[VOIPSEC] Voipsec Digest, Vol 12, Issue 6
Kolenko, Marc
Marc.Kolenko at gd-ais.com
Thu Dec 8 10:44:10 CST 2005
One potential future solution to the RTP-borne virus examples cited
below are impending DRM-based technologies, i.e., Trusted Computing
Group (TCG) TPM version 1.2 (formerly TCPA main specification v1.1b).
Crypto capabilities can potentially provide for confidentiality/privacy,
and integrity of TX/RX IP datagram's (in conjunction with IPsec's IKE).
The trusted platform module (i.e., Intel's LaGrande's chipset) also
provides for attestation identity keys (AIKs) which enable a particular
platform to be certified (i.e., and VoIP media device), assuring that
security components are genuine, and conformance certs that assure, via
3rd party, that the security properties of the device are indeed
legitimate...TPM much too long of a subject to cover in this
thread...good topic for future discussion on assuring confidentiality,
integrity, and availability of IP-enabled media devices operating in a
secure environment. I'm doing some research in this area.
________________________________
Marc M. Kolenko, Sr Lead Engineer, IA
Systems Research & Development
Homeland Security & Assurance
General Dynamics
Advanced Information Systems
Office: 703.807.5646
Cell: 703.298.4521
GDAIS Private Information
If you are not the addressee or authorized by the addressee to receive
this e-mail, you may not disclose, copy, distribute or use this e-mail.
If you have received this e-mail in error, please notify the sender
immediately by reply e-mail or by telephone at (703) 807-5672 and
destroy this message and any copies. Thank you
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Voipsec-request at voipsa.org
Sent: Thursday, December 08, 2005 7:00 AM
To: Voipsec at voipsa.org
Subject: Voipsec Digest, Vol 12, Issue 6
Send Voipsec mailing list submissions to
Voipsec at voipsa.org
To subscribe or unsubscribe via the World Wide Web, visit
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
or, via email, send a message with subject or body 'help' to
Voipsec-request at voipsa.org
You can reach the person managing the list at
Voipsec-owner at voipsa.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Voipsec digest..."
Today's Topics:
1. [Voipsec] Enterprise VoIP certifications
(Ortega, Anthony C C-E LCMC HQISEC)
2. Re: [Voipsec] Enterprise VoIP certifications (Jeremy George)
3. Re: [Voipsec] Enterprise VoIP certifications (Josh Perrymon)
----------------------------------------------------------------------
Message: 1
Date: Wed, 7 Dec 2005 14:19:33 -0700
From: "Ortega, Anthony C C-E LCMC HQISEC" <Tony.Ortega at us.army.mil>
Subject: [VOIPSEC] [Voipsec] Enterprise VoIP certifications
To: "'Voipsec at voipsa.org'" <Voipsec at voipsa.org>
Message-ID:
<EEEE99B3D73AD04F98DFC337E7AC8E5101F405C1 at isecmail.hqisec.army.mil>
Content-Type: text/plain
I'm a security engineer for the Army and we currently have two
certifications an organization must have prior to connection onto the
Army's
Defense Switched Network (DSN). These certifications are the Interim
Authority to Operate/Authority to Operate and the Interim Certificate to
Operate/Authority to Connect from separate certification authorities.
I was wondering if there are any similar required certifications at the
enterprise level for VoIP solutions.
Thank you,
Tony Ortega
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Voipsec-request at voipsa.org
Sent: Wednesday, December 07, 2005 5:00 AM
To: Voipsec at voipsa.org
Subject: Voipsec Digest, Vol 12, Issue 5
Send Voipsec mailing list submissions to
Voipsec at voipsa.org
To subscribe or unsubscribe via the World Wide Web, visit
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
or, via email, send a message with subject or body 'help' to
Voipsec-request at voipsa.org
You can reach the person managing the list at
Voipsec-owner at voipsa.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Voipsec digest..."
Today's Topics:
1. Telcos and VOIP/SIP security (Hank Nussbacher)
2. Re: RTP-borne virus examples? (dhiraj.2.bhuyan at bt.com)
----------------------------------------------------------------------
Message: 1
Date: Wed, 07 Dec 2005 11:11:29 +0200
From: Hank Nussbacher <hank at efes.iucc.ac.il>
Subject: [VOIPSEC] Telcos and VOIP/SIP security
To: voipsec at voipsa.org
Message-ID: <5.1.0.14.2.20051207110706.00aff138 at efes.iucc.ac.il>
Content-Type: text/plain; charset="us-ascii"; format=flowed
I am looking for documents from traditional CLECs that detail the
security
considerations when migrating from an old style (exchange) based network
to
a new style VOIP/SIP/NGN style network. I have read the docs at:
http://hhi.corecom.com/voipsecurity.htm
http://www.vopsecurity.org
http://www.voipsa.org/
and the NIST doc is interesting but I am looking for something written
by a
Sprint/MCI/AT&T type of CLEC. Anything out there?
Thanks,
Hank
------------------------------
Message: 2
Date: Wed, 7 Dec 2005 11:02:32 -0000
From: <dhiraj.2.bhuyan at bt.com>
Subject: Re: [VOIPSEC] RTP-borne virus examples?
To: <dtrammell at sipera.com>
Cc: Voipsec at voipsa.org
Message-ID:
<D3A8095FE029114F820F94C1C0D681D8061D4026 at i2km86-ukdy.domain1.systemhost
.net
>
Content-Type: text/plain; charset="us-ascii"
Engrypting the media stream won't solve all the problems. But not doing
so will leave a big hole in your defense. Authenticating and validating
each and every packet is one step forward towards building a secure VoIP
platform. I agree that this won't solve the problem arising from buggy
user agents. But it will be wrong to assume that RTP borne viruses will
only originate from "buggy user agents". There will be malicious user
agents and there will be remotely exploitable vulnerabilities - it is a
fact of life. Of course we still need to take care of buggy user agents.
And I think the "Trusted Computing Platform"
(https://www.trustedcomputinggroup.org/home) is one way of dealing it.
---
Dhiraj Bhuyan, CISSP
Senior Network Security Researcher,
pp2A, Rigel House, BT Group CTO
Martlesham Heath, Ipswich, IP5 3RE
-----Original Message-----
From: Dustin D. Trammell [mailto:dtrammell at sipera.com]
Sent: 02 December 2005 16:47
To: Bhuyan,D,Dhiraj,CXR7 R
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] RTP-borne virus examples?
On Fri, 2005-12-02 at 15:48 +0000, dhiraj.2.bhuyan at bt.com wrote:
> Securing the media stream (using IPSec for example) will solve many
> such issues. But in my opinion, there seems to be not much interest in
> securing the media stream at this moment. I might be wrong
(hopefully!).
How exactly would using IPsec to secure a malicious media stream solve
the issue? If an attacker is sending malicious RTP packets, they're
malicious, regardless of the transport. Granted, the attacker would
have to establish an IPsec session, which most likely will require some
form of authentication allowing for a level of accountability, but
adding IPsec only limits the scope of the attack vector, it doesn't
solve the issue, which is a buggy phone or gateway crashing when an
attacker sends it malicious RTP traffic.
--
Dustin D. Trammell
Vulnerability Researcher
Sipera Systems Inc. http://www.sipera.com
------------------------------
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
End of Voipsec Digest, Vol 12, Issue 5
**************************************
------------------------------
Message: 2
Date: Wed, 7 Dec 2005 16:38:52 -0500 (EST)
From: Jeremy George <jeremy.george at yale.edu>
Subject: Re: [VOIPSEC] [Voipsec] Enterprise VoIP certifications
To: "Ortega, Anthony C C-E LCMC HQISEC" <Tony.Ortega at us.army.mil>
Cc: "'Voipsec at voipsa.org'" <Voipsec at voipsa.org>
Message-ID: <Pine.LNX.4.61.0512071636580.20947 at tracy.its.yale.edu>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Tony,
Can you elaborate on what is being certified? Is this a form of
federation?
- Jeremy
On Wed, 7 Dec 2005, Ortega, Anthony C C-E LCMC HQISEC wrote:
> Date: Wed, 7 Dec 2005 14:19:33 -0700
> From: "Ortega, Anthony C C-E LCMC HQISEC" <Tony.Ortega at us.army.mil>
> To: "'Voipsec at voipsa.org'" <Voipsec at voipsa.org>
> Subject: [VOIPSEC] [Voipsec] Enterprise VoIP certifications
>
> I'm a security engineer for the Army and we currently have two
> certifications an organization must have prior to connection onto the
Army's
> Defense Switched Network (DSN). These certifications are the Interim
> Authority to Operate/Authority to Operate and the Interim Certificate
to
> Operate/Authority to Connect from separate certification authorities.
>
> I was wondering if there are any similar required certifications at
the
> enterprise level for VoIP solutions.
>
> Thank you,
>
> Tony Ortega
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]
On
> Behalf Of Voipsec-request at voipsa.org
> Sent: Wednesday, December 07, 2005 5:00 AM
> To: Voipsec at voipsa.org
> Subject: Voipsec Digest, Vol 12, Issue 5
>
> Send Voipsec mailing list submissions to
> Voipsec at voipsa.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> or, via email, send a message with subject or body 'help' to
> Voipsec-request at voipsa.org
>
> You can reach the person managing the list at
> Voipsec-owner at voipsa.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Voipsec digest..."
>
>
> Today's Topics:
>
> 1. Telcos and VOIP/SIP security (Hank Nussbacher)
> 2. Re: RTP-borne virus examples? (dhiraj.2.bhuyan at bt.com)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 07 Dec 2005 11:11:29 +0200
> From: Hank Nussbacher <hank at efes.iucc.ac.il>
> Subject: [VOIPSEC] Telcos and VOIP/SIP security
> To: voipsec at voipsa.org
> Message-ID: <5.1.0.14.2.20051207110706.00aff138 at efes.iucc.ac.il>
> Content-Type: text/plain; charset="us-ascii"; format=flowed
>
> I am looking for documents from traditional CLECs that detail the
security
> considerations when migrating from an old style (exchange) based
network to
> a new style VOIP/SIP/NGN style network. I have read the docs at:
> http://hhi.corecom.com/voipsecurity.htm
> http://www.vopsecurity.org
> http://www.voipsa.org/
> and the NIST doc is interesting but I am looking for something written
by a
> Sprint/MCI/AT&T type of CLEC. Anything out there?
>
> Thanks,
> Hank
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 7 Dec 2005 11:02:32 -0000
> From: <dhiraj.2.bhuyan at bt.com>
> Subject: Re: [VOIPSEC] RTP-borne virus examples?
> To: <dtrammell at sipera.com>
> Cc: Voipsec at voipsa.org
> Message-ID:
>
>
<D3A8095FE029114F820F94C1C0D681D8061D4026 at i2km86-ukdy.domain1.systemhost
.net
>>
>
> Content-Type: text/plain; charset="us-ascii"
>
>
> Engrypting the media stream won't solve all the problems. But not
doing
> so will leave a big hole in your defense. Authenticating and
validating
> each and every packet is one step forward towards building a secure
VoIP
> platform. I agree that this won't solve the problem arising from buggy
> user agents. But it will be wrong to assume that RTP borne viruses
will
> only originate from "buggy user agents". There will be malicious user
> agents and there will be remotely exploitable vulnerabilities - it is
a
> fact of life. Of course we still need to take care of buggy user
agents.
> And I think the "Trusted Computing Platform"
> (https://www.trustedcomputinggroup.org/home) is one way of dealing it.
>
> ---
> Dhiraj Bhuyan, CISSP
> Senior Network Security Researcher,
> pp2A, Rigel House, BT Group CTO
> Martlesham Heath, Ipswich, IP5 3RE
>
>
> -----Original Message-----
> From: Dustin D. Trammell [mailto:dtrammell at sipera.com]
> Sent: 02 December 2005 16:47
> To: Bhuyan,D,Dhiraj,CXR7 R
> Cc: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] RTP-borne virus examples?
>
> On Fri, 2005-12-02 at 15:48 +0000, dhiraj.2.bhuyan at bt.com wrote:
>> Securing the media stream (using IPSec for example) will solve many
>> such issues. But in my opinion, there seems to be not much interest
in
>
>> securing the media stream at this moment. I might be wrong
> (hopefully!).
>
> How exactly would using IPsec to secure a malicious media stream solve
> the issue? If an attacker is sending malicious RTP packets, they're
> malicious, regardless of the transport. Granted, the attacker would
> have to establish an IPsec session, which most likely will require
some
> form of authentication allowing for a level of accountability, but
> adding IPsec only limits the scope of the attack vector, it doesn't
> solve the issue, which is a buggy phone or gateway crashing when an
> attacker sends it malicious RTP traffic.
>
> --
> Dustin D. Trammell
> Vulnerability Researcher
> Sipera Systems Inc. http://www.sipera.com
>
>
>
> ------------------------------
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> End of Voipsec Digest, Vol 12, Issue 5
> **************************************
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
------------------------------
Message: 3
Date: Wed, 7 Dec 2005 16:03:08 -0600
From: "Josh Perrymon" <perrymonj at networkarmor.com>
Subject: Re: [VOIPSEC] [Voipsec] Enterprise VoIP certifications
To: "Jeremy George" <jeremy.george at yale.edu>, "Ortega, Anthony C C-E
LCMC HQISEC" <Tony.Ortega at us.army.mil>
Cc: Voipsec at voipsa.org
Message-ID: <AA95E41CCEDC1D468B4039CB853CA72901AB5E11 at zeus.icshq.com>
Content-Type: text/plain; charset="us-ascii"
Is this Similar to the NIST standards? You perform audits and develop a
baseline. The next steps are more audits, Security Test and Evaluation,
then Certification?
J Perrymon
Network Armor
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Jeremy George
Sent: Wednesday, December 07, 2005 4:39 PM
To: Ortega, Anthony C C-E LCMC HQISEC
Cc: 'Voipsec at voipsa.org'
Subject: Re: [VOIPSEC] [Voipsec] Enterprise VoIP certifications
Tony,
Can you elaborate on what is being certified? Is this a form of
federation?
- Jeremy
On Wed, 7 Dec 2005, Ortega, Anthony C C-E LCMC HQISEC wrote:
> Date: Wed, 7 Dec 2005 14:19:33 -0700
> From: "Ortega, Anthony C C-E LCMC HQISEC" <Tony.Ortega at us.army.mil>
> To: "'Voipsec at voipsa.org'" <Voipsec at voipsa.org>
> Subject: [VOIPSEC] [Voipsec] Enterprise VoIP certifications
>
> I'm a security engineer for the Army and we currently have two
> certifications an organization must have prior to connection onto the
Army's
> Defense Switched Network (DSN). These certifications are the Interim
> Authority to Operate/Authority to Operate and the Interim Certificate
to
> Operate/Authority to Connect from separate certification authorities.
>
> I was wondering if there are any similar required certifications at
the
> enterprise level for VoIP solutions.
>
> Thank you,
>
> Tony Ortega
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]
On
> Behalf Of Voipsec-request at voipsa.org
> Sent: Wednesday, December 07, 2005 5:00 AM
> To: Voipsec at voipsa.org
> Subject: Voipsec Digest, Vol 12, Issue 5
>
> Send Voipsec mailing list submissions to
> Voipsec at voipsa.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> or, via email, send a message with subject or body 'help' to
> Voipsec-request at voipsa.org
>
> You can reach the person managing the list at
> Voipsec-owner at voipsa.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Voipsec digest..."
>
>
> Today's Topics:
>
> 1. Telcos and VOIP/SIP security (Hank Nussbacher)
> 2. Re: RTP-borne virus examples? (dhiraj.2.bhuyan at bt.com)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 07 Dec 2005 11:11:29 +0200
> From: Hank Nussbacher <hank at efes.iucc.ac.il>
> Subject: [VOIPSEC] Telcos and VOIP/SIP security
> To: voipsec at voipsa.org
> Message-ID: <5.1.0.14.2.20051207110706.00aff138 at efes.iucc.ac.il>
> Content-Type: text/plain; charset="us-ascii"; format=flowed
>
> I am looking for documents from traditional CLECs that detail the
security
> considerations when migrating from an old style (exchange) based
network to
> a new style VOIP/SIP/NGN style network. I have read the docs at:
> http://hhi.corecom.com/voipsecurity.htm
> http://www.vopsecurity.org
> http://www.voipsa.org/
> and the NIST doc is interesting but I am looking for something written
by a
> Sprint/MCI/AT&T type of CLEC. Anything out there?
>
> Thanks,
> Hank
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 7 Dec 2005 11:02:32 -0000
> From: <dhiraj.2.bhuyan at bt.com>
> Subject: Re: [VOIPSEC] RTP-borne virus examples?
> To: <dtrammell at sipera.com>
> Cc: Voipsec at voipsa.org
> Message-ID:
>
>
<D3A8095FE029114F820F94C1C0D681D8061D4026 at i2km86-ukdy.domain1.systemhost
.net
>>
>
> Content-Type: text/plain; charset="us-ascii"
>
>
> Engrypting the media stream won't solve all the problems. But not
doing
> so will leave a big hole in your defense. Authenticating and
validating
> each and every packet is one step forward towards building a secure
VoIP
> platform. I agree that this won't solve the problem arising from buggy
> user agents. But it will be wrong to assume that RTP borne viruses
will
> only originate from "buggy user agents". There will be malicious user
> agents and there will be remotely exploitable vulnerabilities - it is
a
> fact of life. Of course we still need to take care of buggy user
agents.
> And I think the "Trusted Computing Platform"
> (https://www.trustedcomputinggroup.org/home) is one way of dealing it.
>
> ---
> Dhiraj Bhuyan, CISSP
> Senior Network Security Researcher,
> pp2A, Rigel House, BT Group CTO
> Martlesham Heath, Ipswich, IP5 3RE
>
>
> -----Original Message-----
> From: Dustin D. Trammell [mailto:dtrammell at sipera.com]
> Sent: 02 December 2005 16:47
> To: Bhuyan,D,Dhiraj,CXR7 R
> Cc: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] RTP-borne virus examples?
>
> On Fri, 2005-12-02 at 15:48 +0000, dhiraj.2.bhuyan at bt.com wrote:
>> Securing the media stream (using IPSec for example) will solve many
>> such issues. But in my opinion, there seems to be not much interest
in
>
>> securing the media stream at this moment. I might be wrong
> (hopefully!).
>
> How exactly would using IPsec to secure a malicious media stream solve
> the issue? If an attacker is sending malicious RTP packets, they're
> malicious, regardless of the transport. Granted, the attacker would
> have to establish an IPsec session, which most likely will require
some
> form of authentication allowing for a level of accountability, but
> adding IPsec only limits the scope of the attack vector, it doesn't
> solve the issue, which is a buggy phone or gateway crashing when an
> attacker sends it malicious RTP traffic.
>
> --
> Dustin D. Trammell
> Vulnerability Researcher
> Sipera Systems Inc. http://www.sipera.com
>
>
>
> ------------------------------
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> End of Voipsec Digest, Vol 12, Issue 5
> **************************************
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
------------------------------
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
End of Voipsec Digest, Vol 12, Issue 6
**************************************
More information about the Voipsec
mailing list