Generate Revenue Through IT Using Business Service Management Sponsored by HP
Making sure that your business applications are available to their end users is an important part of running your business smoothly. Business operations have evolved to where IT must now broaden its focus to help the company attract, retain and grow customer relationships and increase customer satisfaction. Business service management (BSM) helps lay the foundation by managing services in dynamic support of business requirements. »
Managing the Modern Network Sponsored by HP
Networks are more than vehicles to transport e-mail and Web pages. In a global economy where information crosses the globe in an instant, and where Web-based applications power business, it's more important than ever to ensure your network is safe from threats and optimized to deliver the data your business needs. »
Storage Networking 2, Configuration and Planning
Sponsored by HP
In Part 1, we discussed storage area networks (SANs) and fibre channel. In Part 2, delve into best practices and cover the general concepts you must know before configuring SAN-attached storage. The most critical, sometimes tedious, part of setting up a SAN is configuring each individual disk array. This guide examines configurations for SAN-attached servers and disk arrays, and also includes a look at the future of IP storage.
»
Is Your Disaster Recovery Plan Good Enough? Get Disaster Recovery Right Sponsored by HP
Preparing for a disaster is more often than not part of the storage planning process, and without question it is one of the most difficult task, since it includes local hardware and software, networking equipment, and a test plan to ensure that you can recover from the disaster. Learn how to put your organization on the proper disaster recovery plan, now. »
In August 2006, S. Niccolini submitted a draft to the IETF outlining a taxonomy for VoIP threats. Earlier, the VOIPSA (Voice over IP Security Alliance) had created an enormous classification for VoIP threats and attacks, but that was “too complete” for practical VoIP security analysis. Although one can argue that any element including the supporting components or protocols in a VoIP deployment can introduce vulnerabilities, it is difficult to foresee every possible future attack and protect every VoIP deployment.
Therefore, focusing the analysis on the VoIP application layer is a logical continuation from the existing foundation of best practices and procedures to secure a network. On the other hand, the threats listed in the IETF “VoIP Security Threats” draft are threats that should be considered in the protocol design. The first version of the IETF draft listed the following threat categories:
Interception and modification threats
Interruption-of-service threats
Abuse-of-service threats
Social threats
There are many different categorizations and taxonomies, and different classifications have different purposes. The VOIPSA takes a very detailed look at threats, to give as much information as possible, which might be overwhelming for some organizations. Nevertheless, it is an important contribution that helps us understand the associated threats. The IETF threat classification categorizes threats based on how the protocol specifications can be improved to minimize the impact of an attack and therefore does not consider issues associated with the supporting infrastructure, such as operating system platforms and network configuration.
Here, we build on and extend the threat taxonomies to distinguish certain attacks that overlap and include attacks that are not specific to the protocol design. Threats associated with VoIP are narrowed into the following categories:
Service disruption and annoyance—The attempt to disrupt the VoIP service, including management, provisioning, access, and operations. Attacks in this category can affect any network element that supports the VoIP service, including routers, DNS servers, SIP proxies, session border controllers, and so on. Such attacks can be initiated either remotely, without having direct access to the target network elements and manipulating the VoIP protocols, or locally, by issuing disruptive instructions or commends. An attacker can target an edge device (for example, a VoIP phone), a core network component, or a collection of components such as SIP proxies that may impact a community of users. This category also includes annoyance attacks such as SPIT (spam through Internet telephony).
Eavesdropping and traffic analysis—The attempt to collect sensitive information to prepare for an attack or gain intelligence. In VoIP (or, generally, Internet multimedia applications), this means that the attacker has the ability to monitor unprotected signaling or media streams that are exchanged between users. This category includes traffic analysis and can be passive or active (that is, collect, store, and analyze or real-time decoding/translation of media packets). The attack aims to extract verbal or textual (for example, credit card number or pin) content from a conversation or analyze communications between parties to establish communication patterns, which can later be used to support other attacks.
Masquerading and impersonation—The ability to impersonate a user, device, or service to gain access to a network, service, network element, or information. This is a distinct category because masquerading attacks can be used to commit fraud, unauthorized access to information, and even service disruption. A special case of a masquerading threat is impersonation, where the attacker can pretend or take over someone’s identity in the service. In this category, targets include users, end user devices, and network elements and can be realized by manipulating the signaling or media streams remotely or through unauthorized access to VoIP components (for example, signaling gateways, the SIP registrar, or DNS servers). For example, if a telecommunications provider is using only caller ID information to authenticate subscribers to their voice mailboxes, it is possible for an attacker to spoof caller ID information to gain access to a user’s voice mailbox. Masquerading attacks in VoIP networks can also be realized by manipulating the underlying protocols that provide support for VoIP (such as ARP, IP, and DNS).
Unauthorized access—The ability to access a service, functionality, or network element without proper authorization. Attacks in this category can be used to support other attacks—including service disruption, eavesdropping, masquerading, and fraud—because the attacker has control of a device, resource, or access to a network. The difference between masquerading and unauthorized access is that the attacker does not need to impersonate another user or network element, but rather can gain direct access using a vulnerability such as a buffer overflow, default configuration, and poor signaling or network access controls. For example, an attacker that has administrative access on a SIP proxy can disrupt VoIP signaling by erasing the operating system’s file system, and thus cripple the host and service. Another example is where an attacker has access to a media gateway and installs malicious software to collect media packets and ultimately perform passive eavesdropping on subscriber communications. Unauthorized access can be correlated with threats such as eavesdropping, masquerading, and fraud.
Fraud—The ability to abuse VoIP services for personal or monetary gain. This category of attacks is one of the most critical for telecommunication carriers and providers, along with service continuity and availability. Fraud can be realized by manipulating the signaling messages or the configuration of VoIP components, including the billing systems. Some fraud scenarios feasible in current VoIP implementations can be performed by manipulating the signaling flows of a call. It is expected that more sophisticated fraud techniques will surface as VoIP becomes mainstream.
These categories provide a succinct structure in which current and new attacks can be categorized. For example, an attack against the authentication mechanism used by a signaling protocol can be categorized under unauthorized access if the attack allows access to information but does not have financial impact on the organization, or it can be categorized as fraud if it has a financial impact (or overlap in both if necessary).
On-Demand Webcast: Five Virtualization Trends to Watch Produced for HP, Citrix, and Intel
Take a look at five hot trends as virtualization moves mainstream. You'll learn how virtualization is shifting from point products to solution portfolios, delivering applications to the desktop, moving beyond server consolidation to enable more dynamic datacenters and serving as the foundation for some forms of cloud computing. Watch it now. Click here.
Generate Revenue Through IT Using Business Service Management
Managing the Modern Network
Storage Networking 2, Configuration and Planning
Is Your Disaster Recovery Plan Good Enough? Get Disaster Recovery Right 
Email
Print
Digg This
Add to del.icio.us
