[VOIPSEC] Daisy chaining voice <-> PC VLAN, risks?

Robert Moskowitz rgm at icsalabs.com
Mon Sep 12 11:18:42 CDT 2005 

This design has been a topic of discussion in IEEE 802.1, as what we 
are getting with 802.1AE is not addressing this model, though we feel 
it could.  It will take a separate PAR....

802.1aj Two-port MAC Relay will standardize what many of these phone 
vendors are doing.  Supposedly:

the phone acts as a simple relay for the PC's MAC address.

The phone ONLY interacts with the switch-side port, so supposedly 
none of its packets can reach the PC.

The 2 VLANs are managed either by:

Hardcoding the switch for the phone's and PC's MAC addresses:
Proprietary stuff from the phone that the switch recognizes.
802.1X by both the phone and the PC (hey, 1X was first written for switches!)

The advantage of the later, is its easy of admin, the control it 
gives over VLAN assignments (via user/device ID in RADIUS), and some 
level of security (only authorzed MACs are accepted, that was 802.1AE 
could have strengthened).

Hope this helps.

At 04:53 AM 9/12/2005, Erik.Hofmann at infineon.com wrote:
>Hello everybody,
>
>How would you assess the security of a VoIP design where you build 2
>V-LANs on top of one physical infrastructure using so called daisy
>chaining. This means you have a built in switch in you phone device, 2
>Ethernet interfaces, one for the phone itself which is plugged to the
>network and one for the desktop PC which is plugged to the phone?
>
>What is the risk for confidentiality of voice data streams concerning
>internal / external attackers?
>It appears that the phone devices (Cisco) uses some hardware information
>+ MAC address to identify themself as VoIP-phone against the network
>switch.
>How complex would it be e.g. to configure a notebook to connect to the
>phone V-LAN, eavesdropping voice traffic with arp spoofing technique
>etc?
>Or snoop on a (e.g. WAN) trunk etc?
>Are there any concerns on confidentiality of voice data regarding the
>Call Manager in the phone V-LAN? (Identity manipulation etc)?
>
>Any hints to good sites for threats and vulnerabilities for VoIP stuff?
>
>kindly regards
>
>Erik Hofmann
>
>Principal Information Systems Security
>Infineon Technologies AG
>
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
VoIP:   248-291-0713
E:      rgm at icsalabs.com

There's no limit to what can be accomplished if it doesn't matter who 
gets the credit

More information about the Voipsec mailing list