Chapter 7 - Threats to VoIP Communications Systems

Abstract

This chapter deals with the threat to VoIp communication systems. DoS attacks, whether they are intentional or unintended, are the most difficult VoIP related threat to defend against. The packet switching nature of data networks allows multiple connections to share the same transport medium. Therefore, unlike telephones in circuit-switched networks, an IP terminal endpoint can receive and potentially participate in multiple calls at once. Thus, an endpoint can be used to amplify attacks. On VoIP networks, resources such as bandwidth must be allocated efficiently and fairly to accommodate the maximum number of callers. Theft of services and information is also problematic on VoIP networks. These threats are almost always because of active attacks. Many of these attacks can be thwarted by implementing additional security controls at layer 2. This includes layer 2 security features, such as DHCP Snooping, Dynamic ARP Inspection, IP Source Guard, Port Security, and VLAN ACLs. The fundamental basis for this class of attacks is that the identity of one or more of the devices that participate is not legitimate. Moreover H.323 and SIP suffer security vulnerabilities based simply upon their encoding schemes. Because SIP is an unstructured text-based protocol, it is impossible to test all permutations of SIP messages during development for security vulnerabilities. The implementation of H.323 message parsers, rather than the encoding rules themselves, results in security vulnerabilities in the H.323 suite.