Section 10.5. Intrusion Prevention and Monitoring

10.5. Intrusion Prevention and Monitoring

The VoIP administrator's best intrusion detection tactic is log reading. Just about every device that handles network traffic can account for it in logfiles or through centralized logging services like syslog. By reading logfiles, where information about the traffic is saved, the administrator can pick up on misconfigured software, potential security vulnerabilities, and patterns of illicit or unauthorized behavior on the network.

Watching logs is critically important in a VoIP environment. Consider that, even if you are using DiffServ, a precedence-based QoS measure, it is possible that your network could be swamped in a DoS attack, robbing the available bandwidth for telephony apps. That would not be a good situation anywhere : voice is expected to work 100 percent of the time.

But rather than respond to threats after you've already become a victim, you can use a few techniques to proactively monitor for problems. These techniques are applied at places where network traffic is concentrated: routers and softPBX servers.

PSTN-to-IP Attack?

Some sysadmins and VoIP skeptics are concerned that a perpetrator might try to gain access to a private IP network through the PSTN. Even if it were possible for an attacker to fatally exploit a bug in the VoIP infrastructuresay, a codecher only means of transmitting data into the compromised host would be through the analog or TDM connection to the PSTN.

Once compromised, it is possible this connection wouldn't be running any longer, thus cutting off the attacker's pathway into the network. The attacker's available bandwidth would be less than 64 kbps, and he would have no means of sending IP traffic, because his pathway into the system wouldn't even be TCP/IP-enabled. Even if he could crash the host, he couldn't transmit any data to it through the PSTN. So, aside from a denial of service due to an exploited bug somewhere in the VoIP network, the threat here is understandably low.