August 2, 2006 9:22 PM PDT

New tools test VoIP security

LAS VEGAS--If your VoIP phone starts ringing off the hook, it might not denote a surge in your popularity--just that someone is trying one of 13 newly released security tools.

Researchers at the Black Hat security conference here released the tools on Wednesday. The programs are meant to test the security of increasingly popular voice over Internet Protocol telephony systems, Dave Endler, director of security research at TippingPoint, said in an interview. TippingPoint is part of 3Com, which sells VoIP products.

Each of the tools can be used to launch VoIP system attacks, such as overloading phones or VoIP exchanges with ambiguous traffic, flooding phones with calls, forcing hang-ups, rebooting phones, and reassigning the devices to other users or nobody at all, Endler said.

"If you want all the CEO's calls to show up at your desk, that's what you would use," he said. Enterprises look at VoIP systems because of their rich features, promise of lower costs, and use of the same infrastructure as computer networks.

The tools were designed to help administrators determine the vulnerability of their telephony systems, Endler said.

"Obviously, releasing any security tools is a double-edged sword in that you can't restrict who has access," he said.

All of the tools target systems that use the Session Initiation Protocol, or SIP. While SIP is increasingly used in VoIP systems, it isn't widely used yet, Endler said. Instead, products from vendors such as Cisco Systems, Avaya and Nortel Networks all use proprietary protocols.

"The majority of VoIP systems out there are not SIP enabled," Endler said. "Most of them are pushing forward with SIP adoption." Endler and co-presenter Mark Collier of SecureLogix hope their work will help VoIP systems be more secure when SIP makes it into the major leagues, Endler said.

"VoIP security is still in its infancy," he said.

The release of the tools will have little effect on VoIP users today, agreed Dan York, director of IP technology at VoIP vendor Mitel. "But we're all moving to SIP," he said. The new protocol is in demand because industrywide adoption would mean phones from one vendor would work with a VoIP exchange from another, which isn't true today.

York said the tools serve a purpose. "SIP is coming into play and they give us the tools to test the systems and make them more secure," he said.

See more CNET content tagged:
VoIP security, VoIP, telephony system, TippingPoint Technologies, security tool

2 comments

Join the conversation!
Add your comment
Just like with any other protocol
Everything discussed in this article isn't really that much different from TCP-IP, VPN/IPSec, SSL and/or any other protocol out there.

Ping is a nice tool to check if the other side is up or down. But Ping Bombs which literally flood a network with spoofed Ping requests such that it could (past tense) bring the entire network to it's knees. But we got over that.

The same was true with flooding IPSec gateways with new session authentication requests bringing it to it's knees. But we got over that.

Likewise the oldest TCP SYN Floods and or various other TCP-IP handshaking bombs also tied up a system such that it either hung or went into a thrashing state. But we over came those problems as well.

That said... these new tools and those who decide to use SIP will experience the same until we over come the new problems that these tools will bring forth.

In the mean time, scrutinize your ACL (Access Control Lists) for whom should be allowed and whom should not be allowed to use the SIP protocol. And throttle back the number of concurrent sessions to keep such tools from over-flooding your VoIP network bringing it to it's knees.

SIP is still in it's infancy and thus those who attempt to use it prior to it being proven secure and reliable must take their own preventative measures.

Hopefully, tools like this will show them where the vulnerabilities are in the test labs prior to people putting the systems into production lines.

Walt
Posted by wbenton (522 comments )
Reply Link Flag
throttle back the number of concurrent sessions
<a class="jive-link-external" href="http://www.analogstereo.com/honda_odyssey_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/honda_odyssey_owners_manual.htm</a>
Posted by Ipod Apple (152 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.