Securing Cisco Voip Network

  • View
    16

  • Download
    3

Embed Size (px)

DESCRIPTION

The fact that VoIP relies on IP infrastructure make it vulnerable to any attack that targets the network. Consequently, whatever may be the nature of the attack, there is a good chance that the attacker is capitalizing on a weakness in the VoIP protocol being used. VoIP is different from other IP services in the sense that its security is normally treated as one of the service properties configurable by the user. This article provides an overview of VoIP security requirement, aimed at empowering public VoIP user With the strategies to mitigate threats.

Text of Securing Cisco Voip Network

  • SECURING VoIP NETWORK: AN OVERVIEW OF APPLIED

    APPROACHES AND ANALYSIS

    Michael Oche, Rafidah Md Noor Member IEEE, Abubakar Bello Tambawal and Mostofa

    Kamal Nasir

    ABSTRACT - VoIP is becoming more and more popular and as such a potential target

    for hackers. Providing security for VoIP services is therefore pertinent for

    telecommunications. Without correct mechanisms to ensure callers authentication,

    transmission confidentiality and availability of the service, security of the VoIP users is

    at risk. The fact that VoIP relies on IP infrastructure make it vulnerable to any attack

    that targets the network. Consequently, whatever may be the nature of the attack, there

    is a good chance that the attacker is capitalizing on a weakness in the VoIP protocol

    being used. VoIP is different from other IP services in the sense that its security is

    normally treated as one of the service properties configurable by the user. This article

    provides an overview of CISCO VoIP security requirement, aimed at empowering

    public VoIP user With the strategies to mitigate threats.

    Keywords: AAA, CIA, PSTN, Telephony, VoIP,

    2.0 INTRODUCTION

    Voice over Internet Protocol (VoIP) is a rapidly growing Internet service. It gained popularity

    as a way to cut costs of international telephone connections by transporting voice over public

    IP networks [1]. Today it is being implemented in many IP applications, where it enables

    direct, and most time free communication over the Internet to users globally. As a

  • consequence, VoIP technology slowly replaces traditional telephony. There are numerous

    attack vectors when dealing with VoIP, and since VoIP depends on the IP infrastructure any

    attack that targets the network can be a potential hazard for VoIP. Consequently, whatever

    may be the nature of the attack, there is a good possibility that the attacker is capitalizing on a

    weakness in the VoIP protocol being used. Providing security for this service is therefore

    pertinent for telecommunications. User private information, business negotiation details or

    even state secrets could be revealed if not well protected. Without a correct mechanism to

    ensure callers Authentication, transmission confidentiality and service availability, the

    security of VoIP users are at risk. In view of this it is pertinent and imperative to investigate

    VOIP security problem and evaluate the service to assure that moving telephony to a new IP-

    based platform does not compromise its security [2]. In most cases advances and trends in

    information technology typically surpass the corresponding realistic security requirements .

    This is no different in case of VoIP. Most efforts were till today invested in providing more

    advanced services and applications, with less attention paid to security. Another prevailing

    problem lies in users' perception of VoIP telephony, the fact that VoIP telephony idea is not

    completely new, it follows the exemplification of traditional telephony and its seen by the

    users as a replacement to traditional telephony. A replacement users presumed should provide

    similar security level. But unfortunately, VoIP is different, in the sense that its security is

    usually treated as one of the service properties configurable by the user. As such in this paper

    we reviewed and analyzed basic CISCO VOIP network security requirements, with the aim

    of empowering public VoIP users and equipping them with relevant basic tools or

    information on how to better secure their VOIP telephony system.

  • 3.0 LITERATURE ANALYSIS

    Voice over Internet Protocol is a somehow a different technology, even though an average

    telecommunication user knows it concerns the Internet and is relatively cheaper, he/she

    probably may not know any details beyond that. The traditional telephony system since its

    introduction in 1878 involved three main stages, first it existed in a form of a first generic

    telephone network which required a constant human presence to switch and setup call. Later

    in 1891 [3] POTS were introduced. Plain Old Telephone System (POTS) provides for

    automated switching thereby completely eliminating the need for human presence. In 1970

    POTS were replaced with a more advanced system known as the Public Switched Telephone

    Network (PSTN). Unlike POTS the PSTN uses digital signals, voice is no longer transmitted

    as an analogue signal as in the case of POTS but as a digital signal. This development made it

    possible to offer other services such as fax and other database services. The introduction of

    the PSTN system marks the beginning of the digital communication system and to make

    communication even more seamless the new PSTN was also compatible with the POTS

    system, which uses the lowest transmission bandwidth of 4KHz despite the fact that digital

    services are transported on higher frequencies [3]. Beginning from 1990 the higher

    bandwidth brought about as a result of digitization find their usefulness in data network

    access technology. Many Internet access services, like ISDN and then DSL, ADSL are now

    offered via the same access lines that were used for PSTN [4].

    3.1 THE ARCHTECTURE

    The acronym VoIP represents, Voice over Internet protocol which implies that voice packet

    is transported using Internet Protocol (IP), its a packet switching system. VoIP is different

    from the PSTN which is a circuit switched. Unlike the PSTN which irrespective of the

    amount of information to be sent, reserved a full transmission bandwidth. VoIP, on the other

    hand, is packet switched. Information that is to be sent is divided into packets and

  • transmitted. Only meaningful information is put into packets. Additionally each packet may

    travel with a different route (dynamic routing) in a transport network, as there is no single

    reserved path (circuit). As a consequence packet arriving at the destination may come in a

    different sequence, than they were sent. Also, as there is no guaranteed bandwidth, some

    packets may be lost. These packets are simply transported using the Internet Protocol (IP).

    Voice transportation using the IP works just the same way, as in any other application like

    WWW or email. The internet's tariffing system is based on a philosophy different from that

    of the PSTN. Tariffing is independent of geographical distance between the sender and

    receiver. Therefore, transmitting data between any two points costs the client the same

    amount, but in the case of traditional PSTN its different (calls are charged based on distance).

    Figure 1 shows four scenarios that related to the IP Network PSTN. Figure 1.1 shows

    scenario 1, the first VoIP applications, the application permits voice communication between

    two users of the Internet, and it has grown so popular to an extent that it is now used in many

    Instant Messaging (IM) clients, like Skype, Messenger, etc. Voice transmission over IP works

    just as any other Internet service and fully converged with other IM applications. The next

    step of VoIP development came with the calls from Internet users to PSTN fixed subscribers

    figure 1.2 scenario 2. The main advantage of such a telecommunication solution is that

    information traveled through the Internet as long as possible and are forwarded to the PSTN

    at the very end as close to the subscriber as possible. Thanks to this, even international calls

    are treated as local calls by PSTN provider. The total cost is considerably diminished [5].

  • Figure 1: VoIP/PSTN basic scenarios [5].

    The last two scenarios (figure 1.3 and figure 1.4) might be used by providers when the need

    arises (whenever circumstance requires its implementation). Unquestionably, there are allot

    more complicated scenario cases in used, but they would merely be a variation of the four

    presented in Figure1.

    3.2 PROTOCOLS AND CONCEPTS

    While introducing VoIP one has to mention some basic elements and concepts of a VoIP

    system. As can be seen in Figure 2 there are four basic elements of a VoIP System [5].

  • Terminal In a VoIP environment it refers to the end point of communication

    devices , usually where the calls are being terminated. A terminal could either be

    software base or hardware based and could also involve some automatic interaction

    such as voice mails.

    Server server is the focal point of a VoIP system. Registration of terminals and data

    information such as location and IP is stored here. Also the server performs some

    other operations such as setup call routing mechanism, authorization and accounting

    operation.

    Gateway Is the outmost edge of the VoIP network. It ensures the interoperability of

    the VoIP network with other networks such as converting voice calls and fax calls

    amidst PSTN and IP network..

    Conference Bridge For multi point communication. Allows for the functionality of

    several communication points. Because of the high resource requirement of the

    conference bridge it is isolated from the server just as shown in figure 2.

  • Figure 2: VoIP basic architecture

    4.0 SECURITY REQUIREMENTS ANALYSIS

    Risk assessment of Voice over IP in public networks should start with analysis of security

    expectations. One should state what requirements are imposed on the system. Of course

    before such