[VOIPSEC] Voipsec Digest, Vol 12, Issue 5

T. Martin tmartin at gvnw.com
Fri Dec 9 12:58:44 CST 2005 

Date: Wed, 07 Dec 2005 11:11:29 +0200
From: Hank Nussbacher <hank at efes.iucc.ac.il>
Subject: [VOIPSEC] Telcos and VOIP/SIP security
To: voipsec at voipsa.org
Message-ID: <5.1.0.14.2.20051207110706.00aff138 at efes.iucc.ac.il>
Content-Type: text/plain; charset="us-ascii"; format=flowed

I am looking for documents from traditional CLECs that detail the security 
considerations when migrating from an old style (exchange) based network to 
a new style VOIP/SIP/NGN style network.  I have read the docs at:
http://hhi.corecom.com/voipsecurity.htm
http://www.vopsecurity.org
http://www.voipsa.org/
and the NIST doc is interesting but I am looking for something written by a 
Sprint/MCI/AT&T type of CLEC.  Anything out there?

Thanks,
Hank

No there is not a lot of documentation about this.  I am working on
developing a document for the ILEC's



Terry Martin 
GVNW Consulting Inc
Senior Consultant
phone:503.612.4400
fax 503.612.4401
cell 503.318.8909


-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Voipsec-request at voipsa.org
Sent: Wednesday, December 07, 2005 4:00 AM
To: Voipsec at voipsa.org
Subject: Voipsec Digest, Vol 12, Issue 5

Send Voipsec mailing list submissions to
	Voipsec at voipsa.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
or, via email, send a message with subject or body 'help' to
	Voipsec-request at voipsa.org

You can reach the person managing the list at
	Voipsec-owner at voipsa.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Voipsec digest..."


Today's Topics:

   1. Telcos and VOIP/SIP security (Hank Nussbacher)
   2. Re: RTP-borne virus examples? (dhiraj.2.bhuyan at bt.com)


----------------------------------------------------------------------

Message: 1
Date: Wed, 07 Dec 2005 11:11:29 +0200
From: Hank Nussbacher <hank at efes.iucc.ac.il>
Subject: [VOIPSEC] Telcos and VOIP/SIP security
To: voipsec at voipsa.org
Message-ID: <5.1.0.14.2.20051207110706.00aff138 at efes.iucc.ac.il>
Content-Type: text/plain; charset="us-ascii"; format=flowed

I am looking for documents from traditional CLECs that detail the security 
considerations when migrating from an old style (exchange) based network to 
a new style VOIP/SIP/NGN style network.  I have read the docs at:
http://hhi.corecom.com/voipsecurity.htm
http://www.vopsecurity.org
http://www.voipsa.org/
and the NIST doc is interesting but I am looking for something written by a 
Sprint/MCI/AT&T type of CLEC.  Anything out there?

Thanks,
Hank




------------------------------

Message: 2
Date: Wed, 7 Dec 2005 11:02:32 -0000
From: <dhiraj.2.bhuyan at bt.com>
Subject: Re: [VOIPSEC] RTP-borne virus examples?
To: <dtrammell at sipera.com>
Cc: Voipsec at voipsa.org
Message-ID:
	
<D3A8095FE029114F820F94C1C0D681D8061D4026 at i2km86-ukdy.domain1.systemhost.net
>
	
Content-Type: text/plain;	charset="us-ascii"

 
Engrypting the media stream won't solve all the problems. But not doing
so will leave a big hole in your defense. Authenticating and validating
each and every packet is one step forward towards building a secure VoIP
platform. I agree that this won't solve the problem arising from buggy
user agents. But it will be wrong to assume that RTP borne viruses will
only originate from "buggy user agents". There will be malicious user
agents and there will be remotely exploitable vulnerabilities - it is a
fact of life. Of course we still need to take care of buggy user agents.
And I think the "Trusted Computing Platform"
(https://www.trustedcomputinggroup.org/home) is one way of dealing it. 

---
Dhiraj Bhuyan, CISSP
Senior Network Security Researcher,
pp2A, Rigel House, BT Group CTO
Martlesham Heath, Ipswich, IP5 3RE

 
-----Original Message-----
From: Dustin D. Trammell [mailto:dtrammell at sipera.com] 
Sent: 02 December 2005 16:47
To: Bhuyan,D,Dhiraj,CXR7 R
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] RTP-borne virus examples?

On Fri, 2005-12-02 at 15:48 +0000, dhiraj.2.bhuyan at bt.com wrote:
> Securing the media stream (using IPSec for example) will solve many 
> such issues. But in my opinion, there seems to be not much interest in

> securing the media stream at this moment. I might be wrong
(hopefully!).

How exactly would using IPsec to secure a malicious media stream solve
the issue?  If an attacker is sending malicious RTP packets, they're
malicious, regardless of the transport.  Granted, the attacker would
have to establish an IPsec session, which most likely will require some
form of authentication allowing for a level of accountability, but
adding IPsec only limits the scope of the attack vector, it doesn't
solve the issue, which is a buggy phone or gateway crashing when an
attacker sends it malicious RTP traffic.

--
Dustin D. Trammell
Vulnerability Researcher
Sipera Systems Inc. http://www.sipera.com



------------------------------

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


End of Voipsec Digest, Vol 12, Issue 5
**************************************

More information about the Voipsec mailing list