[VoiceOps] Voice Security in MPLS networks -- When is it necessary?
Mark R Lindsey
lindsey at e-c-group.com
Wed Oct 14 13:32:02 EDT 2009
The final recommendation must be based on calculus of risks and costs,
which is dependent on a given network. Begin by considering these:
1. IP network transport equipment is often in the same physical
location with legacy telecom equipment. There's no substantial,
generalizable difference the physical security of the two systems.
2. As Lee Riemer mentioned, "Private" MPLS networks are often built on
ordinary "public" links, using the very same equipment.
3. Encryption for RTP is trendy among the IETF draft-writers, and
others who don't have to build, operate, and troubleshoot the networks.
4. Encrypted RTP (sRTP) adds some costs: (a) It limits the choice of
devices, excluding some lower-cost options; (b) Key distribution must
be handled; (c) RTP can be analyzed only after it is decrypted, so the
cost of troubleshooting is greater; (d) the PSTN cannot be used as a
transport for the RTP; (e) There is a modest increase in overhead;
5. sRTP is supported by exceptionally few media servers, conferencing
servers, voicemail systems. If the intention is to support end-to-end
encrypted RTP for every conversation, then the implementation options
are limited. Many SP implementations of sRTP are encrypted only from
the CPE to the SBC, or between similar CPE.
6. ISDN is exceptionally easy to wiretap, although most CCNA's don't
have the equipment sitting around. US $2k will buy a SunSet tester
with PRI module that lets you see all calls and listen to them.
7. Key distribution is nontrivial, but you have to get it right for
the encryption to work. How will you ensure that only the right
people have access to the sRTP keys in use?
8. When contemplating any security measure, you must determine who the
enemy is against whom you are defending; e.g.,
---- Are you concerned that the service provider will wiretap?
---- Or other employees or contractors?
---- Strangers with physical access to your building?
---- Corporate spies?
---- The Government?
---- Other Governments?
Each of these attackers has certain resources. The Government, for
example, has the FBI and the NSA. Corporate spies may have large
funding -- enough to attack captured sRTP.
9. When contemplating any encryption technique, you must determine the
intended lifetime of protection. All encryption mechanisms can
eventually be broken, given enough time. How long do you need the
conversation to remain a secret? With sRTP done badly, you may have
the appearance of encryption, but remain vulnerable to decryption
within minutes.
10. IANAL. In the US, it's a Federal Crime to do what you're trying to
defend against. From http://openjurist.org/713/f2d/389/united-states-v-ross
-- Under federal wiretapping law it is a felony for any person to
willfully intercept or willfully disclose the contents of a wire
communication. 8 U.S.C. § 2511(1)(a) & (c) It is, however, not
unlawful for an officer or employee of a communication common carrier
to intercept or disclose the contents of a wire communication while
engaged in an activity which is necessary to the rendition of his
services. 18 U.S.C. § 2511(2)(a)(i).
18 U.S.C. § 2511(1)(a) & (c) provide in pertinent part:
(1) Except as otherwise specifically provided in this chapter any
person who--
(a) willfully intercepts ... any wire communication; [or] ...
(c) willfully discloses ... to any other person the contents of any
wire--... communication, knowing or having reason to know that the
information was obtained through the interception of a wire ...
communication in violation of this subsection ... shall be fined not
more than $10,000 or imprisoned not more than five years, or both."
18 U.S.C. § 2511(2)(a)(i) provides:
(2)(a)(i) It shall not be unlawful ... for an operator of a
switchboard, or an officer, employee or agent of any communication
common carrier, whose facilities are used in the transmission of a
wire communication, to intercept, disclose or use that communication
in the normal course of his employment while engaged in any activity
which is a necessary incident to the rendition of his service ...
Provided, That said communication common carriers shall not utilize
service observing or random monitoring except for mechanical or
service quality control checks.
mark r lindsey at e-c-group.com http://e-c-group.com/~lindsey +12293160013
On Oct 14, 2009, at 12:32 PM, <Guy.Ram at t-systems.com> wrote:
> Hello,
>
> Like your kind response to this question:
>
> Would folks agree that for SIP traffic in a private MPLS network
> should not necessarily require encryption. What is your advise for
> the normal Enterprise ? I’m trying to understand where it makes
> prudent sense to enable encryption and where it’s redundant.
>
> I’m trying to counter this statement:
>
> that encryption of the media stream should be encouraged. Although
> the MPLS network is private, it is easy to setup a traffic sniffer
> on computers and to tap and record calls. This is unlike the ISDN
> world where telecoms equipment is usually locked up and inaccessible
> to most employees. Companies do accept encryption as normal overhead”
>
> What I’ve been told that most enterprise networks are switched, so
> the connection from the desk goes to a switch and then right to the
> VoIP system, so it’s basically non-trivial to tap a phone line that
> way. VoWiFi is different, but there are more issues than security
> with that. Legacy environment equivalent for wired VoIP.
>
> Also that Encryption will increase delay, reduce quality, and
> increase BW consumption. I don’t see a lot of need for encryption
> except across a peering point for example.
>
> Thanks,
> -guy
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20091014/ff880dc8/attachment-0001.html>
More information about the VoiceOps
mailing list