services, e.g., e-mail or domain name system (DNS). In addition to server and network availability, the integrity of
the data being housed, served, and accessed must be intact or service disruption may occur.
IP phones must sit on IP-enabled networks as well. If left unprotected, attackers may attempt to disrupt
service using malformed datagrams or floods of traffic. IP Phones also must rely on the presence of several key
network services for basic functionality. DNS, Trivial File Transfer Protocol (TFTP), and, often, Dynamic Host
Configuration Protocol (DHCP) are essential underlying services that must be present. The lack of a functioning
DNS or DHCP could render phone services inoperable for the duration of an outage. Rogue DHCP and TFTP
server insertion represents powerful tools attackers can use to alter the flow of network data. Generally, this is
associated with unauthorized data collection, but also can be a source of outages. The National Institute of
Standards and Technology (NIST) suggests considering static IP address assignments that eliminate reliance
on DHCP. It also recommends the use of more secure file and configuration management mechanisms when
they become available for use with IP Telephony devices.
Power is an obvious requirement that must be addressed when taking measures to ensure service availability.
The power requirements for customer premises IP Telephony equipment is greater than the requirements for
traditional phone equipment since a larger number of devices must be supplied with power in the event of a
power failure. Ensuring adequate back-up power often is overlooked when migrating to IP Telephony. Failure to
adequately address this need may result in service loss during a power outage.
Network availability is crucial and assuring that network devices are powered and operational is only a small
part of ensuring service levels. Universally, IP Telephony must be deployed on a Quality of Service (QoS)-enabled
infrastructure. The purpose of QoS is to ensure special treatment for protocols or nodes on a network. IP phones
are capable of marking datagrams with Layer 2 and Layer 3 indicators that signal the network that packets will
require special treatment. Safeguards must be taken to ensure that datagrams with forged QoS markings do not
trick the network into granting better per-hop behavior to nonessential data.
Fraud is a concern in any voice environment. Unsanctioned resource use must be prevented since it can tie
up valuable capacity as well as increase operating expenses. User name and password information must be
safeguarded on client devices, network elements, and when in transit during login.
NIST recommends that customers separate data segments from IP Telephony segments. This strict separation
has many benefits. First, it is much easier to enforce filtering and security rule sets on IP Telephony hosts when
they comprise a well-defined group. This is advantageous when trying to create and enforce QoS, Security, and
Intrusion Detection System (IDS) policies. The second and perhaps biggest benefit to segmenting the network is
that it places IP Phones in a position where they are no longer subject to direct attacks from neighboring PCs.
In a flat design, IP Phones might be attacked from neighboring PCs that were either compromised or infected. A
flat network also would aid an attacker who might attempt to use a compromised PC to capture voice packets.
Keeping networks logically separate makes this activity more difficult for an attacker to perform and hide.
Cisco IP Phones are capable of providing network access to a PC through a jack on the phone. This permits
network operators to deploy only single cabling drops to each user. Fortunately, it is possible to configure the PC
to be on a different virtual LAN (VLAN) than the one on which the phone resides. It also is possible to prevent the
PC that is connected to the phone from marking datagrams with forged QoS indicators.
Soft Phone Clients
Installing a Soft Phone on a PC bridges the protective barrier that a segmented network would otherwise provide.
Soft Phone usage requires the commingling of IP voice and IP data traffic in the same segment, increasing the
risk of many types of security breaches. There also is no guarantee that the soft phone is installed on a clean,
uncompromised PC. NIST recommends that Soft Phone clients not be used. Physical IP Phones run far fewer
services than PCs and are less susceptible to attacks. Verizon VoIP does not officially support any Soft Phone usage.
Page 2 of 4