« VoIP Security - Myth #1 | Main | VoIP Security - Myth #3 »

May 01, 2008

VoIP Security - Myth #2

Myth #2 - My VoIP infrastructure is secure because...

"My VoIP is implemented using VLAN infrastructure and it is isolated from data networks”.

A virtual LAN commonly known as a VLAN, is a group of devices that communicate as if they were attached to the same LAN, regardless of their physical location. VLANs address issues such as scalability, security, and network management.

Let's look closer at the role of VLANs in VoIP deployments. A PBX/Call Manager with PSTN trunking and bunch of hardphones attached is usually implemented on a dedicated VLAN. Clearly in this case VLANs provide some degree of additional security just by virtue of isolating VoIP from data traffic. Sounds good but here you have a tool that you can use to hack this configuration: http://forums.remote-exploit.org/showthread.php?t=12116. There is also a good paper that explains VLANs and their interaction with PBX/hardphone/PC VoIP implementations: http://www.securityfocus.com/infocus/1892

Unfortunately introduction of softphones running on mobile platforms such as laptops or smartphones breaks this nice concept of "isolation" since these devices need to be present on both data and voice networks to perform its functions. And in most cases, they will be located outside the IT core networks as it is in the case of telecommuters or mobile workers so VLANs are not really helping here too much. They are becoming a major source and threats for both data and VoIP networks. Many analysts predict that enterprises will stop buying the hardphones in the near future and switch entirely to the softphones.

While signaling traffic is handled by PBX/Call Manager, the following voice conversation is carried over RTP/RTPC protocols and in many cases in peer-to-peer mode is bypassing PBX/Call Manager entirely. Again the traffic patterns will not follow any pre-defined groupings or VLANs. And just to make this more complicated IP trunking is becoming more popular and replacing "secure" PSTN connection.

Clearly VLAN is not a silver bullet that would make your VoIP secure. However, some vendors would like you to believe that they are and therefore you should not worry about VoIP security anymore. Well, that would be great.

In reality VoIP security is as complex as data security and it requires a methodical approach that takes into account enterprise business needs, VoIP specific characteristics, available security solutions, security policies and compliance requirements. No silver bullets here.

Posted at 03:32 PM |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e551f607db883300e5520880448833

Listed below are links to weblogs that reference VoIP Security - Myth #2:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment