Security Features which are Most Effective on Interconnectivity Using VoIP - Report Example

Security features which are most effective on interconnectivity using VoIP Thesis VoIP has gain popularity over the years and its being preferred as more cost effective and reliable means of making calls over long distances. However due to its rapid growth and development little has been taken in to considerations to implement security features, to ensure such connectivity are secure for the data/information being relayed. Although there have been efforts to improve on networking security, however the services that are being offered use different software’s whose security features are not guaranteed. CHAPTER ONE: INTRODUCTION VOIP is a combination of various technologies that make it possible to have voice calls over the internet or through the use of other networks which have been specifically designed to handle data. Such networks can be local area networks (LAN’s) in an office setup, wide area networks (WAN’s) or metropolitan area networks (MAN’s). It is also possible to setup the VOIP technology by making use of virtual private networks (VPN’s). The use of VOIP has been proliferating in the recent past at a very high rate mainly due to the future that is potential in this technology and the way the technology can be able to handle various technologies in it due to its integrative nature. There are many challenges that the technology is facing in the current world. In the first place, the reliability of the network is wanting owing to frail network on which it is built. This makes less comparable to the old “Public Switched Telephone Network (PSTN)” which has an almost ideal level of reliability. The technology gained its name from a forum that took place in 1996 in a forum that was geared towards the development of interoperable products and services in the realm of internet telephony. There was an urge to cut the cost of making calls. This would work to surpass the old fashioned PSTN which made use of a dedicated line between two nodes before a call is made. The use of this architecture was therefore seen to consume a lot of infrastructure to make work. Despite the clarity of the calls after the connection, the cost of setting up this network was seen to be so huge and most of the material used often under utilized thus calling for a cheaper alternative. The main advantage of VOIP over the traditional PSTN is lack of a meter. In this case, the user does not need to pay to make a call as the architecture fully utilizes the internet. The only cost that arises in the use of this service is the internet subscription fee which is far much lower if compared to using the PSTN. The general manner of information transfer in this technology which is through the use of data packets allows the architecture to be more superior in terms of efficiency. Due to the rate that this technology is growing with, it is continually attracting more attention from various stakeholders in the industry. The various available VOIP applications are known to offer the services that are also offered by traditional PBX services (“Private Branch Exchange”). VOIP makes use of a number of protocols which are broadly grouped according to their functions. In signaling, there use of “Session Initiation Protocol (SIP)”, for data control and manipulation, there is the use of “Internet Protocol (IP)”, “User Datagram Protocol (UDP)”, and “Real Time Transport Protocol (RTP)”. VOIP functions by sending voice in a digital format which is through data packets. This voice data is sent through public or private IP networks. On reception it is reassembled and then decoded into its original format. Despite the fact that this mode of voice transfer is very cheap as compared to the other traditional methods, there are quite some security barriers which usually affect the operation of VOIP in business environments. The question of security has become a reason for a heated argument in matters concerning VOIP in the recent past. This is a topic which by no means can be ignored whilst considering the application of VOIP services at any one time. In the traditional networks such as PBX and PSTN, there have been intruders who have been known to intercept the telephone lines and gain access to free voice calls. PBX services and systems for voice mails have been interfered with in the past through the manipulation of the computer systems. There is a variety of reasons that have led to these interceptions such as sabotage, greed or even avenging some cases. On the other hand, it has been recorded that some people can be able to intercept some phones in traffic (incoming or outgoing), or even voice mails and get access to confidential voice data over IP networks. The main weak point that the VOIP network suffers from is its direct use of normal IP networks as the communication transfer channel thus making the architecture inherit all the problems that are associated with IP security. This weakness poses much larger security scare as compared to the rest of the traditional networks. Due to the above discussed implications, it is therefore necessary that IP networks which are designed to support the VOIP architecture should have a secure design, implementation and also operational procedure. This should be enhanced in such a manner that there is proper end to end security for the voice over internet applications which are to be used. There are many stakeholders who have taken this factor into account and a lot of research is underway in various institutions on the best method of implementation. Some methods that are being applied include “Secure Real-time Transport Protocol (SRTP)” and IPSec. Despite these measures, there fails to be a robust mechanism that can be used to explain the security arena per se. VOIP systems assume very many different formats which include the old telephone headsets, conference units, and even mobile units. Above the equipments which are meant for the end user, VOIP systems have other components such as call managers, call processors, routers, gateways, protocols and firewalls. As much as these components maybe having some counterparts in other data networks, there is a requirement that most of the other common components of networks need to be supplemented by other special components of VOIP. This system has an extra requirement for high performance as compared to most of the other data systems and should also incorporate emergency and critical services such as 911. There has been a bone of contention amongst various sources on the use of this architecture claiming that the digitized nature of the voice and the travel nature allows for it to travel in normal network channels. This has however not been the case considering that VOIP has additional requirements which create complications and thus it is possible to have extra problems considering the security requirements of the architecture. There are various security challenges that are posed by VOIP architecture that needs to be considered. Within the context of this paper, there will be extra insight into the main challenges that are posed in addition to an insight into the features that are most effective in various modes of interconnectivity using VOIP. Quality of service: this is a very pertinent requirement in the operation of the VOIP networks in a bid to meet the requirements of the end user. There are however some security measures which when applied cause the Quality of Service to go down. These complications are wide ranging and can be from the delay of the firewalls, or at times some call setups are blocked or even some jitters which may be as a result of delay and latency produced by encryption. The nature that VOIP operates in is very critical of time and has a low tolerance to packet loss and any modes of disruption. This has made the security measures which are common to the other old data networks not to be fully functional in VOIP applications. Such are firewalls, systems for intrusion detection and other security components. Presently, the protocols which are being used by the VOIP architecture are the session initiation protocol (SIP) and the H.323. There has been a preferential treatment of SIP over time though both of the protocols cannot be said to have gained much popularity. This has led to the need for there to be a framework that supports both of these protocols for the best results. If there arises a need for gateway decomposition, there are extra protocols which can be applied which include “Media Gateway Decomposition Protocol (MGCP)” and Megaco/H.248. The mentioned standards can be used to make handling of messages easier and also to implement non-intelligent terminals which are the same as the current PBX phones which use a stimulus protocol. The operational success of packet networks is wholly dependent on parameters such as the MAC and the IP address of voice terminals, router addresses, firewalls, VOIP software like the call managers which are used to process the voice components and programs which route calls. These network parameters are in most cases dynamically established particularly when the network components or the VOIP telephones get restarted or added to a network. Due to this presence of components which are configured dynamically, then the network is posed to a vast area which is prone to attacks from potential intruders who would easily take advantage of the attack points. In today’s computing world, firewalls are increasingly being used in networks which utilize IP. The firewalls have vastly been used as a critical attack protector from intruders to all kinds of networks and systems like LAN’s, WAN’s or those networks that utilize a DMZ. They are in most cases used to avert untrustworthy traffic which may be flowing through the networks. For the firewalls to be able to detect the unwanted set of traffic, the network administrator feeds the firewall with a set of rules that will be used to filter the traffic which they do not find as important. Introducing firewalls to VOIP affects very many VOIP aspects with the worst hit aspects being procedures for call setup and dynamic trafficking of ports. Many endpoints in a LAN can be configured in such a manner that they use the same IP address. This is made possible through the use of Network Address Translation (NAT). The use of NAT has some controversial repercussions. One of them is the increased complexity to make calls. When data is transmitted across a network with NAT, there is added incompatibility with IPSec. Though there is a likelihood of reduction of NAT through the adoption of IPv6, the tools will be common components for quite some time thus there needs to be devised a way in which the complexities brought about by NAT should be reduced. There are various ways in which intruders should be kept away from a network. These include the use of firewalls, gateways and probably other extra devices. It should however be acknowledged that firewalls cannot be able to defend the networks against possible and would be hackers. In order to have good protection against voice traffic, there should be an extra security measure. One of the ways in which hackers can be discouraged is through the encryption of data through the use of IPSec or the “Real Time transport protocol – RTP (RFC 3550)”. There are other factors though which might cause an increase in latency in the VOIP packets’ delivery like ciphering latency, packet size expansion, and insufficient QoS urgency during cryptography. Due to these mentioned effects, the quality of transmitted voice goes down. The design, deployment and the secure operation of a VOIP network is still a complicated bid that calls for additional efforts. There are various issues that contributed to the need to have this piece of literature put down. Amongst the main reasons is the increasing concern of the insecurity posed by communication through VOIP, reliability concerns and the increased acceptance of the system which calls for enhancement of the security procedures. There was also need to seek facts as to why the seemingly unsecure system has had a positive impact and growth in the communication industry. This gives a reason to have a better understanding of the security threats that are being experienced by those who are already making use of VOIP and so have the ability to come up with corrective and preventive measures which are better and more secure and possibly come up with ideas that would improve the security features in the systems that make use of the Voice Over Internet Protocol. This paper will seek to address the security issues by looking at the features which are most efficient for interconnectivity using this architecture. In addressing this concern, amongst the topics that will be addressed are as in the following paragraph. Identity theft and service theft by hackers, whose intention is getting access to information in use through the service, eavesdropping of the voice data as it travels along the network, vishing, viruses, malware, denial of service, “Spamming Over Internet telephony (SPIT)” and call tampering. Vishing or VOIP phishing is whereby malicious individuals purport to be reputable organizations and make calls to individuals with an aim of obtaining important data. Denial of service occurs when the devices are set in such a way that they inhibit communication in the network. SPIT is the occurrence of irrelevant traffic in the communication channels. Call tampering occurs when the communication channels are physically intruded thus inhibiting communication. The other sections of this paper will include current limitations in the security features in the application of VOIP, new and emerging security features and ideas. This part will look at ideas which can be used to improve the current security measures or new measures altogether. The paper will then dwell into the development of the necessary hardware and software which can be used in the security implementation strategies. Before concluding the paper, there will be a detailed discussion of the outlined methods in a bid to establish those features which are deemed to be most effective on interconnecting VOIP. CHAPTER TWO: LIMITATIONS 2. Literature review SIP is one of the most widely used protocols in VOIP networks and is therefore one of the most vulnerable attack targets in this framework. There are various attacks that can be performed against SIP varying from those that do not correspond to the SIP grammar which has been provided by RFC 3261(best known as syntactical attacks) to denial of service (DoS) attacks which are mostly in the overly networks. Some other known attacks which do exist in the networks are those that make use of flaws which are well known like buffer overflows against servers attacks which are directly connected to the |SIP protocol range from service theft, information gathering and DoS. In the discussions that will follow, amongst the features of the attacks that will be looked into are scenarios for SIP attacks, directory scanning for SIP and the degrading of the QoS. 2.1.1 Information gathering In this case, the attacker has a variety of functions to go about before he/she is able to accomplish their roles. The actions which the attacker is supposed to perform are similar to an attack scenario through which there are many continuous attacks. In information gathering as one point of the attack, the attacker first gathers pertinent information about a certain server which he is targeting so as to have a clue of any possible vulnerability. There is also a possibility that the attacker might by looking for some variations in the security variables in order to be able to perform replay security attacks. Such variations include nonce variations (Bouzida and Mangin, 2006). Other well known types of information gathering attacks are password guessing and directory scanning. In directory scanning, the attacker peruses the users’ database for information about the existing users and their various credentials. On getting some validated usernames in the directories, the attacker can result to password guessing. 2.1.1.1 Nuance variation In accordance to RFC 3621 (Rosenberg, 2002), there is a SIP authentication mechanism which is challenge based and brought from HTTP authentication which arises from RFC 2617. This mode of authentication known as “digest authentication” is found in SIP for authentication of messages and protection of replay in circumstances where there is no integrity or confidentiality of messages. The nonce variable is a credential variable in this state and it is used in the computation of the hash value of the response that has been authenticated with the use of such algorithms like the “MD5 hash algorithm”. To check the possibility of the replay attacks, the attacker checks for any change or periodic renewal of the nonce variable. if the attacker finds periodic changes for example once after some couple of seconds, the possibility of the replay attacks then remains viable (Bouzida and Mangin, 2006). 2.1.1.2 Directory scanning Directory scanning is basically the act of the attacker collecting legitimate identities of users from the users’ databases. This is possible due to the variety of message flaws that are found in SIP. References Bouzida, Y and Mangin, C. (2006) A framework for detecting anomalies in VoIP networks Rosenberg, J. et al (2002) SIP: Session Initiation Protocol, RFC 326. Retrieved 06/03/2011 from http://www.ietf.org/rfc/rfc3261.txt. Read More