Vendor Points to VOIP Vulnerabilities

CHICAGO Supercomm 2004 – TippingPoint Technologies Inc. is looking to plug the VOIP security gap and steal a march on other vendors of intrusion and prevention systems, with enhancements to its flagship UnityOne product announced at Supercomm

today.

The company has added a series of VOIP security filters by programming new rules into the Agere-processor-powered UnityOne device, which is used within data centers and service providers’ points of presence (POPs) to inspect packets sent over the Internet.

The news highlights a key issue: With voice and data networks converging, there is growing concern that the new infrastructure will fall prey to Internet-based threats such as worms, viruses, and trojan horses.

The challenge facing many service providers is that emerging technologies are often widely deployed before their security requirements are fully tackled. According to a White Paper released by TippingPoint, testing has already identified a variety of denial-of-service and buffer overflow vulnerabilities in implementations of VOIP products that use the H.323 and SIP protocols. The study also claims that a hacker could exploit a vulnerability in a SIP protocol implementation, for example, to hijack VOIP calls.

Jon Oltsik, senior analyst of information security at the Enterprise Storage Group Inc., says, “More companies are implementing VOIP and, as a relatively new protocol, it’s likely to be attacked because of vulnerabilities.”With its announcement today, TippingPoint aims to provide additional layers of security for VOIP applications, as well as the underlying operating systems and infrastructures that support them. The product enhancements will also help deal with any vulnerabilities in VOIP protocols such as H.323 and SIP (Session Initiation Protocol), according to TippingPoint executives.

Oltsik believes that, amongst the IPS vendors, TippingPoint is blazing something of a trail with the new features. “This is the first IPS I know of that will support VOIP," he says. "Tipping Point is ahead of the curve.”

At the moment, Mark Willebeek-LeMair, TippingPoint’s chief technology and strategy officer says the vendor now has “a couple of dozen” VOIP filters built into UnityOne, although he adds that this could eventually "run into the hundreds."

TippingPoint is not the only security vendor recognizing the importance of VOIP protection. Check Point Software Technologies Ltd.’s (Nasdaq: CHKP) VPN-1 next-generation gateway device, for example, provides support for a range of protocols, including H.323, SIP, MGCP, and SCCP.

Tied in with its UnityOne announcement today, TippingPoint also revealed that it is forming a VOIP security lab where the company will work with voice-over IP vendors and customers to analyze weaknesses in the technology’s architecture.— James Rogers, Site Editor, Next-gen Data Center Forum