With a host of new challenges and vulnerabilities, the emerging VoIP network clearly requires a more sophisticated approach to security than those currently used to secure data networks. For service providers to successfully deploy VoIP in the mainstream market, it is important to understand that, while some VoIP security requirements are similar to those in data networks, several areas are specific to VoIP.
As a real-time service, VoIP requires infrastructure that provides automated, real-time response to security threats to preserve very high availability service. With availability requirements having been held to a standard of 99.999 percent reliability ï¿½ which allows for less than five minutes of downtime per year ï¿½ VoIP simply cannot tolerate any security techniques that introduce delays or impact availability.
Additionally, VoIP services can offer features such as caller ID, call forward, voice mail, and three-way calling, which open up service providers to a number of new service threats not seen in the data networking domain, such as toll fraud, service theft, voice spam (SPIT), and identity theft.
Another aspect of large-scale VoIP deployments is so called ï¿½monocultureï¿½ ï¿½ all the VoIP endpoint devices, residential gateways, and access devices are the same from the hardware and software point of view making security attacks performed in the ï¿½broadcastï¿½ mode very dangerous, since they can disable the entire network by exploiting a single vulnerability present on particular types of devices or applications.
VoIP security solutions designed around network-based devices and signature-based applications are not able to address the real-time nature and complexity of VoIP networks. Only by combining network and host-based security devices and applications with sophisticated, systems-level threat mitigation platforms, can operators efficiently protect the entire VoIP infrastructure.
A Proactive Approach to VoIP Security
One of the greatest lessons learned from the data security world over the past decade is the importance of a proactive approach to security. The data security world evolved from a reactive to a proactive approach as new threats emerged, until finally, the risk of leaving networks vulnerable became all too clear. The very nature of telecommunications networks, and VoIP networks, for that matter, dictates that VoIP security doesnï¿½t have the luxury of only taking a reactive approach until different types of attacks reach critical mass.
As service providers make the transition to VoIP, they need to take a proactive approach to security from day one, while ensuring they can secure all points in the VoIP network, whether it be local, national, or international. Building a proactive, systems-level approach to VoIP security must consist of three functional components: prevention, protection, and mitigation.
Prevention enables organizations to proactively identify and fix VoIP-specific vulnerabilities before they impact end users. A commonly used approach from the data security world ï¿½ vulnerability assessment (VA) ï¿½ is particularly effective as a proactive strategy. By performing a VoIP VA in the lab, before any VoIP equipment or applications are deployed, organizations are able to verify vendor claims and identify security flaws early in the deployment cycle. Once VoIP is deployed, periodic or continuous vulnerability assessments should become the base of an overall proactive VoIP security strategy. Once vulnerabilities are identified, they should be addressed by appropriate actions, such as patching, re-configuration, and network tuning.
Within the VoIP network, various security architectures and solutions should also be deployed to protect VoIP services from threats. Any security architectures and solutions must be ï¿½VoIP awareï¿½ so they do not impact VoIP service quality and reliability. Deploying a multi-layer infrastructure that provides both perimeter and internal network protection is ideal. In most cases, this will consist of numerous security devices and host-based applications, such as SBCs, VoIP Network Intrusion Prevention Systems (NIPS), VoIP DoS defenses, VoIP Network Intrusion Detection Systems (IDS), Host IPSs, Authentication, Authorization and Accounting (AAA) servers, encryption engines, and VoIP anti-virus software.
However, it is widely accepted that no matter how good the prevention and/or protection in place may be, eventually, an attacker or worm will successfully penetrate the defense architecture and impact VoIP infrastructure. To date, there have been few publicized VoIP security attacks, but there is already an example of a financial institution that was subjected to a worm attack. In this case, the VoIP infrastructure was disabled and the company experienced loss of voice communication that translated into financial losses. However, as VoIP is adopted into the mainstream, it is a matter of when, not if, widespread attacks will occur. When that occurs, threat mitigation systems will take over, and must be able to respond autonomously to a detected security attack, while keeping their impact to a level where VoIP services can still function at a reasonable level of QoS and give the support staff enough time to restore normal services. It is important to distinguish between Intrusion Protection Systems (IPS)
that will prevent an attack and, therefore, belongs to the protection domain from a Threat Mitigation System (TMS), the main task of which is to minimize the impact of the attack when it is already under way. TMS is the key for implementation of carrier grade VoIP services where even few minutes of downtime can have serious financial and legal implications.
An Effective Strategy for VoIP Threat Mitigation
Currently, a combination of human intervention and security management tools are being used to mitigate the impact of VoIP attacks. Take, for example, a ï¿½zero dayï¿½ worm; this is a worm that is created almost at the same time as the vulnerability it exploits is discovered, hence the term ï¿½zero day.ï¿½ In other words, because the time between the vulnerability identification and an exploit could be measured in hours or minutes vs. days, it may pass through the protection infrastructure and cause the network and/or critical VoIP servers to go down, which may result in minutes, hours, or days of downtime as the issue is addressed by IT staff.
As the VoIP market matures and attacks become more prevalent, these methods will no longer be sufficient. VoIP networks ï¿½ and VoIP consumers ï¿½ simply cannot tolerate multi-hour or multi-day downtimes; they must have 99.999 percent availability.
Service providers will require a real-time, automated response to VoIP security threats. Otherwise, major VoIP security threats, such as SPIT, DoS, or fast spreading worms, may result in service disruption or service integrity degradation. While the need to secure IP-based voice communications is driving the need for threat mitigation, as new IP services such as IPTV (News - Alert) become available, the same security requirements will apply. Just as users will not tolerate an outage of phone service, they will demand the same level of reliability and integrity for other paid services, such as IPTV.
The most effective approach to VoIP threat mitigation involves three core elements:
ï¿½ Detection: A threat must be identified as soon as possible and needs to be a combination of signature-based and anomaly-based detection techniques ï¿½ for example, to address zero-day exploits before the signature is created. Once the threat is recognized, the signature-based portion of the detector could be updated to detect future occurrences of this threat.
ï¿½ Correlation: Once the threat is detected, it must then be correlated to known information on the device(s), such as known vulnerabilities, topology, and any additional information collected from the security infrastructure, such as IPS, firewall, SBC, etc.
ï¿½ Response: The system must then respond in real time to ensure that the reliability or integrity of the network isnï¿½t impacted. Any response to attack must take place in the background, so it is seamless to end users and the service remains available.
This model of threat mitigation is delivered as a software solution. Because the software works at the systems level, it can deliver an end-to-end, layered view of VoIP networks, addressing the entire VoIP network including the OS, protocols, etc. Unlike human intervention, the goal with a software approach is to respond to an attack in a matter of seconds, and to be in-line and host-based to support real-time response and mobile users.
At the current time, VoIP threat mitigation systems are not yet available. However, they are the natural next steps for securing VoIP and they need to be actively planned for. As some equipment providers are beginning to talk about ï¿½self-defendingï¿½ VoIP systems, which include elements of threat mitigation and the demand for IP-based services increases, threat mitigation will become a reality. In planning and deploying VoIP, a proactive, systems-level approach to security is required and threat mitigation should figure prominently in service providersï¿½ VoIP plans.
Service providers need to push for VoIP-specific threat mitigation to ensure their delivery of PSTN-level reliability and enable them to manage risks to the network. For VoIP to become a reality, all IP services need to be delivered with PSTN-level reliability and security, with industry-wide standards. Vendors must play an active role in pushing security issues such as threat mitigation to the forefront. IT
Bogdan Materna is the VP of Engineering and CTO at VoIPshield Systems. For more information, please visit the company online at www.voipshield.com.
If you are interested in purchasing reprints of this article (in either print or PDF format), please visit Reprint Management Services online at www.reprintbuyer.com or contact a representative via e-mail at [email protected] or by phone at 800-290-5460.