Extreme Networks focuses on making VOIP deployments more secure.
Extreme Networks jumped out ahead of demand for VOIP-specific security on
March 17 when it added new voice over IP protections in its Sentriant security
Although the majority of issues faced by enterprises deploying VOIP are
focused on traditional threats to data network such as denial-of-service
attacks or worm outbreaks, Extreme Networks created a series of new rules for
the Sentriant security devices that watch for attacks against call servers, IP
PBXes and media gateways. The devices also watch for intruders trying
to hijack IP phones by masquerading as call servers.
While few attacks targeted at VOIP systems have been documented, the release
of a book last year exposing the specific vulnerabilities of VOIP technology
and how to address those has raised the level of awareness among enterprises.
"There have not been a lot of attacks yet, but people are more dependent on
IP phone systems and so people are more concerned," noted industry analyst Jon
Oltsik at Enterprise Strategy Group in Milford, Mass. "We know more about
the types of attacks we can expect now than we did a few years ago, so there's
The Extreme Networks Sentriant appliance, which can listen to traffic on the
network and respond when it detects anomalous behavior, now supports new
behavior-based rules that describe how to identify destructive behaviors and
how to respond to those in the network.
Americans can't disconnect, even during off-hours, according to a study. Read more here.
The rules take into account normal traffic activity that typically occurs
between IP phones and call servers. But when it detects an unusual amount of
anomalies, it initiates protective measures. The measures include the
cloaking threat mitigation technique and the use of the Address Resolution
Protocol to redirect attack packets to the Sentriant device and away from
The package of five new rules includes the Gatekeeper Flood rule, which
protects a call server from a denial-of-service attack. "If a single
device sends more than 60 packets in 60 seconds to the call server on
or UDP ports, it can direct all the packets to the Sentriant device, which
knows to discard the packets, or respond to the [sending] device in a very slow
fashion," said Suresh Gopalakrishnan, vice president and general manager for
Extreme's Emerging Product Group, in Santa Clara, Calif.
The Session Initiation Protocol Invite Flood rule also detects denial-of-service
activity by checking for more than 20 SIP invites within a 60-second period.
The SIP Registration rule checks for more than five SIP registration packets
going to the call server in a 10-minute period.
rule is intended to prevent laptop attacks on the call server by watching for
more than 300 packets in a 60-second period from non-IP telephony
devices. And the Unauthorized TFTP rule detects when TFTP traffic is
coming from sources that are not call managers.
"If any device other than a designated IP PBX or media gateway tries to talk
to a phone using that protocol, or it sees packets from a device that's not a
call server, we detect and stop that as well," said Gopalakrishnan.
Extreme was prompted to create the rules in part by customers who want the
ability to create their own rules using Extreme's APIs, combined with Sentriant's
monitoring capability, said Oltsik. Customers are saying, -I want someone
to take care of generic security rules and then write my own rules,'" he said.
Extreme was also prompted in part by the publishing of the book "Hacking
VOIP Exposed, Voice over IP Security Secrets and Solutions," by David Endler
and Mark Collier, last year.
The rules will be available this week. Extreme plans to continue
developing more rules for the Sentriant appliance.