[VOIPSEC] [SearchSecurity.com] Better VoIP training needed, SANS director says

Simon Horne s.horne at packetizer.com
Mon Dec 11 14:32:36 GMT 2006


As I know you are aware the final daft of the standards for H.323 (which 
are almost identical to the ITU documents) are freely available and have 
been for many years.

I'm not here to debate protocols or how easy they are to implement or not, 
leave that for a developers debate, we are talking about security (on a 
VoIP security list) and how having a security framework built in to the 
protocol from the very beginning makes securing that protocol in the future 
a lot easier.


At 09:53 PM 11/12/2006, you wrote:
>Hello Simon,
>Do you know why people are quiting H.323?
>Because the standards are closed, which means that we have to buy them in 
>order to implement them. The second reason is because are limited. Maybe 
>you like to have a protocol that rotates the camera, and it seems so damn 
>cool, but i like a solution that can handle 10000 connections on a server 
>and it can have conferences and everything i can dream of.
>Maybe you like and you understand H.323, but I'm scared every time what i 
>have to introduce some new H.323 feature in Yate, so the testing procedure 
>for H.323 is the most complicated we have in Yate.
>Implementing SIP is like a walk in the park compared with H.323, and 
>Jabber/Jingle is like a warm spring day.
>And i didn't mention IAX which because it has both signaling and data on 
>the same protocol is like having a warm jacuzzi during a cold winter day 
>to implement security for it.
>Maybe PSTN compatibility is important for you. But that's so '90's. And 
>I've started to do VoIP in the 21 century.
>Diana Cionoiu
>Simon Horne wrote:
>>I totally agree, security is not a mainstream issue until it starts to 
>>become an issue, then of course it's all too late.
>>On the topic of IM have you had a chance to read my proposal and working 
>>document H.460.tm (Text Messaging)
>>It is completely backwards interoperable. You can have two softphone 
>>connected to an old cisco network and be able to exchange text messages 
>>between eachother.  Gives you something to think about :-)
>>>P.S. In H.323 haft of the bugs have been in ASN.1 parser, because that 
>>>protocol is too difficult to implement.
>>This is a kinda funny statement to make given you previous post on the 
>>topic..:-)  There are quite a few (as you know) very good ASN.1 parsers 
>>available in both open source and can be purchased. For instance it took 
>>me no more than about 5 minutes (serious) to upgrade my code from H.323v5 
>>to H.323v6 using an open source ASN.1 C++ parser and ASN.1 definitions 
>>straight out of the standards documents. Once you have a decent parser 
>>then building is just a snap. Understanding how it all works is a 
>>different story. The protocol is extremely complicated (in some areas 
>>overly complicated) but it was designed to accommodate most requirements 
>>of a VoIP system including PSTN interoperability and security framework 
>>from the very beginning. Trying to add these features later on can be 
>>just as difficult or more difficult to implement.
>>I personally have used the existing security framework of H.323 to 
>>embedding digital certificates for authentication, diffie-hellmen keys 
>>for media encryption, caller credentials (username/password) for border 
>>call admission etc into pre-existing standard signalling messages and 
>>successfully deployed these devices interoperablity in pre-existing H.323 
>>networks. This isn't rocket science, if a flexible security framework 
>>exists than with a bit of effort it is possible, if it does not then 
>>securing that VoIP network, at best is difficult and potentially costly 
>>wholesale upgrading endeavor or at worst a worthless completely broken 
>>mess like email.
>>At 12:51 AM 11/12/2006, Diana Cionoiu wrote:
>>>Hello Simon,
>>>This is why we decided to support Jingle in Yate. Jingle has the 
>>>advantage that it has a mechanism that works against spam (the dialback 
>>>system existing in Jabber), better than any other VoIP protocol that i 
>>>know, and it also has support for IM, and gateways to the main existing 
>>>networks, and probably in the future we will be able to build gateways 
>>>for audio.
>>>In the end i can say that i do hope for better networks, but security 
>>>has never been a mainstream issue, and i doubt it will become very soon. 
>>>So any protocol that wants to have a chance this days has to provide 
>>>more than security.
>>>Diana Cionoiu
>>>P.S. In H.323 haft of the bugs have been in ASN.1 parser, because that 
>>>protocol is too difficult to implement.
>>>Simon Horne wrote:
>>>>I have to agree with Richard, those on this list know there are 
>>>>currently functioning, workable VoIP solutions (and have been for many 
>>>>years) which have security built in from the get-go including SMA and 
>>>>H.323. You can't blame the programmer if the protocol he/she has to 
>>>>work with does not have the native capacity to support the required 
>>>>security the programmer is trying to program.  Its not the programmers fault.
>>>>Lets be honest. The market has chosen to adopt a protocol which is very 
>>>>difficult to secure (as it has no native security support itself). That 
>>>>choice may come back to haunt the entire industry.

More information about the Voipsec mailing list