A number of major voice over Internet Protocol vendors released security bulletins today detailing vulnerabilities
that affect a range of VoIP products. These flaws could open corporate networks to attack.
The vulnerabilities were found in the H.323 protocol, which is used to transmit IP-based voice and video data over networks. The flaws were found by researchers at the University of Oulu's security programming group in Finland. Vendors have found that the problems affect products from several vendors, including Cisco Systems Inc., Microsoft, Nortel Networks Inc. and Tandberg ASA.
Several of the vendors have made patch or upgrade information available.
Cisco has found the vulnerabilities in its Internetwork Operating System (IOS) software. Microsoft has found them in its ISA Server 2000 and its Small Business Server 2000 and 2003. Nortel's affected products include the Business Communications Manager, Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway. Tandberg videoconferencing endpoints are also vulnerable.
Other vendors' products may be vulnerable as well, and Avaya Inc., Hewlett-Packard Co. and others are currently testing their products for vulnerabilities.
While H.323 is a protocol largely used for voice and video over IP systems -- a relatively small part of the market right now -- these vulnerabilities can affect more than just those systems, said Neel Mehta, a research engineer with Internet Security Systems Inc. Because the Cisco IOS is compromised, some routers are now compromised as well, he said.
"If routers are compromised, any data moving over the router is now open to hackers. This is more serious than just H.323," Mehta said. So even if a VoIP system is separated from the rest of the network by a virtual LAN, data may still be vulnerable, he said.
Mehta said that voice systems might now be vulnerable to denial-of-service attacks, which could bring them down altogether.
Carrie Higbie, network applications market manger for the Siemon Company, a Watertown, Conn.-based cabling systems company and a SearchNetworking.com site expert, said that hackers are more commonly targeting VoIP systems. Having a voice system compromised can allow others to use it for free; essentially, the consequences can be as bad as when someone steals credit card information, she said.
Mehta recommends that network managers deploy vulnerability assessment products to determine where their networks may be most vulnerable. They can then install an intrusion-prevention system (IPS) or use a hosted IPS service that can stop H.323 attacks before they reach the network. Another option is to install a gateway that might divert these attacks.
FOR MORE INFORMATION:
More Cisco-related H.323 vulnerability information can be found at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
More Microsoft-related H.323 vulnerability information can be found at http://www.microsoft.com/technet/security/bulletin/ms04-001.asp.
More Tandberg-related H.323 vulnerability information can be found by e-mailing email@example.com.
More Nortel-related information can be found by contacting the company directly.