NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
07/19/05
Today's focus: Thesis spells out threats to VoIP
Dear security.world@gmail.com,
In this issue:
* Security for IP telephony discussed
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by CipherTrust
Are you doing enough to protect your intellectual property and
ensure compliance with onerous privacy regulations? Join Gartner
analyst Arabella Hallawell and executives from CipherTrust to
discuss the evolution of e-mail security as controlling outbound
threats and regulatory compliance become critical imperatives.
Register now for this August 4th online event!
http://www.fattail.com/redir/redirect.asp?CID=108395
_______________________________________________________________
THE NEW DATA CENTER: SPOTLIGHT ON STORAGE
Network World's latest report takes a look at storage trends
such as virtualization, encryption and archiving. Here you will
also find seven tips for managing storage in the new data
center, how storage encryption can help ease the threat of
identity theft, why one exec believes its all about the
information and more. Click here:
http://www.fattail.com/redir/redirect.asp?CID=108438
_______________________________________________________________
Today's focus: Thesis spells out threats to VoIP
By M. E. Kabay
In my last column, I pointed to some resources for studying
VoIP. Today I want to tell you about an excellent exposition of
threats to VoIP from an Austrian master's thesis.
Johann Thalhammer studied VoIP security for his dissertation
submitted to the Institute for Applied Information Processing
and Communications at the Graz University of Technology in Graz,
Austria. Thalhammer works for BearingPoint INFONOVA in Austria:
<http://www.bearingpoint.at/> (Text on site mostly in German)
The entire thesis is written in excellent English - imagine
writing your thesis in German! - and well worth reading in its
entirety. However, readers may find the section on threats to
VoIP systems particularly interesting, as I did. Thalhammer
summarizes threats to VoIP as follows:
"Many threats to an IP telephony system are identical to those
of any other system that is connected to the Internet. They
include vulnerabilities of the network stack, of the operating
system or of other services... The threats analysed here concern
the business model and the protocols between the components of a
H.323 IP telephony system.
"The business model is based on user subscription. Anyone who
wants to use the telephony service has to be registered. The
accounting is done according to the duration of the made calls.
The main threat to the telephony system are people who try to
call for free (also called phreaking). The following division
was made to analyse possible threats:
* Manipulation of accounting data
* Direct call without the use of a GK [gatekeeper, an
administration unit that provides access controls and bandwidth
management for the VoIP network]
* Impersonation of an EP [endpoint, the equivalent of
telephones]
* Impersonation of a GK towards a second GK
* Impersonation of the BES [administrative domain back-end
service, the service interface for all the VoIP components, with
information about their characteristics and permissions]."
Thalhammer explains each of these attack types in turn.
Manipulation of accounting data: Call-detail records (CDR) flow
from GKs to the BES. A man-in-the-middle attack could allow
interception of CDRs and modification to misrepresent call
duration. Thalhammer writes, "This exploit can be avoided by
peer entity authentication in combination with data integrity."
Direct call without use of the GK: Since every endpoint on a
single VoIP network can theoretically connect to every other
endpoint directly, it is possible to bypass the GKs and thus
avoid any record of a call. Traffic that attempts to cross
network boundaries without passing through GKs can be controlled
through firewalls: "To prevent abuse on bigger networks,
gateways that only allow call signaling traffic from GKs to pass
have to be applied."
Endpoint impersonation: Thalhammer analyzes the four classes of
exploit for breaches of authenticity on the VoIP network. These
classes are defined by the steps in the call negotiation
protocol and are too detailed for this brief summary. Effective
identification and authentication methods should make such
exploits more expensive for the attacker. See pages 63-64 of the
thesis.
Gatekeeper impersonation: If GK equipment were unregistered and
unauthenticated, it would be possible for a rogue GK to initiate
a call between two EPs even though there was no authorization
for service. As in the other cases, registration of GKs and
appropriate application of cryptographic authentication should
make such fraud more difficult to achieve.
There is much more of interest in the thesis, and I hope that
interested readers will find it valuable.
I was able to reach Thalhammer and he pointed me to additional
VoIP research that he has published. Danke sehr! (Thank you very
much.)
The thesis can be found here, in PDF: <http://tinyurl.com/bfzez>
RELATED EDITORIAL LINKS
Cisco covets anti-spam role
Network World, 07/18/05
http://www.networkworld.com/news/2005/071805-cisco-spam.html?rl
Start-up takes aim at low-cost security offerings
Network World, 07/18/05
http://www.networkworld.com/news/2005/071805-consentry.html?rl
Industry looks to tackle spyware
Network World, 07/18/05
http://www.networkworld.com/news/2005/071805-spyware.html?rl
_______________________________________________________________
To contact: M. E. Kabay
M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.
A Master's degree in the management of information assurance in
18 months of study online from a real university - see
<http://www.msia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by CipherTrust
Are you doing enough to protect your intellectual property and
ensure compliance with onerous privacy regulations? Join Gartner
analyst Arabella Hallawell and executives from CipherTrust to
discuss the evolution of e-mail security as controlling outbound
threats and regulatory compliance become critical imperatives.
Register now for this August 4th online event!
http://www.fattail.com/redir/redirect.asp?CID=108394
_______________________________________________________________
ARCHIVE LINKS
Archive of the Security newsletter:
http://www.networkworld.com/newsletters/sec/index.html
Security Research Center:
http://www.networkworld.com/topics/security.html
Instant sign-up for Security News Alert:
http://www.networkworld.com/isusecna
Instant sign-up for Virus & Bug Patch Alert:
http://www.networkworld.com/isubug
_______________________________________________________________
FEATURED READER RESOURCE
THE ROI OF VOIP
When it comes to VoIP, most network managers are satisfied that
the technology works. But there are questions: What will the new
technology cost to roll out and support, and what benefits can
companies expect to reap? Check out NW's step-by-step guide on
how to determine the true cost and benefits of VoIP. Click here:
<http://www.networkworld.com/research/2005/071105-voip.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment