Transcript Securing UC Presentation

Securing Unified Communications
Mor Hezi
VP Unified Communications
AudioCodes
Agenda
• Common threats and impacts
̶ Toll Fraud
̶ Telephony Denial of Service (TDoS)
̶ VOIP threats
• How the hacking process works
̶ Footprinting
̶ Scanning
̶ Enumeration
• Securing Unified
Communications with SBC’s
2
Common Threats and
Impacts
3
Toll Fraud Impacts
• 2013 Global Fraud Loss Estimate:
$46.3 Billion (USD) annually
• VoIP systems make these kind of attacks much easier
Billion (USD)
• Top 5 Fraud Methods Reported by Surveyed Companies:
6.00
Subscription Fraud
5.00
PBX Hacking
4.00
Account Take Over
3.00
VoIP Hacking
2.00
Dealer Fraud
1.00
0.00
Fraud Method
Source: 2013 CFCA
Global fraud loss Survey
4
Dial-Through Fraud (DTF)
• The most damaging form of toll fraud
• The idea is to exploit an IP PBX and find a way to take an
inbound call and hair-pin out to an international number
1
Attacker sells access to
users who dial in and
back out
Enterprise users
2
ITSP / Internet
4
Many calls generated to
long distance or
international
destinations
5
PBX
3
One Ring and Cut (Wangiri) Fraud
The attacker sets up a call to unsuspecting
users from a premium number, the call rings
once and then cut off
Attacker
1
5
ITSP / Internet
PBX
3
Users who receive these
calls are often tricked into
calling back
4
High cost
Destination
Enterprise users
2
the enterprise will incur
the charge of
connecting to the
premium number
6
TDoS - Telephony Denial of Service
• Telephony denial of service attacks (TDoS) are increasing in severity
and frequency
• Unauthorized users flood the system with bogus access requests and
prevent legitimate users from accessing the system
• Keeping these calls active for long duration, the attacker prevents voice
network resources from being used by legitimate callers
Customers
cannot reach
the agents
ITSP / Internet
PBX
Agents
TDoS
Attacker
7
Security threats to VoIP traffic have become prevalent
• Increased convergence
̶ Transition from dedicated networks to converged approaches that
can include extensions to trusted third parties such as:
• SIP Trunking providers
• UCaaS
• Multiple device support
̶ Users want to integrate their bring your own device (BYOD)
strategies with the enterprise UCC solution
• Communications-enabled applications
̶ VoIP is increasingly embedded directly into applications
̶ WebRTC integrating voice directly into CRM, ERP and contact center
̶ It is becoming more difficult to isolate voice onto their own networks
8
VoIP Threats
Threat
Result
Call Flooding
An attacker floods valid or invalid heavy traffic (signals or
media) to a target system and drops the performance
significantly or breaks down the system
Malformed
Messages
(Protocol Fuzzing)
An attacker sends malformed messages to the target
server or client for the purpose of service interruption. A
malformed message is a protocol message with wrong
syntax.
Spoofed Messages An attacker may insert fake (spoofed) messages into a
certain VoIP session to interrupt the service, or insert
them to steal the session. The typical examples are "call
teardown" and "toll fraud."
Registration
Hijacking
A SIP registration hijack works by a hacker disabling a
valid user’s SIP registration, and replacing it with the
hacker’s IP address instead
Eavesdropping
An attacker is able to monitor the entire signaling and/or
data stream between two or more VoIP endpoints
9
How the hacking process
works
11
Collection of Information about the Target
• Before any attack can take place against a company,
hackers need to go through three phases:
FootPrinting
Scanning
12
Enumeration
Footprinting
The first step is to gather information about the infrastructure of a
target network
• Extension numbers, IP addresses, network address ranges,
remote access capabilities etc…
̶ From the company’s website
̶ IP ranges registered to the company as reported by
ARIN (American Registry for Internet Numbers)
• The hacker makes a footprint
about the target
• Analyzes it
• Picks the most appropriate
methods and tools to
hack the system
13
Scanning
• The hacker needs to get more information about the target
• He needs to probe and communicate with the target
̶ Using OPTIONS
• There are four commonly encountered scanning objectives:
̶ Determining whether system is alive
̶ Discovering open ports
̶ Identifying network services
̶ Detecting system type (user-agent)
14
Enumeration
The next and last step in information gathering is enumeration
• It involves probing the identified services
for known weaknesses
• There are several methods which rely
on studying the error messages returned
̶ SIP REGISTER, OPTIONS and INVITE
• Exposing valid usernames/passwords
̶ Extensions without password
̶ Extensions with easy password:
• Pass: 1234
• Ext: 4000, pass: 4000
15
How to secure Unified
Communications?
16
Using Session Border Controllers
Gartner recommendation for securing enterprise voice:
“Implement session border controllers (SBCs) to control and log the
security policies between the specific security zone for real-time voice
and video communication and the other security zones.”
• E-SBC provides an
extensive set of features to
protect an enterprise voice
network:
Robust
Management
Security
Protection
against
Attacks and
Threats
Monitoring and
Reporting
Data
Confidentiality
and Privacy
Protection against
Unauthorized
Access
17
Why do I need an SBC when the SP has one?
• The service provider SBC is there to protect themselves from their
enterprise customers
• The core SBC is not located at the enterprise demarcation and
therefore can only provide limited protection
• E-SBCs provide the necessary security enterprises need to
protect their VoIP communication networks
̶ Similar to the firewalls enterprises use to enforce their data network
security
• E-SBCs
̶ Enforce enterprise’s unique security policies
̶ Allow secure remote connections: mobile clients, remote agents
̶ Provide complete network topology hiding
• Doesn’t expose internal network and employee names to SP
18
Summary
• Conventional data firewalls were not designed with real
time communications in mind
̶ Leaving enterprises vulnerable to security threats
• AudioCodes E-SBC can help businesses protect their
UC infrastructure and service
̶ Mitigating financial losses and legal exposure
19
Thank You
20