FEATURE: VoIP requires new thinking about IT security

Threat Mitigation Systems for VoIP
By Bogdan Materna
VP of Engineering and CTO, VoIPshield Systems

For service providers and enterprises to successfully deploy VoIP, it is important to understand that while some VoIP security requirements are similar to those in data networks; several areas are specific to VoIP. As a real-time service, VoIP requires infrastructure to provide automated, real-time response to security threats to preserve very high-availability service demanded by telephony users. VoIP services can offer features such call ID, call forward, voice mail and three-way calling, which open up service providers to a number of new service threats such as toll fraud, service theft, voice spam (SPIT), and identity theft.

With these new challenges and vulnerabilities, VoIP clearly requires a more sophisticated approach to security than those currently used to secure data networks. Solutions designed around network-based devices and signature-based applications simply cannot address the real-time nature and complexity of VoIP networks. Combining network and host-based security devices and applications with sophisticated, systems-level threat mitigation platforms is required to efficiently protect the entire VoIP infrastructure.

A Three-Pronged Approach to VoIP Security

Building an effective approach to VoIP security consists of three functional components: prevention, protection and mitigation.

Prevention enables organizations to proactively identify and fix VoIP-specific vulnerabilities before they impact end-users. A commonly used approach from the data security world--vulnerability assessment (VA)--is particularly effective as a proactive strategy. By performing a VoIP VA in the lab, before any VoIP equipment or applications are deployed, organizations are able to verify vendor claims and identify security flaws early in the deployment cycle. Once VoIP is deployed, periodic or continuous vulnerability assessments should become the base of an overall proactive VoIP security strategy. Once vulnerabilities are identified they should be addressed by appropriate actions such as patching, re-configuration and network tuning.

Within the VoIP network, various security architectures and solutions should also be deployed to protect VoIP services from threats. Any security architectures and solutions must be "VoIP aware" so they do not impact VoIP service quality and reliability. Deploying a multi-layer infrastructure that provides both perimeter and internal network protection is ideal. In most cases, this will consists of numerous security devices and host-based applications, such as SBCs, VoIP Network Intrusion Prevention Systems (NIPS), VoIP DoS defenses, VoIP Network Intrusion Detection Systems (IDS), Host IPSs, Authentication, Authorization and Accounting (AAA) servers, encryption engines and VoIP anti-virus software.

However, it is widely accepted that no matter how good the prevention and/or protection in place may be, eventually an attacker or worm will successfully penetrate the defense architecture and impact VoIP infrastructure. To date, there have been few publicized VoIP security attacks. However, as VoIP is adopted into the mainstream, it is a matter of when and not if widespread attacks will occur. When that occurs, threat mitigation systems will take over, and must be able to respond autonomously to a detected security attack, while keeping their impact to a level where VoIP services can still function at a reasonable level of QoS. It is important to distinguish between Intrusion Protection Systems (IPS) that will prevent an attack and therefore belongs to the protection domain from a Threat Mitigation System (TMS) that's main task is to minimize the impact of the attack when it is already under way.

VoIP Threat Mitigation Today

Currently, a combination of human intervention and security management tools are being used to mitigate the impact of VoIP attacks. A "zero day" worm may pass through the protection infrastructure and cause the network and/or critical VoIP servers to go down which may result in minutes, hours or days of downtime as the issue is addressed by IT staff.

As the VoIP market matures, and attacks become more prevalent, these methods will no longer be sufficient. VoIP networks simply cannot tolerate multi-hour or multi-day downtimes if they are required to support 99.999 percent availability.

Service providers and enterprises are beginning to realize that a real-time, automated response to VoIP security threats is required. Otherwise, major VoIP security threats such as SPIT, DoS or fast spreading worms may result in service disruption or degraded service integrity.

The most effective approach to VoIP threat mitigation involves three core elements:

• Detection: A threat must be identified as soon as possible, and needs to be signature independent. For example, to address zero day exploits before the signature is created--threat mitigation is automated so it behaves faster than the threat.
• Correlation: Once the threat is detected, it must then be correlated to known indicators on its impact on the network and information on that threat must be retrieved from the existing security infrastructure.
• Response: The system must then respond in real-time in a matter of seconds to ensure that the reliability or integrity of the network isn't impacted. Any response to attacks must take place in the background so it is seamless to end users and the service remains available.

This model of threat mitigation is delivered as a software solution. Because the software works at the systems level, it can deliver an end to end, layered view of VoIP networks, addressing the entire VoIP network including the OS, protocols, etc. Unlike human intervention, the goal with a software approach is to respond to an attack in a matter of seconds, and to be in-line and host-based to support real-time response and mobile users.

While the need to secure IP-based voice communications is driving the need for threat mitigation, as new IP services become available such as IPTV become available the same security requirements will apply. Just as users will not tolerate an outage of phone service, they will demand the same level of reliability and integrity for other paid services such as IPTV.

Conclusion

At the current time, VoIP threat mitigation systems are not yet available, however they are the natural next steps for securing VoIP security and need to be planned for now. As some equipment providers are beginning to talk about "self-defending" VoIP systems, which include elements of threat mitigation and the demand for IP-based services increases, threat mitigation will become a reality. In planning and deploying VoIP, a proactive, systems-level approach to security is required and threat mitigation should figure prominently in service provider's VoIP plans.

Service providers need to push for VoIP-specific threat mitigation, to ensure their delivery of PSTN-level reliability and enable them to manage risks to the network. For VoIP to become a reality, all IP services need to be delivered with PSTN-level reliability and security, with industry-wide standards. Vendors must play an active role in pushing security issues such as threat mitigation to the forefront.

Bogdan Materna is the VP of Engineering and CTO at VoIPshield Systems www.voipshield.com. He can be reached at bmaterna@voipshield.com or (613) 224-4443.