| || |
Archive 15 July
- VoIP Security Scare: vLAN Hopper
- By William Flanagan, President
We have more to fear than fear itself, at least where VoIP is
concerned. We'll look at one example that questions the ability of a
virtual Local Area Network (vLAN) to protect voice traffic.
- Many network and IT managers have deployed trials of Voice over
Internet Protocol (VoIP) as a test of the performance and functionality
of the technology. The goal is to see how it works and if users will
like the change or not. Security issues may not be considered in great
depth during a trial.
- Typically, the VoIP network is isolated from the Internet in
- --the enterprise firewall may be updated to be aware of voice
signaling, but that step probably isn't necessary (hence not done) if
the off-premises calls are placed through a gateway to analog or
digital phone lines.
- --if available, each IP phone might get a dedicated Cat5/6 cable
and Layer 2 switch port, but this approach isn't economical in large
deployments where it's more common for a desktop or user to have one
Ethernet cable for both IP phone and computer. This design places both
voice and data vLANs on the same physical Ethernet switch port and
- --for bandwidth management, or to assign priority to voice
packets, many network designs assign voice to a dedicated vLAN, which
many people take as a good form of security to prevent attack on the
voice servers from the "data side" of the LAN where PCs live.
- A vLAN does indeed simplify bandwidth management, but its value
as a security measure looks weaker now. Specifically, a PC with an IP
address on a "data" segment of a vLAN can pretend to be an IP phone and
get itself admitted the the voice vLAN. In that position the PC can
impersonate a legitimate user, eavesdrop, or hack the voice servers and
- The process involves spoofing the discovery protocol to find the
Voice vLAN ID (VVID) used by the IP Phones, then signaling for an IP
address like a newly installed phone. Once admitted to the voice vLAN,
the PC can reach the VoIP servers as well as all IP Phones on the vLAN.
Poisoning the ARP cache lets the PC take over a phone number and
overcome the restrictions of a switched LAN. By watching the signaling
traffic, the PC and pick out calls between specific users (CEO-VP
finance; engineering-procurement; etc.) and listen in or record them.
- There are several software tools freely available for download
that let a PC behave like an IP phone. If you are responsible for a
network that carries VoIP, you might want to try "vLAN hopping"
yourself. It's good to be the first on your block to try something new.
- You'll find additional information about the VoIP Hopper attack
in the archived version of the VoIP Attacks are Real
webinar here .
This webinar by Sipera VIPER Lab presents a VoIP threat taxonomy and
discusses recent vulnerability research around VoIP hopper and
VoIP-to-data exploits. This webinar is the first in a three-part Defining
UC Security series that continues with:
- July 22, 11 a.m. ET: Are You Secure?
Best practices for VoIP and UC security; what’s needed in addition
to existing data security
- Aug 13, 11 a.m. ET: UC Security Requirements
Requirements for a real-time UC security appliances to prevent
- You can register for these webinars on-line.
- Flanagan Consulting Experts Support Litigation Professionals
- Several associates are experienced in analysis of patents,
contracts, and other intellectual property related to IT and
We have assisted attorneys preparing claims, depositions, and
How can we help you? Queries to +1.703.242.8381.
- New Books
- FC Associate Ray Horak recently authored two books on
William Flanagan was the technical editor for both. They offer
coverage, and are as accurate as two old pros can make them.
- The new titles are:
- Telecommunications and Data Communications Handbook, 791
- Webster's New World Telecom Dictionary, 568 pages.
- Wiley is the publisher. Available in bookstores and on the web
merchants--do a web search for "Ray Horak" or start with Ray's profile
- How Can Flanagan Consulting Help You?
We understand not only the technology of networks, but also
the surrounding business processes: procurement, bid
preparation/analysis, statements of work, financial analysis,
consensus building around a solution, and more.
- Find out now: call +1.703.242.8381
- Subscriptions to ViewsLetter
Mailman, the Linux application, keeps the mailing list.
It is set up as "read only" -- subscribers can't post,
but the Publisher welcomes mail at Publisher@ViewsLetter.com .
Because of the number of 'out of office' autoreplies, replies to
this message are discarded. You can unsubscribe or subscribe at:
You will need a password to unsubscribe, but Mailman
will send you one on request.
- Special thanks for supporting ViewsLetter to www.webtorials.com ,
your best source for communications tutorials and white papers.
Consulting" and "ViewsLetter" are Service Marks of W. A. Flanagan, Inc.