In-depth discussion on VoIP protocol Security

We should all know about VoIP. This low-cost network communication method has always been favored by everyone. As a support for this service, the security of the VoIP protocol is extremely worrying. At present, there are four major security issues facing VoIP: DoS attacks, illegal access, fraudulent calls, eavesdropping, and other threats. However, VoIP protocol security cannot be ignored.

Information security experts will warn you that, if you deploy VoIP improperly, internet phones will be attacked by hackers and malicious code. VoIP may disrupt network security measures. For enterprise networks, VoIP is a major threat, because enterprises are eager to deploy this technology and ignore Security.

After careful analysis, we can see that the first security problem facing VoIP is the underlying harm ?? Its own hardware and software facilities. Most of the current VoIP devices are based on standard operating systems, and transmission protocols are also open technology, so there is a high possibility of attacks by attackers. In most cases, VoIP facilities need to provide remote management capabilities, and the services and software they depend on may also have security vulnerabilities.

Take a look at the VoIP transmission protocol. There are many network technical protocols related to VoIP. common protocols include RTP (real-time transmission protocol) and RTCP (real-time transmission control protocol), which control real-time data streams are applied over IP networks ); RSVP (Resource Reservation Protocol) and IP different Service with guaranteed network QoS, as well as a series of Traditional Digital Speech Coding protocols such as G.711, G.728, G.723, and G.729. However, at present, the most common voice establishment and control signals for VoIP technology are H.323 and SIP (Session Initiation Protocol ).

Among them, the SIP protocol is an important part of the IETF's definition of multimedia data and control architecture. At the same time, Because SIP is only responsible for providing session connections and session management, and has nothing to do with the application, it can be used in multiple fields. Now, we can see sip ip phones, group video conferencing systems, audio conferencing Media Servers for service providers, and audio and video conferencing multi-point control units compatible with H.323 and SIP. Currently, SIP is bringing the widest interconnection to the conference market. However, even the Protocol itself has potential security issues:

Both H.323 and SIP are an open protocol system. In terms of a series of calls, each device manufacturer has its own components to carry. Some of these products use Windows NT and Linux-based OS. The more open the operating system, the more vulnerable its product application process to viruses and malicious attacks. These applications are already installed on the device when the product leaves the factory. It cannot be ensured that the latest version or commitment has already compensated for some security vulnerabilities. At the same time, the most emerging technology transmission protocol, SIP is not perfect, it uses similar FTP, e-mail or HTTP server form to initiate connections between users. Using this connection technology, hackers will also attack VOIP.

Two years ago, in terms of VoIP protocol security, CERT reported a defect in the SIP protocol stack. With this vulnerability, attackers will have the opportunity to gain illegal access privileges, initiate DoS attacks, and cause problems such as system instability. Obviously, this defect is related to the "Invitation" sent by the SIP device to initiate VoIP calls, text chats, videos, and other calls.

In principle, vulnerabilities can be exploited to initiate various types of attacks. For example, once the gateway is broken by hackers, IP phones can be called without authentication. Unprotected voice calls may be intercepted or eavesdropped, and can be intercepted at any time. Hackers can use redirection attacks to replace the voice mail address with a specific IP address and open a private channel and backdoor for themselves. The most typical is that hackers can cheat the SIP and IP address restrictions to steal the entire conversation process.

Therefore, imperfect protocols can cause serious consequences: If someone impersonates your agent to call you through the SIP vulnerability, he can easily obtain your various materials (including the bank card number and password), and when the phone hangs up, the savings you 've earned will be stolen. In addition, a hacker can easily submit excessive fake service requests on your SIP server, so that the server cannot answer or listen to the phone, resulting in service denial.

VoIP protocol security issues are far more than these. Intercept the SIP protocol on the network, and easily obtain the RTP Port and route. Then, the listening can be easily implemented through a specific mode. Through the network card hybrid mode, hackers can easily intercept all POP3 protocols in the LAN ?? Including passwords, it is easy to intercept.

In addition, the implementation of VoIP depends on the operation of the TCP/IP protocol stack, so all the security problems facing the TCP/IP protocol cannot be avoided. Some common and troublesome virus problems are destined to cause problems in the VoIP application environment. Therefore, VoIP devices should pay more attention to the implementation of common information security principles than normal computer devices. For example, only necessary services should be provided to close and shield useless ports; stop using unnecessary protocols ?? There is no need to enable unnecessary and unused protocols and services to avoid providing more opportunities for hackers.

Ignoring these principles will cause serious security hazards. The reason is obvious: If the VoIP infrastructure cannot be effectively protected, it can be easily attacked and the stored conversation content will be eavesdropped. Compared with traditional telephone devices, the network used to transmit VoIP protocol routers, servers, and even switches are more vulnerable to attacks. The traditional PBX is stable and secure.

The monopoly of traditional telephones is approaching, and the VoIP era is approaching. This forces VoIP service providers to review their technical focus. It is gratifying that some of the current transmission protocols are becoming increasingly sophisticated, and companies have begun to realize the importance of VoIP protocol security.