Softphone Security

As you would expect, hybrid IM and P2P softphone applications inherit all of the same security risks of the technologies that they are built on. As you saw in the VoIP security pyramid illustrated in Chapter 1, any vulnerability in the underlying operating system of a user 's desktop obviously affects the security posture of the VoIP softphone application installed on it. With the reality of today's easily downloadable hacker tools and automated worms, compromising a user's desktop has shifted from being an arcane ability of the elite few to the mass of script kiddies and automated botnet worms on the Internet.

If a hacker or botnet worm is able to compromise your desktop, you obviously have bigger problems than the privacy and integrity of just your VoIP conversations. Once someone's desktop has been compromised, it is quite trivial for an attacker to start recording all traffic (including VoIP conversations) that is traveling to or from that host. In fact, some advanced types of hacking backdoor programs (also called rootkits ) allow the attacker to turn on the microphone on the compromised computer and record everything (even background noise).

Using softphones also introduces other security issues. For one, many softphone applications require that specific ports are opened up on the host and/or corporate firewall so the application operates correctly, typically including a large range of high-numbered open ports for RTP traversal. However, this means that all open permissions granted over firewall rules to the VoIP application will apply to all applications on that desktop, meaning, for instance, that a P2P file-sharing application can bypass firewall restrictions by using the SIP port(s) that have been opened up for VoIP use. Worse yet, a user's computer that becomes infected with a worm or virus could communicate back to the attacker through some of these well-known ports.

Another security issue introduced by enabling converged softphones is, in fact, one of its biggest features: bridging the voice and data VLANs. As you have seen throughout the last few chapters, many of the attacks we have detailed so far include segmenting the voice and data networks as a countermeasure. While VLAN segmentation is not a panacea to prevent all VoIP attacks, it supports a defense- in-depth model, making it more difficult for an attacker who has compromised a device on the data network to launch an attack on your VoIP network. By enabling enterprise PCs with the ability to communicate in both domains for softphone compatibility, you create the risk that an attacker could compromise any of those hosts to use as a stepping-stone for VoIP attacks.

Finally, an extension to the risk introduced by bridging the voice and data VLAN is exacerbated with VoIP Wi-fiphones. As you learned in Chapter 5, Wi-finetworks make it inherently easier for an attacker to perform eavesdropping attacks. Some popular models include the Cisco 7920 IP phone, Hitachi WIP-5000, UTstarcom F1000, ZyXel W2000, Seneo SI-7800, and the Nokia 770 tablet.