A switch in protection
Is your VoIP stream secure? Does it matter if it’s not?
Follow @infoworldI spent much of my first day at last week’s Supercomm getting briefed on IP phones of one sort or another. After several of these chats, I began to suspect that I'd uncovered a security hole in VoIP (Voice over IP).
For the most part, the IP telephone sets I saw — whether they traditional desk sets, handsets, or headsets — simply plugged in to an Ethernet connection. They converted spoken words into digital sound and stashed packets of that sound in IP containers, which were then sent off to an IP telephony switch in the datacenter.
It sounds pretty simple, and it is. VoIP is finally reaching the point where it's a technology you wouldn't mind having in your enterprise. But what is being done to keep someone from intercepting that stream of voice information and listening to your phone conversations? At this point, almost nothing — hence the security hole.
Talks with engineers at both IP phone manufacturers and Ethernet switch companies revealed the point of weakness. If someone gains access to the edge switch that the IP phone is attached to, it’s possible to create a mirror port and siphon off a copy of everything being said.
This assumes a couple of conditions are met: An intruder could figure out which edge switch is servicing the IP phone of interest, and they could get access to the switch at a level that would allow the creation of a mirror port.
How likely is it that someone could gain such access? As is frequently the case with security issues, it depends.
First, it depends on the physical security of the switch itself. Although it's very likely that the switch is locked away in a wiring closet somewhere, that doesn’t mean it’s secure. If there are Ethernet ports in public areas, for example, an intruder could plug in to one of them. Likewise, if the same switch is also attached to an unsecured wireless network, it is effectively an open connector, except that you don't even need to be in the building to access the switch.
Second, it depends on whether access to the switch is properly configured. One of hackers’ favorite means of breaking into networks is to first attack the switches using default passwords. Unfortunately, many administrators set up the switches to allow Telnet and Web access using default passwords. It's an open invitation to invade a network.
Fortunately, you can go a long way toward protecting your VoIP traffic with even minimal security. An intruder would have to know which switch to attack, because as traffic from many ports (and later many switches) aggregates farther downstream, it becomes impossible for an intruder to sort out which particular packets are from which audio stream. VoIP traffic across the Internet is reasonably safe for that reason.
But the edge of your enterprise, where the IP phone attaches, is not safe unless you've also taken steps to secure your network infrastructure. Of course, your other network traffic is at an equal risk, but at least you can encrypt that data if you're worried about it. Encryption for most IP phones is still a few months off.
So ask yourself: Do you know whether your infrastructure is secure? Have you changed those defaults? Have you used other capabilities already present in the switch to keep intruders out, such as limiting management-access entry points? Are you mixing wireless traffic on the same devices that carry traffic you'd like to keep private?
All of these can open your network to intrusion, but fortunately, they're easy to fix — if you take the trouble to do so.
