T 4.56 Failure of the VoIP architecture

VoIP can be used as an alternative to a circuit-switching PBX system. All telephone calls, including all incoming, outgoing and internal telephone calls, can be carried out entirely using VoIP. You can use the existing data network or a separately operated data network for the purpose of communication.

An IP network consists of active and passive network technology. Passive network technology is primarily understood as the structured cabling system. Active network technology includes hubs, bridges, switches, and routers, for example. The failure of one or more components of the active network technology can lead to the complete standstill of the entire IT network. In such a case, the VoIP architecture is also completely unusable when it is operated on the same IT network.

If an attacker has direct access to the LAN, for example by connecting a switch or via a wireless network, then the attacker may be able to terminate existing connections under certain circumstances. An example of such a connection is a TCP connection initiated with the Session Initiation Protocol (SIP) or H.323, which is terminated using an IP packet with the RST flag set.

Using techniques such as flooding, an attacker can overload the data network. However, this does not only apply to VoIP architectures. Practically every stream of information can be disrupted in this manner.

The operation of the VoIP architecture generally requires the use of components for switching the telephone calls. Examples of such components are H.323 gatekeepers and SIP registrars. This VoIP middleware can be operated on separate IT systems or on dedicated hardware components. The integration of these devices into the IT network results in new threats not present in circuit-switching PBX systems, which require a separate cable infrastructure. For example, VoIP components can become compromised over the IP network by worms and thus fail.

To be able to use VoIP, the users generally need to log in to a corresponding system, for example a registrar when using SIP or a gatekeeper when using H.323. Without appropriate security mechanisms, an attacker could log out a user using forged packets (de-registration). The result of this is that it becomes impossible to reach this user by telephone.

The switching units are a particularly attractive target for attack, since the failure of such a system means a large number of users will not be able to make telephone calls any more. For example, if an attacker has physical access to a switching unit, he could manipulate, damage, or simply switch off this central architecture. However, logical attacks to switching units, for example by resetting the network connections or deleting important system files, can also lead to significant damage under certain circumstances.

This threat scenario also applies to VoIP end devices. Many tools have been developed for attacking networked IT systems, and the threat scenarios for networked IT systems are also similar to those for VoIP devices. These programs can often also be used by less experienced attackers. By assessing a variety of network parameters such as the responses to certain IP packets, the exact type of the end device can be determined for some devices. This information can then be used to specifically attack these devices.

The VoIP end devices as well as the middleware contain a large amount of software. There is therefore a risk that this software contains vulnerabilities that can be exploited by an attacker. VoIP devices are therefore also susceptible to malware, for example to computer viruses or worms.

The availability can also be adversely affected by unpredictable events. Telephones in circuit-switching networks often receive their operating voltage directly from the telephone network. If a PBX system for a circuit-switching network is supplied with power by a local UPS in the event of a power failure, then the end devices will still be able to draw their power from the network. In contrast, VoIP end devices generally do not obtain their power from the IT network. Even if the VoIP system is backed up by a UPS, the end devices will be unusable in the event of a power failure. In addition, the failure of the active network technology will also lead to the inoperability of the data network, which means that it will also be impossible to make telephone calls using VoIP.