fields in IT today. This course offers the in-depth knowledge required to understand how VoIP technologies work at the protocol level (mainly focusing on SIP and RTP). A detailed in-class analysis of infrastructure, signaling, and media attacks will reveal the security risks of VoIP networks for service providers, carriers, and enterprises, and students will be shown how to mitigate these risks.

By helping you understand how VoIP protocols work and giving you hands-on experience with attack mechanisms that impact your VoIP environment, this challenging course helps you design, build, and assess a secure VoIP architecture.

We will cover various VoIP attacks from VoIP signaling and media eavesdropping, caller ID impersonation, and VoIP authentication cracking to man-in-the-middle call manipulation and media injection. We will then examine multiple cutting-edge solutions, security devices, standards, and countermeasures that can be used to alleviate these vulnerabilities and threats, detailing the strengths and weaknesses of each, while guiding you through the best tools for securing your VoIP network.

As part of the course, you will receive a software VoIP PBX based on Trixbox (Asterisk), an audio headset, and several VoIP analysis and attack tools. This toolkit will help you build your own VoIP infrastructure, gain hands-on experience, and learn the attack tools used to exploit VoIP vulnerabilities from the attacker perspective. You'll learn to understand the insight gained from VoIP penetration testing, which you will be able to apply to protect your VoIP infrastructure from attacks. The extensive hands-on labs, plus the instruction from industry VoIP security experts, provide you with the skills needed to architect and evaluate your VoIP infrastructure.

The course includes an extensive list of references for each module for further analysis and staying up to date in future VoIP security trends.

Prerequisites

Students should have a working knowledge of TCP/IP networks and protocols, general security attacks and defenses, and VoIP concepts and experience in the design or deployment of network and security technologies.

The SANS SEC540 VoIP class is quite technical, but I would highly recommend it for any manager considering the implementation of VoIP in their network. Many are simply blinded by the huge potential savings from VoIP and fail to understand or recognize the inherent risks associated with it. SANS clearly outlines the risks literally hands-on that every manager must be aware of when implementing VoIP. Paul A. Henry

Very intense. I have never been to a conference where we received so much information and so much more to learn post-conference.
-Paul Abels, UPS

Author Statement

When VoIP is mentioned, two main concepts emerge into people minds: lowering telecommunication costs, and security. Obviously, VoIP provides lot of advantages versus the legacy voice infrastructures, where cost reduction, computer application integration, and unified communications seem to be the most notorious. However, VoIP security is appreciated as one of the main drawbacks by security-aware people when voice communications are associated to the wild wide Internet.

At the same time, it is interesting to analyze the level of trust we have in the legacy telephony infrastructures, like the PSTN or cellular networks (GSM, GPRS, or UMTS). We consider they are completely secure and that only law enforcement, or high-technology spies (like those in the movies), would be able to control our voice calls. This level of trust is associated to its closed and proprietary nature, versus the open and distributed nature of VoIP infrastructures, and is what sets our expectation of privacy and level of trust in these networks and make us think VoIP is inherently insecure.

However, nothing could be further from the truth. If implemented properly and securely, VoIP infrastructures can be more secure and trustworthy than the legacy voice networks. A couple of basic scenarios can exemplify this statement. Nowadays, caller ID spoofing is trivial and unavoidable in the PSTN; however, strong authentication methods are available in VoIP to mitigate impersonation attacks. Similarly, voice conversations crossing the PSTN travel in the clear, so anyone in the path between caller and callee can intercept and listen to the conversation. VoIP allows applying strong encryption techniques to protect the audio contents of a voice call and avoid eavesdropping attacks. The solutions are available; you only need to learn them and know how to deploy them. This advanced course is designed to provide you with the skills required to do so and master VoIP security.

I welcome any questions or comments on this course; feel free to contact me directly at rsiles@sans.org. Thanks!

-- Raul Siles