image

VoIP security en monitoring; interview met Luca Deri

woensdag 22 februari 2006, 13:24 door Redactie, 0 reacties

Een van de sprekers tijdens de System Administration and Network Engineering conferentie in Delft van 15 t/m 19 mei is Luca Deri. Deri is de leider van het ntop project wat zich bezighoudt met het ontwikkelen van een open source monitoring platform voor het analyseren van netwerkverkeer. Op dit moment is hij werkzaam voor IT aanbieder NETikos en is hij lector aan de universiteit van Pisa. De lezing van Deri gaat over "Open Source VoIP Traffic Monitoring" en zal op 18 mei plaatsvinden. Wij wilden niet tot die tijd wachten en stelden hem de volgende vragen. Aangezien Deri het Nederlands niet machtig is zijn de vragen en antwoorden in het Engels.

What are the biggest security threats for VoIP?
I'm speculating. I think that for protocols like SIP, the main concern is that user credentials are not very protected and this might allow intruders to steal identities hence make phone calls but even more important to answer incoming calls. For non-standard software (e.g. skype or voipstunt) the user has to trust the software manufacturer about viruses/spyware and also about potential incoming viruses received via the P2P protocol used for placing calls.

How real are these threats for companies that already deployed VoIP?
If voip is deployed across protected (e.g. world-wide private/VPNized networks) there are no major issues. Instead if voip is used also for connecting to local telecom operators we have the same concerns I have listed before

Some people worry that VoIP will be more susceptible to eavesdropping. Do you think this fear is justified?
If we use standard VoIP, based on RTP, when this could be possible as the protocol is UDP-based without any major security protection. Instead if S-RTP (secure RTP) is used then I believe this problem can be avoided. If we use proprietary protocols I don't think so as the protocol (e.g. skype) is secure.

Will VoIP traffic be used to spread virusses and spam, and how can this be countered?
If we use standard VoIP this is not really easy (although possible) whereas using P2P-based apps like skype this is more likely as we have to trust skype about this. Nevertheless voip companies are usually very interested in avoiding the problems you mentioned, so I believe that as soon as there's a problem the software manufacturer will patch the code and avoid the problem.

What kind of VoIP security appliances can we expect in the near future, something like VoIP firewalls?
I believe that the signaling protocols (e.g. SIP) will be modified to be more secure (we already see some effrorts) or (even more likely) be tunneled over secure channels. The same applies to RTP with secure RTP that already addresses some of the issues you mentioned (eavesdropping). Useing the word firewall is probably too strong, however a filter for incoming/outgoing calls based on rules (e.g. do not dial numbers that start with XXX) will appear.

Would you like to say anything about your research about detecting and measuring VoIP traffic based on both standard and proprietary protocols?
I have started this work because I wanted to use a tool able to show me what happens on the network from the VoIP point of view. While developing it I realized that all the available tools I have found are actually protocol analyzers that can be used to detect precise/punctual issues on specific calls, but not general tools.

As standard VoIP (I can't say much about non-standard protocols such as Skype as the only thing I do is detect them, without disclosing the identity of the peers that are talking) protocols become more and more likely, I don't see why network administrators cannot have a looking glass that shows further info about them. I'm now focusing on more precise VoIP accounting and the result of this work will appear sometime later this year. Stay tuned!

Nog geen reacties
Reageren

Deze posting is gelocked. Reageren is niet meer mogelijk.