|
|
|
Security Holes Make VOIP a Risky Business
By: Jim Louderback
2004-05-12
Article Rating: / 0
There are 0 user comments on this IT Infrastructure story.
Security Holes Make VOIP a Risky Business (
Page 1 of 3 ) Thinking of moving your phones to VOIP to save money? Better think again. Today's SIP and VOIP protocols are as vulnerable as an unpatched version of Windows XP.Its the latest technology craze. Turn your phones digital, and use the Internet to bypass pricey long-distance providers. Individuals and businesses can slash phone costs by 50 percent or more, with little or no loss of quality.
But theres a very dark lining inside this silver cloud. VOIP (voice over IP) is just as vulnerable to hackers as other digital networking technologies. But its just far less protected—which can put your entire company at risk.
According to a prominent networking and security pal of mine—who wished to remain nameless—"SIP is a very weak protocol." It uses edge-style servers, similar to FTP, e-mail and HTTP, to initiate connections between users. According to my buddy, just as hackers have attacked those servers, theyre coming after VOIP too.
What sorts of vulnerabilities exist? Lets start with the basics. Because most VOIP traffic over the Internet is unencrypted, anyone with network access can listen in on conversations. That means Willy in the mailroom can overhear your CEO and HR director discuss the latest round of layoffs.
But thats just a start. Hackers can spoof SIP and IP addresses and hijack whole conversations. Imagine a phishing-style attack where your customer ends up talking to an organized crime syndicate in Russia masquerading as your telesales group. Your customers credit cards, personal information, maybe even Social Security number, gone in a flash.
Or what about denial of service? A hacker could easily flood your SIP server with bogus requests, making it impossible to send or receive calls. Or what about spamming a 4MB file to 4,000 phones? Or transmitting 500 bogus voice mail messages instantly? It can be done. Or imagine having your phone ring forever. You pick up, no answer, hang up, and it rings again. The only way to stop it is to remove the battery. Instant doorstop.
 Want to find out if IP telephony is right for your company? Take this Baseline quiz.
Next page: Cost of mounting an attack.
|
|
�������xr({\w@"{�Im4%VlҌ3"!1Er///|u^<�.K2{<5K�ht7�F
K�9s4ô'1�%c�}{֤w~HRkg͛6;�͜(ȑ�k�ѩe�軫�F]̉�k�7�vGl$rw
A:|@vDZ��)5'ӠYl5g�{z3/3mB}�F�[�.pѱ
⌳Q�m5x�yK͜�%yC
Ѻ�8!AQ�RtX ayc�$B �g&�g71m,
T%h�!�1Qes�60w;/<��P"[U;a=�7SѠ(v�2%vk�6^
;�4s9Fȹ�3�z$1d9�;���{"�-�Xd�UŘ�HGeCc`Ww,ǃɩV�TQ3cmfZ�35k-3ǀؾQ̀���A3E5��L_CԿ)$fҀK�8V�#/��y�y��< ۱"˭��Uֶe5�^G~3m�gN]b12GlR�ۄؼ�?0��$ꎧ�c"S9ˡ,kFp氢閩�l�Ⱥu(A(R\=P�
rwwW3mù-Ӟߛ9nAwfnf_gJU-��p#��,;�ඒ��K�U;�ާ[yԺ} g Fb�� DT*jZ*5fI"0i�է6ttA�H{tT獒A7jJ|P**F �zZzO`F%�pbQU�9�ϦŠsuywȠs9EF,��sAՊE*�C\�Y�oME%uw'+r=�>;sو��(lnAZڪV��6O|�w3R�&��ںa#�IͽCbw<|!�j]~<:�$ץcY>�_>��!�O}�fr"GrI/��o"�{beQ
�5�F`XӀ7�? iP2z�q,�
߲n\S;G`ho\ ZR� E/$h�.f��p-
@lo�
K�j�,rM&S{~�$M�5Ŧ]`)ed[T^̗U.d`(_��2jFTwEQ��a#ax<ψ+�_��\B�
3
p�*^뻹Ȇ-�j�GeuJ�֖d]�`x�;�{:��:'ٻyo�Nj
�#\��LoZ`3\cV=UݣU*P\or**& r/L
[ԖA-�ò˄A
��
NhfQ
LQÜϚ#Ͷ�!9N���N�+/6Cͥ�4}j���>; ä
��p|g�i�-z9Թ0�鋥*�Cb`Ψ6s�PCG�A�:]�TRmb;>t9�PhRP<�sx7ܚ@[3_�%]ѽk:F��?a'0/ Z-����BeV~�m�̢�Psܧ�}M�rAݛ39ڭfZȴ@c@.{S�~`\2Q 5X5�[�\ıa弃�d�.k�pn>>{BOMn�aDpI.3Ҫ||=Ꭴm?
T!]�Lqα�r�B&�k*H(A3�bmy�3�0筷
VM21r@u5e�XScXMϠDn��L~b8uf�u/$1`�V|�l\6��ƖuV"k̲X]۽/ 7Je_[օV�P+}�@�y#� dlK��
kZԕ>�%/�E�$$BYv`}.E�G�"�?ԉ0Z�?HpSw{!K5ǰ^\탢�[-%UV�OLXZfG�z�k":Y;7l�d��A�F�NbH� ���Қ|t
u�;.�Cϱȧsw='S-`clr��>=�-H �SǏpBa)چe�.�GEQCz�&\�D�2|P����-�X��б�fًΰY�48~5l4^u:#�֭Cd�=��D5)0۠�M��F�=͝lļZA_a��y
�'jE)j$'�`�/#Y-���(Uر,.�3h6[5(mEZ!=���G�7uX85G[͆OCBM��Hxqx304TU��&<�
+>Fs��`+\q{�nKt�PŁ&Ͱ�8]zq&�$�TY(�Qܥ&3Sӧ�m4`H�kܸ�/|P"X588�� y|@*�&�Oz�1�
[
�"�T�=;$f�t�W߀&]�46D>�PÃ{nc�?T�^e�f�<{LRKz-F8:UU�eV�gU`�sC/yW�E�"ITA��_⪯=�q
,S0Ӈl�N?+�CzMpe0�}N�\j�̆�G>Y�0{'P^˒Ǧ;|x�ߛ#y.ª_*ǨOMqё,ug¸RTU[�;�3؞?�F���'hE}h�⦉ ��L hA�ui�7�ހ��jZ�U�~IF��G�:q~i�@"Osf0f�,*Lo�?MU�K*~iͻ'M^��?%mpH1�)dR@F4@��qdi��~t}Aiٜ��!zV~ʀWIe��&�2TN[_Ȏ/կ4>�s}&�fgmxorF�++1�3��8W�1omȊW#ڃu�IlLaGhbg�;@<}jXI�˂a0"3Q)�҃zҳbu�ey9,�Ӻ��*uXf���.ÝЉ r��u`wFTU�һ<@̙�UV<�B�;Bc`"mV7ue&lXMX��b�ҽ�l[Ԫw;? 3s0`!��\߫}{��P?l��^*A
F2�
�T:HP+ Y|��a
c�(
+`�B'�,W��r\&GWF@"'!r�3��ݠމbR�\�<1�м`7~1^�J~ � }MCX_�9
v�d#�
;?J7ݓCR*@:mw>�=���}~/l?~w�!a�am��0^;,5.
X�J/ ;Uʼn=ow4.[-@�ez�L\��{AC}:jfW?퓓{a
:KZ@ɁUzA\9o_^/~�zWYu/:R1ARz2W#A.Ϻ/�Y �
GB9>봯[|OM1k&05h<���!麫`J�*��H!y,�'�t�^�t\LR!�}'Zd> |
AU�k>CwVT�F�
Bb-,�3bA!I�BNg
(JC��H��T
�dIy�];N�αg@D@@np�+z!NU��E,$K�e=ғ2%Kt{WmN�xy�mr
/Uщ ݹ^�4~ y*~y:~_dxL�%�GBYGg2�\I'OwOH
Y�
�>u8/g�gwi!�^��o�?%(E��z:W@ׇdj��#J U=��Sz=O��?{
�cl9wa�(�~ɘ
$-zfeٺfIl�x8cƂL)dJH/�F
=)!�j5ۓ$-I^O Eq���ʊ(KB�QKz�3>�e�v�ޜ,H}9Yi@ybZӽM3BJ$c=sf[e
�KQ�k��q,\��)�
�|8RB[,>��R4\һoeU!1}��^{@�3`LcI��CZC�ɇzP(�vtϯU��5�Sf�=O^L{W$?I8��Gu*b<9l_Aݾ0n`eq쭿?�nwh;ft,z;Ojw\^3L;M�y�zv`�4gk3@
?\g���[ıwT߆�ح�@)�r�+NQDܯ$&^=a�q
�Ӯ��q"KqܳDb9N4f8�9鑋ހ�+Ҿ<�b�u`}%H|OR`@GL4B0ǻ^�T�2#|ȥ�'n~i����?4o�7
]ekw}B!uo~~6,"rDqEkF��OW�E+��T㜏Wgqzm�z�S@���m֗Bi~?cg[DL;*p&�v]fm1�~1M'Ldј@.u,vk4Y��aD�VA;�m`��ܭ6,eM�/ʰ%7VŒr &9?���9D#''N��z��x?$gTl#}]c%4P�0�Ƙ÷2dg@[A Ԁ)�^Qs@�e�#'-/>Łc�2�e�F ?�j���YuYQ�C� BMd5Q|s�@-p�tF-�4|p4vYDLx?�~�jG.X�KzkQXHJ?t:Ӛ8w,{3�M2
V)Xj\\�,���3�D(l�v�<= N�锸6�SJ�}h"чD�cHH��d�/6��E�@8Ey�h?�(}��`�_k^6(��è/k� D\pI�TY�oa*�)�+-�zFȇ?ng[0->y�kS!�`@�sH���~4YWʩ�)N�Ȯ@��~u2[bR�ezH�
)gl/�^G)
CU$�͇~ 1Yjy RX\*�TYpH~E�0��8Gz(�B@�{Ȼ⢢E�.B4l9vW�[~J^z]�Y�_(�D=�]~L4@�Aϑ�w&(�R �**8a51G�����㠵u'ZuSZ+8,�_E[ܻA^88|ˉ�KJ%�x�'!x�'1xe�EB_���B$=�1gUߞBM)�8".
P%�1J bt�'RA !P��:h�_�5>�+!B�*D�f>)iwR,x/uYTPӉ\rm�^�I�N�9�U%kL-�ڮk\HNpK˾�+n
�ԋ
0'9���ImղR,o">a!\pI�r��_
ep$EE5@M kÈzw'�;sː�S�^�g,��vk=
c)U*��z��2�@'�: k3&!tu-/�CJ9@uɂ?8VʾlklNJx)A��aCTz9W/om�5ΧnZ�qns��6�] 8J=���TTꢂxEC¡���,DÈ,($�G�+@�\؈�5�Z[WِT^̂|�Ju:8*�NM �@ċ.�vR|ဖ�EJE��?�M�֔NM�C"����Ry�l
�mJoH%t'CH�!�62o>�w̝eN3&{��DJ�[ ��q0(:QPIX,}gr�
��ZkM"/�^�k��!SJ+Ib6m|S��3�0ܜ��M�1|��w�|�ap�}>�i��!V$iڱ}>Ư5�
I���\�`l�� B$�D�� H�}��Fr>
]�$�QyC{1q�s 㢇^ƨ`ʞz�q>}R�;8Um5!$�(�1I�z(�xi=ކb&a/O`${K443?CЊ��> =��,�
Fڸ:뛤{�3~3~3~3~A��阰�C?�!(}rи3@mPꇉ[rRi���kz1[?ڬ4b(g4K�$<5K[�Yh0lt*Y+�?���>�
=Bh|s��/WLt�LR6FE�tY7v�W?HzrA�� n>Az�ȳ�
{ӱ6-�0tRKRw |?ЦO4cAq�DIw <6�|]ÏFp[��yzKf�P�j`
2GA(�%IcZW�k3Uf�a j�ɣOy|MJQM�D�DHԼ�|�m�J
?Ϗ�+Ҭ_O�]4�iH-Tѓǎe�xdq,
zM �5$-�V�W'W'Uł0�`"R6�ykrkMUaؕ
{� p@S
Wڊ'�
v>���kb�_ɑ[�P
BIK�6|՟z䡭f�Y_(ׄ%T| ǿ2�9r_|k��v[�D��464�B(~6;ݽ1j�\��tyi&]$5�V(�
`|F0~������VYQf\\�&�)]̮#+x oR�\�
(f/f#1�� ļ2F}�0:�=M�ԬE5VfX��,l%"Q0MG�pŊ8c[#@o҆^�
,�z����z
@/��(CZPBZ��ǩM�<�Ir1�Œ�
�KB�QDj=9#�S��^�a)qc�)A�+�C|��AE&��СҼ�f40dS, ^4𩱐J11ǜSÇ_5@]OQ.��]ZˣXuZ�{�f@]���&>q�-E(�([�$TC O0J(��M꠴�_~Ũ�t�� �6
y^SLx!Vy
�?L�m��=q,vX5Ğ1{�,u3ki��GVEVUP=���BQ$
N�o,�<�zҧ�E6<|ywCw�#kBY�c#:�&|��xM��L��SxɐC�7�햔jm_-VHdgJ8��|�m@� "6s?��KI�H�H OZĮ8EH���|&��Isu3�tha�Ȉxp(M�>s�<�y(�h,0LJ%=~��אD
]TVZAf�!:��xtT l.}+�<ٟ0nh�G�pБ`�b'r��*ћ럯.ʁRB7FDu"�Ft8��2*%D&��cP5
x�E
��{>_is`nO�[Z����@אI�`lcϙ�t�s9*sS��RS¤vxg\/?>' .yHcI�� ^iN4xPZ� 㯛ֿ�}���>GA~guE�r �H@+^@92fw44ܽC%bx}k�f:j�///>�iӫN?�n�uzx5
Zѷptԭs;|ܻ|ڽ\^u/�֩J·_3meP0mw�%E9ũi�'\�XesxgixɎ(b�,.6-�Awp�D0/�bQ@
:ۆ���LOA~��p
Ϗxu;�_M�;FySM��-G��oj�5}V0�8���S~s< N�ԼV(>�r<��ȿmvF~�{�H'NF1�?�f=}F?ts�ݓ\{�f�3|7?s�!3��Vy3�ϳ�~3{�99.3�_fԿ�ʠ>1>1� �@/?�}}̠O)+�)c|�2w
Y@�{
_g
wAɵN2!ogY�7NoR�8G�\(^*U�YkOY8?�yVU ?^`ek��xrg
g{�9[k?�v/{'}и�CJWTv+fa�ć_q�Lzu�ҚgA7gn"�'�B83W�@jd2��yr{%4螡�ZȢ_
NW+4\h
�w;�P3eHHŲZjVUsv+D2L���OttAԢ*R'}a`UR�L��3DA�J3
��.M#^��ЌbCO0CX.Fฃ}�lk"~C P��x��гm4Ey�+c�AV7��/E5/�*� {_A1�C�}��f@)w��b'[{8�z9���?4}NEV�I�w1Ӑ"�ɮU�mK�桮u̿6�*cO6��h[Ì,!m܂x3yM
=ƾw<^Ah_LcH2�` ̀4W�ȹ&c_"�>�oQ^ܵ�
N*� �Xm0}��kQ{pń�#2O
ErXuNď/gɱF.YB�zsb%J]�#�:�gak�j�!t�c�4s�|'J��n#QtW�Dۀ��^�x`ƨA6�[)">`OI�qMY"|)z)m&�Ĥ�j�CǤA�>hd1Bk���#ɘPb���ՍPFĊ(1םe6M6 �OEmCr\O:
w&s�=fu|qf+6d1|�Wvu;Lᒿt'/R^���ێ�~MutfL%S
/!K wN/Fd�D6^a4Dϙ�Oa\Wv�BaI3&̴,�w��UC%!�'Tfg1�6AXR/!ImP�����`87O�
0,3 Gq�Y+.Ġ/�>''4wB-xYU7gĽM�Bcӄ0�a���9o%RJXHVK�მHz}cIfD�b�sW@#1H
YYg{m���f�Y{6\�$%4-ϫ�1E![%%c)uuOr�F[|-vMQJwvATԱ'x!�"�"Гx܋?!W+��6p|!�����g2D~gF=&*P�=eZ�=�v,8%^z+IkFmc[V`�ل]K�z!Z
�$�M*_�%|CbF8]x�
"!_R a�nho/y㶁�!� S
�q:�a�Ttj3<`"xԴ5[�Pŗ-;wn�3)���GVJph)hF�x}?Y�uK��1m�.�n;
;C�"�Yp륎�(�ghU|�l>cy nj�>�.2DnNv˷�Dg7��6O֢鎎F�d���u�(I�U`i�>4�(Na")1��F�k8i<9X�}�#3!?²M�jlf^^jtiÿ�(san�v��SG�>6ԃ*>~@dZU>8|^g^٠�C�><|gna)�nԈ1i˺y�dޱ+���[AMۯZQa?йEQXeZڃ谲_�E9|OMoLh�GOHǻv'b=5�;,�z�/�";T�EmH3_o�B�~+ԕش@�N]լ8`~FC>ߙtQ*|ٌ<|�J$^?oS�cD*sLV�_�\�-.J*?��>Mp)t_:|;;#����Əj}�_*Y�X.6�FS_K|u7h'=
ԶCe#P����|bjz�/�xx�;nUz!a!mTpAY�Hw}kͻM
�ڎ☀8��b_bL{xE/
x!m%
faA*Ej
c+�_�f{7It
ޒ��96`QrO|@�&'4�的Rx���c�tx��B4h;o|P�Wm\?m!"gy'NԦ?�g+L��iVtY�ibˣ$9!�V,|EašLj!DJG7�ܡ}N^zURW^%ϻ
kx+|v7ؘ��E_HU �Yt�9=vv!�8\fg�^9,�%�xI3L�F�#Y-+
<(Kb@}�|(ᴈ�+��pB�up��p\鈢+�[Os+(+4FmF�Aeo�CA/.xŕ `r�v÷����Z$?|Ya�2���.�i{PShJh^�^Fk0RJ�Ll4��ם��ǽaJ�
x>Uʼn��F�(�ъ2N��xlt/'�� fʬm�po9!a�sW<@;�*Tb-�M7LKtƢ���cl�݇XO�rq�F{q
\q�:
|
IT Infrastructure 
