Category Archives: Network Security

Network security articles

VOIP Security Issues

Voice over IP (VoIP) has become very popular. The main reason for the success of VoIP is lower costs for telephone calls but VoIP offers several other advantages over the old PSTN based telephone lines. With the increased use of VoIP, security has become much more important. Here is an overview of common VoIP security issues.

VoIP is taking over from the traditional PSTN, packet-switched telephone network, phone services. Not only does VoIP cut costs but it also offers additional features compared with the old telephone lines. Typically, features such as voicemail and teleconferencing are included. VoIP telephones can be either a softphone, which is software running on a computer, or a normal telephone which is connected to an IP network rather than the traditional phone network. Softphones are very handy for professional who are often on the road. VoIP allows them to use their laptop as a phone. This makes it possible to work from home or from any place with a fast and reliable Internet connection.

Of course, VoIP also have some disadvantages. First, a fast and reliable Internet connection is necessary. This is nowadays seldom a real problem. But the quality of service is a potential problem, regardless of what kind of local Internet connection is being used. In the old PSTN networks, once a connection had been set up, the quality of the service was guaranteed. Even if some hiccups happened once in a while, the service was reliable. Standard VoIP does not guarantee anything, it works on a best effort basis. Packets could be lost or received out of order. Thus, VoIP calls may suffer from jitter and significant latency.

But security may be the most serious problem with VoIP. While eavesdropping on PSTN telephone lines required wire-tapping, which required access to the physical telephone line, VoIP calls can potentially be relatively easy to record.

One problem is that VoIP communication is by default not encrypted. There is no protection against unauthorized access of the communication. This is a major problem for many organizations. Not only is it possible to eavesdrop, a sophisticated attacker could even alter the packets. A number of solutions have been developed. Unfortunately, most of the solutions require that everyone is using the same product.

Since VoIP is still a relatively new technology, a number of security issues still need to be solved. One company had increased its profits by illegally routing VoIP traffic through their network and charging the clients for the traffic. The fraudsters were not interested in eavesdropping on the traffic, they just made sure that the packets got directed into their network so they could charge for the traffic.

In many ways, securing VoIP networks is not much different from securing standard data networks. Physical access to the network equipment and cabling must be limited. For firewalls, VoIP creates a couple of new challenges. The main problem is that traditional scanning of the packets takes too long time. But newer firewalls are VoIP aware and generally handle VoIP traffic without causing any major hiccups.

In order to keep up with security issues, VoIP telephones need to be patched regularly. This can be a problem in organizations that have given the administration of the VoIP telephones to the same staff that used to manage the traditional phones. In some cases, the default update procedure for VoIP telephones is not secure.

The security of VoIP is also dependent on the overall network security. If the network security is weak, VoIP will be vulnerable as well. Additionally, the security of softphones is dependent on the security of the operating system of the computer. It is also worth noting that VoIP is vulnerable to denial-of-service attacks. A successful DOS attack may take down an organization’s complete telephone service.

Another potential problem is SPIT, spam over IP telephony. It is easy for sophisticated spammers to send out unsolicited messages to VoIP telephones. This could also be used for DOS attacks. Fortunately, firewalls can be used to control SPIT. But it is still too early to say how large problem SPIT will become for VoIP users.

Firewall Overview

What is a firewall? This is a common question. In IT, a firewall is used to keep unauthorized users away from a computer or a network. A firewall can be hardware-based, that is a physical box with software, or software based, which runs on a normal computer. Here is a short firewall overview.

The success of the Internet created the need for firewalls. A computer which is connected to the Internet is very likely to get attacked. The Morris Worm, released in November 1988, was the first large scale attack on the Internet. It was not malicious but infected thousands of computers. The main reason was that most system administrators had not expected to be attacked and had not secured their systems. The problems caused by the very simple Morris Worm changed Internet security. One of the main solutions for preventing attacks became the firewall.

The early firewalls were mainly using basic packet filtering, making it possible to specify allowed traffic and rejecting or silently dropping all other traffic. Packet filtering is easy to implement but it does not work well in a dynamic environment like the Internet. Another early feature of many firewalls was NAT, Network Address Translation, hiding the internal structure of the network behind the firewall. NAT also makes it possible to use private IP addresses (RFC 1918) on a network. This makes it possible to hide a whole network, using private IP addresses, behind one single public IP address. This both preserves IP addresses and increases the security of the private network.

Nowadays, you have a lot of firewalls to choose from. The high-end solutions are very expensive, aimed at large organizations which need to protect themselves against a number of threats. For a home network connected to the Internet with a broadband connection, a combined wireless hub/router/firewall is a cheap way of protecting your computers at home. Strictly speaking, such devices are no real firewalls but they can protect you against most threats. You should still run anti-virus software on your computers, even if they are protected by a firewall.

Windows operating system has firewall software as well. The software has been included since Windows XP. The early versions were very basic and often created problems. But the Windows Firewall software has been improved and provides a reasonable level of security. But it is highly recommended that you pay for anti-virus software which also protects your computer from external threats. They are much better than Windows Firewall software. Note that most of them will disable the Windows Firewall software.

When it comes to security, it is generally best to go for the popular solutions. Most of the security flaws have been detected and fixed. Firewalls that are not used much may not have as many known security flaws as the popular firewalls but that does not mean that they are better or more secure. On the contrary, firewalls that are not widely used could have some serious security holes but they have not been detected because very few uses the product. You don’t want to be the first one to detect a security flaw in your firewall.

The modern firewalls are very efficient, most IT security issues are generally created by insiders. Internal threats are nowadays much more serious than threats from the outside. Firewalls are used to protect the organization from threats from the outside world, not against attacks from the inside. Here you can learn how you can protect yourself against attacks from the inside. Today, the biggest threat from the outside for many organizations are distributed denial-of-service attacks. This is not really a security problem but it makes difficult for clients to reach the computers of the organization. Few firewalls are designed to handle such attacks. Fortunately, large scale distributed denial-of-service attacks are rare and only a problem for some well-known organizations.

Network Security

Network security has become a hot topic. While protecting your small home network is relatively straight-forward, keeping large networks safe is a completely different story. Firewalls can handle most of the attacks that come from the outside world but you also need to be able to handle attacks coming from the inside. Here is a short network security overview, explaining the basics.

Computer networks have become vital parts of many companies, any disruption can quickly become expensive. Redundancy solves most hardware issues but attacks can not be solved with just redundancy. Network security must take care of attacks, protecting from attacks both from the outside and as well as from the inside.

Firewalls are good protecting against intruders trying to get into the network. But protecting against coordinated denial of service attacks is much more difficult. The Internet protocols were developed without much concern about security. After all, the research networks were quite friendly places. Today’s Internet is a completely different beast. Security has been added but a lot of problems are caused by the fact that most TCP/IP protocols in general expect the participants to be nice guys who don’t try to exploit the lack of security. Here you have more information about firewalls

But for many organizations, firewalls are a good solution against outside threats. Apart from relatively few high-profile organizations, coordinated Denial-Of-Service attacks are seldom a problem. Firewalls are good at protecting networks, gone are the days when outsiders could easily discover the main servers in a network and try to break into them using basic brute-force attacks.

VPN, Virtual Private Network, can be used to give authorized users secure access to the internal network. VPN uses tunneling protocols and encryption, giving remote uses a secure connection to the company network. Various VPN solutions exist, many of them require a securID token. This requires that VPN users both know a password and have a specific device. This is known as two factor authentication, based on something you know and something you have. This makes it very difficult for outsiders to gain access. Even if they manage to steal a securID token, they need to find out the password associated with this token. If a securID token has been stolen, it can be disabled, preventing it to be used for gaining VPN access. All in all, it is considered as a very safe solution.

Insiders are often bigger concern. After all, they are already inside the firewall and can often create a lot of serious problems without having many hurdles to worry about. Insider attacks are difficult to prevent but with the right security design, the damage can generally be limited. Intruder detection systems are generally deployed so that insider attacks can be detected early. But the subject is one of the most important in computer and network security, the solutions for preventing threats from the outside have proven to be very efficient.Threats from the inside has proven to be a much tougher challenge. Here you can read more about insider attacks.

With the success of the Internet, the TCP/IP protocols have become the de facto standard in networking. In the early days of data communications, there were a lot of different protocols. Some of them are still in use but TCP/IP is generally the protocol used on public networks.

New security flaws are found all the time in network equipment, or more exactly, in the software running on these devices. This means that network devices such firewalls and routers need to be patched regularly. Fortunately, this can often be done without taking the devices offline. Servers often have to be rebooted after patching, something that can be difficult to do in today’s 24×7 world. Network equipment can often be configured so that patching can be done without affecting the service.