VoIP connections threaten LAN security
Increasing use of voice over IP (VoIP) systems may be threatening the security of corporate local area networks.
Speaking at the InfoSecurity Europe show, Natalie Stallwood, business development manager for Alcatel-Lucent in UK and Ireland, said: “More than 75% of the deployments of VoIP are done without considering the security of the LAN.”
She blamed the fact that “VoIP equipment is bought by telecoms people not IT people,” but runs over data networks not a custom voice IP network.
VoIP calls need four ports on a network, which are often assigned statically and then left open. This leaves the network vulnerable to denial- or degradation-of-service attacks, toll fraud and other issues.
“There are off-the-shelf scanning tools to find these vulnerabilities, and websites that list the vulnerabilities of various manufacturers’ VoIP equipment,” said Stallwood.
Alcatel-Lucent’s solution, dubbed the Brick, was originally developed by Bell Labs to protect US government networks and so far has not had any vulnerabilities reported Computer Emergency Response Team database.
The Brick uses a technique called ‘IP dynamic pinholing’ to secure VoIP connections, opening up a fresh set of random assigned ports for each call and closing them when the call ends. It also takes steps to protect the Session Initiation Protocol (SIP) used to start VoIP calls, by limiting the length of the SIP header and blocking comments within it.
The Brick is also deployed in layer 2, so it is transparent to the rest of the user’s infrastructure, need not be shown in network schematics and can be invisible to network polling.