VoIP Security: SIP�Versatile but Vulnerable: Page 2

(Page 2 of 2)

Eliminating configuration weaknesses

The final battlefront against SIP attacks—and the one over which you probably have the most control—is secure network and system configuration.

For example, several of the aforementioned security advisories recommend the use of ingress, egress, and broadcast traffic filters to block SIP messages sent to/from systems that should not do so. In networks that use VLANs to compartmentalize VoIP traffic, switches and access points should be configured to avoid VoIP hopping. The premise here is simple: the fewer systems that are exposed to SIP, the lower the risk of falling victim to SIP-based attacks.

Many VoIP servers and user agents are easily compromised as the result of basic configuration mistakes like failure to disable risky services or change default passwords. VoIP phones tend to be particularly vulnerable to mis-configuration because (a) they aren't managed like ordinary desktop computers and (b) their debug and admin interfaces are frequently hidden or not well advertised to end users. For example:

  • The Cisco 7920 VOIP phone contains an open UDP port used for remote debugging that can expose sensitive information (WVE-2006-0009).

  • The Hitachi IP5000 VOIP phone uses a hard-coded password that enables remote configuration viewing and modification (WVE-2006-0010).

  • The UTStarcom F1000 VOIP phone accepts Telnet connections using a default login that facilitates unauthorized configuration access (WVE-2006-0015).

These three vulnerabilities must be addressed through patching or workarounds (e.g., blocking Telnet or debug traffic). However, many VoIP phones have configurable ports, passwords, and wireless keys that should be changed to prevent unauthorized access. Devices that run softphones also require hardening, using the same techniques commonly applied to any Internet-connected host.

Better safe than sorry

SIP deployments need not fall victim to these common attack vectors. The trick is to proactively identify and eliminate security holes before hackers get a chance to exploit them. Start your vulnerability assessment with conventional network security tools like port scanners and application banner grabs. But don't stop there—pursue SIP-specific tests that can uncover the vulnerabilities described here and many others.

To learn more about VIP secure assessment techniques and tools, consult the VOIPSA Security Tools List and the Hacking VoIP Exposed Security Tools List.

And keep your eyes peeled on VoIPplanet.com, as, over the coming months, we will follow up this article with one on free tools for mitigating SIP vulnerabilities and another on commercial solutions.

This article was first published on EnterpriseVoIPPlanet.com.

Page 2 of 2

Previous Page
1 2

Comment and Contribute


(Maximum characters: 1200). You have characters left.