- Define Secure Communications Channels that support remote access services and collaboration.
Voice over Internet Protocol (VoIP)
Voice over Internet Protocol (VoIP) is a technology that allows you to make voice calls using a broadband internet connection instead of a regular (or analog) phone line. VoIP is simply the transmission of voice traffic over
IP-based networks. VoIP is also the foundation for more advanced unified communications channels applications such as web and video conferencing.
VoIP systems are based on the use of the Session Initiation Protocol (SIP), which is the recognized standard. Any SIP compatible device can talk to any other. In all VoIP systems, your voice is converted into packets of data and then transmitted to the recipient over the internet and decoded back into your voice at the other end. To make it quicker, these packets are compressed before transmission with certain codecs, almost like zipping a file on the fly. There are many codecs with diverse ways of achieving compression and managing bitrates, thus, each codec has its own bandwidth requirements and provides different voice quality for VoIP calls.
VoIP systems employ session control and signaling protocols to control the signaling, set-up, and tear-down of calls. A codec is software that encodes audio signals into digital frames and vice versa. Codecs are characterized by different sampling rates and resolutions. Different codecs employ different compression methods and algorithms, using different bandwidth and computational requirements.
Session Initiation Protocol (SIP)
As its name implies, SIP is designed to manage multimedia connections. SIP is designed to support digest authentication structured by realms, like HTTP (basic username/password authentication has been removed from the protocol as of RFC 3261). In addition, SIP provides integrity protection through MD5 hash functions. SIP supports a variety of encryption mechanisms, such as TLS. Privacy extensions to SIP, including encryption and caller ID suppression, have been defined in extensions to the original Session Initiation Protocol (RFC 3325).
Related Product : Certified Information System Security Professional | CISSP
Packet loss: A technique called packet loss concealment (PLC) is used in VoIP communications channels to mask the effect of dropped packets.
There are several techniques that may be used by different implementations:
Zero substitution is the simplest PLC technique that requires the least computational resources. These simple algorithms generally provide the lowest quality sound when a considerable number of packets are discarded.
Filling empty spaces with artificially generated, substitute sound. The more advanced algorithms interpolate the gaps, producing the best sound quality at the cost of using extra computational resources. The best implementation can tolerate up to 20 percent of packets lost without significant degradation of voice quality.
While some PLC techniques work better than others, no masking technique can compensate for a significant loss of packets. When bursts of packets are lost due to network congestion, noticeable degradation of call quality occurs.
In VoIP, packets can be discarded for many reasons, including network congestion, line errors, and late arrival. The network architect and security practitioner need to work together to select the right PLC technique that best matches the characteristics of an environment, as well as to ensure that they implement measures to reduce packet loss on the network.
Reducing the delays on the network helps keep the buffer under 150ms even if a significant variation is present. While the reduced delay does not necessarily remove the variation, it still effectively reduces the degree to which the effect is pronounced and brings it to the point where it’s unnoticeable by the callers. Prioritizing VoIP traffic and implementing bandwidth shaping also helps reduce the variation of packet delay.
At the endpoint, it is essential to optimize jitter buffering. While greater buffers reduce and remove the jitter, anything over 150ms noticeably affects the perceived quality of the conversation. Adaptive algorithms to control buffer size depending on the current network conditions are often quite effective. Fiddling with packet size (payload) or using a different codec often helps control jitter as well.
- Sequence errors: Routed networks will send packets along the best possible path at this That means packets will, on occasion, arrive in a different order than transmitted. This will cause a degradation in the call quality.
Peer-to-Peer (P2P) Applications and Protocols
Peer-to-peer (P2P) applications are often designed to open an uncontrolled channels through network boundaries (normally through tunneling). Therefore, they provide a way for dangerous content, such as botnets, spyware applications, and viruses, to enter an otherwise protected network.
Because P2P networks can be established and managed using a series of multiple, overlapping master and slave nodes, they can be very difficult to fully detect and shut down. If one master node is detected and shutdown, the “bot herder” who controls the P2P botnet can make one of the slave nodes a master and use that as a redundant staging point, allowing for botnet operations to continue unimpeded.
Instant messaging systems can generally be categorized in three classes:
- P2P networks
- Brokered communication
- Server-oriented networks
All these classes will support basic “chat” services on a one-to-one basis and frequently on a many-to-many basis. Most instant messaging applications do offer additional services beyond their text messaging capability, for instance, screen sharing, remote control, exchange of files, and voice and video conversation. Some applications even allow command scripting. Instant messaging and chat is increasingly considered a significant business application used for office communications, customer support, and “presence” applications. Instant message capabilities will frequently be deployed with a bundle of other IP-based services such as VoIP and video conferencing support.
Open Protocols, Applications, and Services
Internet Relay Chat (IRC)
Internet Relay Chat (IRC) is a client/server-based network. This is a common method of communicating today. IRC is unencrypted and, therefore, an easy target for sniffing attacks. The basic architecture of IRC, founded on trust among servers, enables special forms of denial-of- service attacks. For instance, a malicious user can hijack a channels while a server or group of servers has been disconnected from the rest (net split). IRC is also a common platform for social engineering attacks aimed at inexperienced or technically unskilled users. While there are many business and personal benefits and efficiencies to be gained from adopting instant messaging/chat/IRC technologies, there are also many risks.
Authenticity: User identification can be easily faked in instant messaging and chat applications by the following:
- Choosing a misleading identity upon registration or changing one’s nickname while online.
- Manipulating the directory service if the application requires one.
- Manipulating either the attacker’s or the target’s client to send or display a wrong identity.
- The continued growth of social-networking services and sites like Facebook, Vine, KiK, Twitter, LinkedIn and others present amply opportunity to create false identity and to try and dupe others for criminal purpose.
Additional risk related to use of internet relay chat (IRC) include:
- Confidentiality: Many chat systems transmit their information in Similar to unencrypted email, information can be disclosed by sniffing on the network. A different form of confidentiality breach may occur based on the fact that chat applications can generate an illusion and expectation of privacy, e.g., by establishing “closed rooms.” Depending on the kind of infrastructure used, all messages can, however, be read in cleartext by privileged users such as the chat system’s operators. File transfer mechanisms embedded in instant messaging clients can be considered an uncontrolled channels for information, especially file leakage.
- Scripting: Certain chat clients, such as IRC clients, can execute scripts that are intended to simplify administration tasks, such as joining a chat Because these scripts are executed with the user’s privileges with relatively unsophisticated (no sandbox) or nonexistent protection, they are an attractive target for social engineering or other attacks. Once the victim has been tricked into executing commands, they can leave their computer wide open for other attacks.
- Social Engineering: Related to spam and phishing, in social engineering attackers can exploit human nature and good will to claim false legitimacy, for instance, by claiming to belong to a certain company or social group. Again, social networking applications and services provide many opportunities to masquerade as a legitimate member of a group for criminal and fraudulent purposes.
- Spam over instant messaging (SPIM): With the proliferation of instant messaging clients and social networking sites, a form of SPIM is delivered through pop-up windows that can overrun processes that are part of an intended course of action. An effective countermeasure is to disable the service or only allow internal or corporate instant message services channels.