Voice over Internet Protocol (VoIP) has arisen as the next budget-saver technology for enterprise communications. However, VoIP security has become a cause for question, especially through the two standard VoIP protocols: H-323 and Session Initiation Protocol (SIP). In this guide, value-added resellers (VARs) and networking consultants will learn about these weaknesses, as well as methods for protecting their customers' networks.
VoIP protocols: A technical guide
Today, many companies are replacing traditional telecommunications services with VoIP, using their own IP network infrastructure to slash phone bills and increase productivity. However, IP telephony terminals, call servers, proxies and gateways create new attack targets, and converged voice/data networks can fall victim to new exploits.
Learn more about the rise of VoIP, its protocols and what it has to offer consultants who implement it on their customers' networks.
Understanding VoIP protocols
VoIP hardware uses unique protocols to initiate calls over the network. This tip examines H.323 and SIP for VARs and network consultants who manage their customers' VoIP telephony projects.
VoIP phones, Voice over Wi-Fi handsets and PC-based "soft phones" send H.323 or SIP messages over private or public IP networks to register themselves and initiate calls. The analog voice is then digitized, encoded, compressed and transported by Real-Time Transport Protocol (RTP)/User Datagram Protocol(UDP)/IP packets, routed between the calling and called parties. Most VoIP products employ one of the following two standard protocols to accomplish this:
Get more information on the two main VoIP protocols.
VoIP protocol insecurity
H.323 and SIP, the two main protocols used by VoIP hardware, are both plagued with security issues that network consultants and systems integrators should be aware of when deploying VoIP. This tip examines some of these inherent weaknesses.
Like many Internet protocols, SIP was designed with simplicity, not security, in mind. And, although H.323 was created to meet broader goals, security issues have plagued it as well. Some vulnerabilities are inherent in the protocols themselves; others have been introduced by the developers who turn these standards into products.
Get more information on the VoIP protocol security issues, and how they can be reconciled.
How to use fuzzing to deter VoIP protocol attacks
Standard VoIP protocols are rife with security issues. However, with fuzzing, VARs and systems integrators can identify and patch most of these weaknesses. This tip examines this technique and offers a few examples.
Functional protocol testing, also known as "black-box testing" or "fuzzing," sends many diverse input messages to a vendor's implementation, exercising error handling routines and generating conditions never anticipated by the protocol designers or software developers. Fuzzers systematically send test messages, randomly or sequentially, within the framework defined by a given protocol specification. The implementation undergoing testing is observed for buffer overflows, unhandled exceptions and unexpected behavior.
Learn more about the practice of fuzzing for testing VoIP security.
About the author:
Lisa Phifer is vice president of Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications.
This was first published in April 2007