VoIP vs. traditional telephony
Traditional voice systems were notoriously difficult to hack into. Attackers would have to gain access to proprietary systems from very few available entrance points to compromise them. Physical presence would usually be necessary either from within the telco’s central office or from within the cable closets of an enterprise to eavesdrop on voice conversations or to commit toll fraud or other harmful actions. A strong physical security in both of these areas was almost always enough to protect a voice network from all but the craftiest of attackers.
Enter Voice over IP. VoIP technology takes advantage of the infrastructure of IP packet networks. This has allowed for advanced voice and unified communications (UC) services that were impossible with traditional telephony. At the same time, it opens up voice networks to the same inherent security risks that IP packet networks have.
The good news is, these security risks can be mitigated. To do so, it is important to identify and understand the risks as well as the methods used to minimize them. With these security precautions, the advantages of VoIP handily outweigh the extra effort of securing them from potential attackers.
Voice over IP threats
The following are some of the most common threats to VoIP systems:
Identity and service theft – Attackers may attempt to steal services from a service provider while charging the cost to a third party. For example, an attacker may obtain access to a third party’s SIP trunk and use the subscriber’s credentials to initiate their own calls. This not only incurs costs to the legitimate SIP trunk subscriber, but also allows the attacker to take action on the SIP trunk using the subscriber’s identity.
Eavesdropping – Another common threat to VoIP systems is eavesdropping. With traditional telephony, it was necessary to gain physical access to the wires of a specific telephony circuit to perform wiretapping to eavesdrop. With IP telephony, packet sniffer software can be used to capture voice packets and reassemble them to hear the conversation that took place. Conversations need not be listened to in real time but can be saved and listened to at a later date. This type of attack is similar to the Man-In-The-Middle (MITM) attack that can occur on IP packet networks.
Viruses and malware – Because VoIP exists within the realm of computer networks, it is vulnerable to the same types of attacks as computers are – from viruses and malware. VoIP systems such as IP PBXs, IP Voice servers and even some kinds of IP telephones may be vulnerable to viruses that are specially designed to infect voice systems. Malware can also install itself onto these systems and compromise their functionality.
Call tampering – This type of attack involves the tampering of a phone call in progress. This can result in degraded quality of a call, interfering with SIP signaling, or the complete disconnecting of a call. Its purpose is to deliberately cause low-quality voice network performance.
These are best practices for minimizing the vast majority of VoIP network attacks:
Encryption of voice packets and signaling – The application of an encryption algorithm on all voice packets and SIP signaling packets is a best practice that should be observed by all VoIP professionals. Almost all commercially available VoIP equipment, including IP PBXs, gateways, IP phones and softphones, provide some level of encryption that is relatively easy to implement. The most powerful encryption algorithms available today include the Advanced Encryption Standard using key sizes of 256 bits. Such encryption will mitigate against eavesdropping as well as identity and service theft.
Encryption is a service that SIP trunk providers often apply to voice packets, but less often on the SIP signaling packets. It is a good idea to make sure your SIP provider implements both and that your voice gateway and/or IP PBX supports the encryption methods used by the telco.
Conventional IP network security – For the most part, measures that are considered best practices for mitigating the risks inherent to IP networks are sufficient for protecting a VoIP network. Antivirus and anti-malware software, firewall protection, DDoS attack protection, as well as VLAN isolation and subnet segregation, all contribute to the security of VoIP networks. This is because the VoIP and IP data networks are one and the same. These security measures will reduce call tampering as well as unauthorized access into VoIP systems and devices.
Our article on how to keep your SIP phone system safe has more details on how to mitigate specific types of risks, including DDoS attacks, packet sniffing, data extrusion and malware.
Physical security – Physical security is just as important for modern VoIP networks as it was for traditional telephony networks. Although remote attacks are more common on VoIP networks, lax physical restrictions to telecom closets can still result in VoIP network compromise.
For more details on how to beef up the physical security of your network, see Five steps for securing your SIP telephone system, as well as our article on securing your wireless network.
Securing specific elements of a voice network
There are specific steps that you can take to secure different parts of your voice network.
IP Phones – The IP phones themselves should be protected from physical access to avoid unauthorized calls being made, especially during off hours. Additional security can be added using authorization codes that must be dialed before each toll or international call or even a general security lockout code that will make the phone inoperable until a PIN has been entered. Additional network-level security that can be implemented includes encryption of voice packets to and from the IP phone, segregation of voice on a separate voice VLAN, and the regular updating of phone firmware to resolve any security holes that may have been discovered.
IP PBXs – Most IP PBXs run on either Linux-based or, to a lesser extent, Windows-based servers. The usual best practices employed for these servers, such as antivirus, software firewalls, malware protection and regular backups of vital data, are ordinarily sufficient to provide the required security for IP PBXs. Other IP PBXs may run on appliances that resemble a router rather than a server. These devices must be approached more like network devices rather than Windows or Linux servers. See the next section on routers for this.
Routers – Network devices such as routers should be secured using the typical best practices used to harden such devices. This includes password protection, encrypted management communication, access lists which block specific IP address ranges and Transport Layer ports, as well as shutting down any services that are not in use. These best practices also apply to any router-like VoIP appliances such as IP PBXs or voice gateways.
SIP Trunks – When a voice conversation takes place over a SIP trunk (or between any SIP-enabled devices, for that matter) the voice packets and the SIP control packets that are exchanged form two separate and independent sessions or channels between the participating SIP endpoints. Encryption is a service that SIP trunk providers often apply to the voice portion of the communication, but not as often to the SIP signaling and control packets. It is a good idea to make sure that your SIP provider implements encryption on the SIP messages and that your voice gateway and/or IP PBX supports the encryption methods used by the telco.
Securing a VoIP network is often a simple matter of implementing some basic network security best practices. Because of network convergence, most of the vulnerabilities to the VoIP network can be mitigated by the same practices used to secure IP networks. The extra effort involved in locking down a voice network is vastly outweighed by the immense benefits it offers in the form of more advanced and cost-effective voice services, UC services and enterprise productivity.