Securing Internet Protocol Telephony from Verizon

White Paper

services, e.g., e-mail or domain name system (DNS). In addition to server and network availability, the integrity of

the data being housed, served, and accessed must be intact or service disruption may occur.

IP phones must sit on IP-enabled networks as well. If left unprotected, attackers may attempt to disrupt

service using malformed datagrams or floods of traffic. IP Phones also must rely on the presence of several key

network services for basic functionality. DNS, Trivial File Transfer Protocol (TFTP), and, often, Dynamic Host

Configuration Protocol (DHCP) are essential underlying services that must be present. The lack of a functioning

DNS or DHCP could render phone services inoperable for the duration of an outage. Rogue DHCP and TFTP

server insertion represents powerful tools attackers can use to alter the flow of network data. Generally, this is

associated with unauthorized data collection, but also can be a source of outages. The National Institute of

Standards and Technology (NIST) suggests considering static IP address assignments that eliminate reliance

on DHCP. It also recommends the use of more secure file and configuration management mechanisms when

they become available for use with IP Telephony devices.

Power is an obvious requirement that must be addressed when taking measures to ensure service availability.

The power requirements for customer premises IP Telephony equipment is greater than the requirements for

traditional phone equipment since a larger number of devices must be supplied with power in the event of a

power failure. Ensuring adequate back-up power often is overlooked when migrating to IP Telephony. Failure to

adequately address this need may result in service loss during a power outage.

Network availability is crucial and assuring that network devices are powered and operational is only a small

part of ensuring service levels. Universally, IP Telephony must be deployed on a Quality of Service (QoS)-enabled

infrastructure. The purpose of QoS is to ensure special treatment for protocols or nodes on a network. IP phones

are capable of marking datagrams with Layer 2 and Layer 3 indicators that signal the network that packets will

require special treatment. Safeguards must be taken to ensure that datagrams with forged QoS markings do not

trick the network into granting better per-hop behavior to nonessential data.

Fraud

Fraud is a concern in any voice environment. Unsanctioned resource use must be prevented since it can tie

up valuable capacity as well as increase operating expenses. User name and password information must be

safeguarded on client devices, network elements, and when in transit during login.

Security Recommendations

Network Segmentation

NIST recommends that customers separate data segments from IP Telephony segments. This strict separation

has many benefits. First, it is much easier to enforce filtering and security rule sets on IP Telephony hosts when

they comprise a well-defined group. This is advantageous when trying to create and enforce QoS, Security, and

Intrusion Detection System (IDS) policies. The second and perhaps biggest benefit to segmenting the network is

that it places IP Phones in a position where they are no longer subject to direct attacks from neighboring PCs.

In a flat design, IP Phones might be attacked from neighboring PCs that were either compromised or infected. A

flat network also would aid an attacker who might attempt to use a compromised PC to capture voice packets.

Keeping networks logically separate makes this activity more difficult for an attacker to perform and hide.

Cisco IP Phones are capable of providing network access to a PC through a jack on the phone. This permits

network operators to deploy only single cabling drops to each user. Fortunately, it is possible to configure the PC

to be on a different virtual LAN (VLAN) than the one on which the phone resides. It also is possible to prevent the

PC that is connected to the phone from marking datagrams with forged QoS indicators.

Soft Phone Clients

Installing a Soft Phone on a PC bridges the protective barrier that a segmented network would otherwise provide.

Soft Phone usage requires the commingling of IP voice and IP data traffic in the same segment, increasing the

risk of many types of security breaches. There also is no guarantee that the soft phone is installed on a clean,

uncompromised PC. NIST recommends that Soft Phone clients not be used. Physical IP Phones run far fewer

services than PCs and are less susceptible to attacks. Verizon VoIP does not officially support any Soft Phone usage.

White Paper

Page 2 of 4