Practical VoIP Security
Written for the thousands of IT professionals who are now responsible for deploying and maintaining secure VoIP networks, this book covers evaluation, design, integration, and management of VoIP networking components.
TABLE OF CONTENTS Practical VoIP Security
Chapter 9: Threats to VoIP Communications Systems
Introduction
Converging voice and data on the same wire, regardless of the protocols used, ups the ante for network security engineers and managers. One consequence of this convergence is that in the event of a major network attack, the organization s entire telecommunications infrastructure can be at risk. Securing the whole VoIP infrastructure requires planning, analysis, and detailed knowledge about the specifics of the implementation you choose to use.
Table 9.1 describes the general levels that can be attacked in a VoIP infrastructure.
| Vulnerability | Description |
|---|---|
| IP infrastructure | Vulnerabilities on related non-VoIP systems can lead to compromise of VoIP infrastructure. |
| Underlying operating system | VoIP devices inherit the same vulnerabilities as the operating system or firmware they run on. Operating systems are Windows and Linux. |
| Configuration | In their default configuration most VoIP devices ship with a surfeit of open services. The default services running on the open ports may be vulnerable to DoS attacks, buffer overflows, or authentication bypass. |
| Application level | Immature technologies can be attacked to disrupt or manipulate service. Legacy applications (DNS, for example) have known problems. |
Denial-of-Service or VoIP Service Disruption
Denial-of-service (DoS) attacks can affect any IP-based network service. The impact of a DoS attack can range from mild service degradation to complete loss of service. There are several classes of DoS attacks. One type of attack in which packets can simply be flooded into or at the target network from multiple external sources is called a distributed denial-of-service (DDoS) attack (see Figures 9.1...
Copyright Syngress Publishing, Inc. 2006 under license agreement with Books24x7
