[VOIPSEC] Voipsec Digest, Vol 15, Issue 5 (Thank you for your email which has been successfully delivered to me.)
Catriona O'Connell
Catriona.O'connell at nottingham.ac.uk
Wed Mar 8 06:08:16 CST 2006
Please would you remove my name from your frequent contacts address book? This will prevent delays in future mail reaching me, as it will be routed direct to me on my new email system.
You can find my name in the Novell GroupWise address book or write to me at:
Firstname.Lastname at nottingham.ac.uk.
Kind regards.
>>> Voipsec 03/08/06 12:00 >>>
Send Voipsec mailing list submissions to
Voipsec at voipsa.org
To subscribe or unsubscribe via the World Wide Web, visit
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
or, via email, send a message with subject or body 'help' to
Voipsec-request at voipsa.org
You can reach the person managing the list at
Voipsec-owner at voipsa.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Voipsec digest..."
Today's Topics:
1. VoIP Security Courses (Mark Teicher)
2. Re: VoIP Security Assessment Tools (Shawn Merdinger)
3. VOIP Security in its Totality (Paine, Richard H)
4. CanSecWest/core06 Vancouver April 3-7 (Dragos Ruiu)
----------------------------------------------------------------------
Message: 1
Date: Tue, 7 Mar 2006 07:43:55 -0500 (GMT-05:00)
From: Mark Teicher <mht3 at earthlink.net>
Subject: [VOIPSEC] VoIP Security Courses
To: Voipsec at voipsa.org
Message-ID:
<557761.1141735435739.JavaMail.root at elwamui-muscovy.atl.sa.earthlink.net>
Content-Type: text/plain; charset=us-ascii
Check out the following URL http://www.voip-info.org/wiki/index.php?page=VoIP+Training for a starting point.
hope this helps
/m
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Cem Akbas
Sent: Tuesday, March 07, 2006 2:06 AM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] VoIP Security Courses
Hi all,
Does anyone have any idea of VoIP security courses ? Which is the best
for me, when you consider the usability of the information provided in
real time arena?
Thanks in advance.
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
------------------------------
Message: 2
Date: Tue, 7 Mar 2006 06:27:05 -0800
From: "Shawn Merdinger" <shawnmer at gmail.com>
Subject: Re: [VOIPSEC] VoIP Security Assessment Tools
To: raul_carr at symantec.com
Cc: Voipsec at voipsa.org
Message-ID:
<fb0927a80603070627x7fa361flfa4e36d5f4a1e8cc at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hi Raul,
>Date: Mon, 6 Mar 2006 12:35:47 -0800
>From: "Raul Carr" <raul_carr at symantec.com>
>Does anyone have a recommend list of publicly available VoIP Security
assessment tools?
Here's a list I've had going on....
Thanks!
--scm
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SIP packet Creation & Malformed & Fuzzing & Flooding & Spoofing
=================================================
+ SiVus - http://www.vopsecurity.org/html/tools.html
+ SIPsak - http://sipsak.org
+ PROTOS SIP Suite -
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
+ SIP Forum Test Framework (SFTF) - http://www.sipfoundry.org/sftf/index.html
+ SIP bomber - http://www.metalinkltd.com/downloads.php
+ SIPp - http://sipp.sourceforge.net
+(? link) Nastysip -
http://phoenix.labri.fr/documentation/sip/Documentation/Material/Clients/Tools/Test/NastySIP/SX%20Design.htm
Manual (pretty GUI) SIP Packet Generators
================================
+ SIPNess - http://www.ortena.com/files/Messenger.zip
+ NetDude - http://netdude.sourceforge.net
Python and SIP
===========
+ Scapy - http://www.secdev.org/projects/scapy/
Sniffing
=====
+ Ethereal - http://www.ethereal.com
+ Cain & Abel - http://www.oxid.it/cain.html
+ VOMIT - http://vomit.xtdnet.nl
+ Oreka - http://oreka.sourceforge.net
+ VoiPong - http://www.enderunix.org/voipong/index.php
Various Scripts & Tools
=================
+ Send-SIP-Fun - http://www.security-scans.de/index.php?where=ssf
+ Skora.net - http://skora.net/voip/voip.html
kphone-ddos - Using KPhone for flooding attacks with spoofed SIP-packets
sip-scan - A fast SIP network scanner
sip-kill - Sniff for SIP-INVITEs and tear down the call. (03.11.2005
- new version 0.3a)
sip-redirectrtp - Manipulate SDP headers so that RTP packets are
redirected to an RTP-proxy. (16.09.2005 - new version 0.1)
rtpproxy - Wait for incoming RTP packets and send them to wanted
(signaled by a tiny protocol) destination. (16.09.2005 - new version
0.1)
SIP Listener
=========
+Sipomatic - (Part of LinPhone) http://www.linphone.org/?lang=us&rubrique=1
SIP over IPv6
=============
+SIPv6 Analyzer - http://pcs.csie.nctu.edu.tw/~yhsung/sipv6_analyzer/
SIP Device Specific Attacks
====================
+ See packetstorm
------------------------------
Message: 3
Date: Tue, 7 Mar 2006 10:17:07 -0800
From: "Paine, Richard H" <richard.h.paine at boeing.com>
Subject: [VOIPSEC] VOIP Security in its Totality
To: <Voipsec at voipsa.org>
Message-ID:
<0C549DAFE1A8004D8EB57ACDD108646D01E8A425 at XCH-NW-2V2.nw.nos.boeing.com>
Content-Type: text/plain; charset="US-ASCII"
VOIP Security in its Totality
I have been on this mailing list from the start and I have seen all of
your variants that you think might make VOIP secure. Some of you will
leap on a proposed solution and ride it for awhile, but then you realize
all the issues and problems that come with implementing pieces and not
the whole.
There are some fundamental problems that you are still not addressing.
The biggest problem is that the Internet has some fatal flaws. Those
flaws are the vulnerability of the basic Internet to spoofing of MAC and
IP addresses. Other flaws include the inability of IPv4 and IPv6
gateways to scale to the size of the Internet. You are not going to get
around those using a VPN solution.
There have to be some fundamental changes in the way the Internet
operates. One way is through a framework and architecture called the
Secure Mobile Architecture (SMA). This architecture is published by The
Open Group and is available at the following URL:
http://www.opengroup.org/bookstore/catalog/select.tpl?text=secure+mobile
+arch The architecture addresses many of the issues you have been
talking about. Until we actually address the issues of basing security
on the MAC and IP addresses, all of your approaches will not address the
basic problem.
I have an example of the issues hiding our heads in the sand can lead
to. I have been a member of IEEE 802.11 since about 1995. Boeing got
involved in 802.11 because of the potential solutions 802.11 provided
for both Internet access onboard airplanes and for the mobile enterprise
communications. So I got involved early in the security provided for
the Wireless LANs. The initial group of 802.11 standards developers
felt, as I did, that the WEP was sufficient (good enough) to get the
standard rolling. It wasn't! The work around was VPNs for any wireless
connections, but it definitely slowed and inhibited the growth of WLANs.
It took six years to provide a WEP replacement that was
cryptographically secure.
If IEEE 802.11i is any example, the VOIP growth and viability is
inexorably tied to how secure our telephone calls are. I have always
been incredulous that we never cared very much how vulnerable our
telephone conversations are. The wire makes us seem less vulnerable,
but in fact, backbone communications links are sometimes over major
microwave links. Many of the Fortune 500 contractually stipulate that
none of their business communications are sent over microwave links.
In addition to the microwave links, we have wholly trusted our telephony
companies to protect us and they have done quite a good job in that most
of the connections are in central offices that have not been broken
into. This is all changing now and this mailing list is at the
forefront of the discussion. What do we do about voice security now
that our telephone conversations are riding over the Internet and have
all the Internet vulnerabilities of viruses, MAC address spoofing, IP
address spoofing, replay, spamming, etc?
In the big picture, end-to-end secure sessions with cryptographically
based mechanisms to identify people and machines are the only way to
assure secure VOIP communications. In our work with the Secure Mobile
Architecture (SMA), we have been exposed to all the regulatory
requirements for privacy and legality. These requirements include
Sorbannes-Oxley, HIPPA, and many others. They are quite extensive and
demanding, especially of privacy and protection from exposure on the
Internet. Without addressing the requirement of an end-to-end
cryptographically secure infrastructure, we are not addressing the
problem and those of us responsible for unleashing VOIP on the world
have a responsibility to address this problem in a big picture way.
The core of the problem comes from the relationship of security and
identity. When I first heard and participated in discussions on
identity management, I was very skeptical that this was a required
discipline at all. In fact, I still think that identity management is
not the right term for what we need to address in Internet VOIP and WLAN
infrastructure contexts. We do not need to manage the identities. In
reality, the people, organizations, and enterprises need to be assured
that their identities are protected when they use the Internet. So, the
identity of a person or machine must be protected in a business context
or in an individual context. By the way, this identity of a machine is
an imperative one to address. We are still not doing a good job of
identifying a computer or intelligent machine's identity. In fact, as
VOIP gets more integrated into the business processes and telephony
becomes more versatile and VOIP applications are used for event
notification, the validity of such processes is dependent on getting the
cryptographically validated sources of the VOIP information you get.
The architecture The Open Group developed called the Secure Mobile
Architecture (SMA) deals with these issues through the use of four
elements (Boeing deployment); 1. Public Key Infrastructure (PKI)
access, 2. use of the Host Identity Protocol (HIP), 3. a Network
Directory Service (NDS), and 4. use of a Location Enabled Network
Service (LENS). I will treat each of these and their relationship to
VOIP and VOIP security in the following four paragraphs.
PKI: The access to a PKI is needed for managing the issuance and
revocation of certificates for identity. Boeing has an enterprise PKI,
the US government has multiple PKIs, and many business entities have
PKIs. The PKI functionality actually is moving down the scale from
large scale enterprises mechanisms to smaller and smaller scale
organizations, and I suspect that it will eventually get down to the
individual machine level that PKIs will be managed on individual
machines. The certification authority will be offered by large scale
third party companies that do background checks and validate the
individuals and machines, that is, if these certification authorities
are not in large enterprises. What applicability does this have to the
VOIP security arena? This element of the SMA is the way to provide a
certification authority to validate the end user or device is who or
what it says it is. So, when you get a VOIP call, you can be assured
that the person or machine who is contacting you is who they say it is.
The same applies when you are making a call. You can be assured that
when you are calling who you meant to call and they are who they say
they are.
HIP: The use of the Host Identity Protocol (HIP) puts a cryptographic
identity on every packet. The packets look just like IPSEC packets, so
they are routable anywhere in the world. In addition, HIP uses a
namespace rather than an address space and creates a Security
Association (SA) between the end-to-end communicators. Because the
Security Association is established and depends on a namespace, the IP
addresses can change and the Security Association remains and can enable
the devices to roam across IP subnets or diverse networks such as
cellular to WLAN. The cryptographic identity is a derivative of a hash
of the certificate and is put in the ESP field and is an SPI in the
IPSEC-like packet. The HIP has several versions and implementations.
The Boeing SMA implementation uses a virtual directory to store
information of the initiator/responder. Other implementations use the
DNS resource record to store the namespace information to navigate
through the namespace. The implementation of this in the VOIP security
context would be the VOIP service providers providing the HIP
infrastructure to their customers to enable security and mobility for
them.
NDS: The Network Directory Service provides the data store for the
information required to maintain both the network and OS information
needed to allow secure mobility. The directory must be a virtual
directory from which the information can be stored in an enterprise or
ISP business directory. Since it is a virtual directory, the
information could be stored in a database or flash memory card or
whatever is deemed necessary to provide the needed information to the
initiator and responder of the Security Association pair. The virtual
directory provides the storage for the IP address, the location, and
policy information to make decisions about the communications and
mobility. The enterprise or ISP directory can be one arm of the virtual
directory, so the people and server information of the existing
directories can be available to the SMA information stores. In the VOIP
security context, the VOIP ISP provides secure mobile communications
from end-to-end for each call. This means secure both over the wire and
the wireless and it is always encrypted and cryptographically
identified.
LENS: The Location Enabled Network Service (LENS) is a Real-Time
Location Service (RTLS) that provides location information about the
communications pairs. The location service enables an enterprise to
know not only who the participants are, but also knows where they are
for emergency services or business process flow optimization. The SMA
uses the LENS for policy-enforcement of location and identity. For
example, US government providers must provide differentiation between US
citizens and non-US citizens and enable restrictions on what government
information may be disclosed in what geographical areas. The location
provided by the LENS can be the key to customer managing their employees
in restricted areas. Location events may be triggered when a non-US
citizen enters an area restricted to US citizen only. Also, emergency
location information for health emergencies (such as E911) is a
difficult requirement for most US ISPs and enterprises. The location
provided by the network is really the only way to get location
information indoors within the US government requirement of 300ft. IEEE
802.11 location services are generally the source of indoor location and
the cellular and GPS location services are the source of information
outdoors.
These four elements (PKI, HIP, NDS, and LENS) make up the core of an SMA
secure and mobile VOIP telephony environment. Trying to do a piecemeal
TLS or SSL or PGP solution is only addressing a small part of the
overall problem of securely enabling mobile VOIP communications. In our
opinion, only by addressing this problem on a framework or architectural
basis, like SMA, are you able to address the underlying VOIP security
issues of supporting security and mobility as an enterprise or as an
ISP. The interesting thing about this architecture is that it can be
provided piecemeal as a service. You can start out with supporting
requirements for a secure and mobile service within your Intranet to
support those who have the requirement. The SMA capability can be
implemented on your Intranet and serve as your IT support for projects
that require security and mobility on your existing WLAN and wired LAN
infrastructure. Since it looks like IPSEC, an SMA subscriber using the
WLAN and wired LAN infrastructure for transport and the
cryptographically identified packets enable traceability across your
enterprise or ISP constituency. Without such a framework or
architectural approach, security and mobility will continue to be
plagued with inconsistency and partial solutions that do not address the
issues.
We have deployed SMA nodes in three physical and logical installations
in The Boeing Company. We could have gotten by with only one, but
another installation was needed to investigate issues with directory
replication and distribution and the third is being installed in a lab
environment to support a laboratory and simulation network. We have
deployed the infrastructure as a mobile rack that is a self contained
node that can be deployed in a Network Control Center.
In conclusion, addressing VOIP security in its totality is an
imperative, especially in organizations with military, HIPPA,
industrial, and government requirements. What I recommend to this
mailing list is to consider at least one of VOIPSA solutions to be an
architected infrastructure implementation that addresses the totality of
the Internet and its present deficiencies. SMA is an example of such an
architected infrastructure implementation and I hope to present the SMA
to the VOIPSA at some point.
Richard H. Paine
Success is getting what you want, happiness is liking what you get!
Cell: 206-854-8199
IPPhone: 425-373-8964
Email: richard.h.paine at boeing.com
------------------------------
Message: 4
Date: Tue, 7 Mar 2006 20:50:02 -0800
From: Dragos Ruiu <dr at kyx.net>
Subject: [VOIPSEC] CanSecWest/core06 Vancouver April 3-7
To: Voipsec at voipsa.org
Message-ID: <200603072050.02877.dr at kyx.net>
Content-Type: text/plain; charset="iso-8859-1"
The call for papers is now closed and the proposals have been reviewed
for the CanSecWest/core06 Applied Technical Security Conference held
on April 5-7 2006 at the Mariott Renaissance Harbourside in Vancouver,
B.C. Canada.
The selected submissions are :
An hour of Rap and Comedy about SAP - Steve Lord
Next Generation Sebek - Edward Balas - Indiana University
RF Bugsweeping - Tim Johnson - Technical Security Consultants Inc.
Magstripe Madness - Major Malfunction
Metasploitation (and a dash of IPS) - HD Moore - BreakingPoint
Carrier VoIP Security - Nico Fischbach - COLT
Attacking VoIP Networks - Hendrik Scholz - Freenet Cityline GmbH
Security Issues Related to Pentium System Management Mode - Lo?c Duflot
Advancements in Anonymous eAnnoyance - Christopher Abad - Cloudmark
Real Time Threat Mitigation Techniques - Josh Ryder - University of Alberta
Stunt Profiling: Securing a System While You Wait - Crispin Cowan - Novell
Visualizing Source Code for Auditing - Lisa Thalheim
Attacking Web Services - Alex Stamos, Scott Stender - iSEC Partners
Reverse Engineering Microsoft Binaries - Alexander Sotirov - Determina
Zen and the art of collecting and analyzing Malware - Fred Arbogast and
Sascha Rommelfangen - S.E.S. Astra
How to test an IPS - Renaud Bidou - RADWare
Insiders View: Network Security Devices - Dennis Cox - BreakingPoint
More on Uninitialized Variables - Halvar Flake
Eric Byres - SCADA - BCIT
Panel Discussion - Vulnerability Commercialization
Terri Forslof, 3Com, Manager of Security Response
Michael Sutton iDefense Labs, Director of iDEFENSE Labs
Others TBA
Vendor Elevator Focus Groups
David Meltzer, Cambia
Ofir Arkin, Insightix
Others TBA
Lightning Talks
Some talks from the PacSec/core05 conference in Tokyo in November and
the EUSecWest/core06 conference in London during February were highly
rated and have been invited for encore presentations at CanSecWest:
Attacking the IPv6 protocol suite - van Hauser - THC / n.runs GmbH
Protecting the Infrastructure - Jim DeLeskie & Danny McPherson - Teleglobe,
Arbor Networks
Security Masters Dojo Courses
April 3-5 Vancouver
Network Reconnaissance with Nmap 4 - Fyodor & Doug Hoyte
Network Vulnerability Scanning: Turning Nessus into Metasploit - Renaud
Deraison & Nicolas Pouvesle
Reverse Engineering: Rapid Bug Discovery and Input Crafting - Halvar
Assembly for Exploit Writing - Gerardo Richarte
Advanced IDS Deployment and Optimization - Marty Roesch
Advanced Honeypot Tactics - Thorsten Holz
Mastering the network with Scapy - Philippe Biondi
Securing your critical Cisco network infrastructure - Nico Fischbach
Practical 802.11 WiFi (In)Security - C?dric Blancher
Bluetooth Auditing and Technology - Martin Herfurt, Adam Laurie, Marcel
Holtmann
Conference registration on line can be found at:
http://cansecwest.com/register.html
Security Masters Dojo Vancouver registration can be found at
http://cansecwest.com/dojo.html
cheers,
--dr
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada April 3-7 2006 http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp
------------------------------
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
End of Voipsec Digest, Vol 15, Issue 5
**************************************
This message has been checked for viruses but the contents of an attachment
may still contain software viruses, which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
More information about the Voipsec
mailing list