Offical Blog

VOIP and Security

VOIP is now entrenched in the world for voice communications. That places VOIP clearly on the radar for Cyber Criminals. Unfortunately VOIP was not designed with security in mind. In fact the vary nature and standards set make VOIP even more vulnerable to Security Breaches.

In order for VOIP to be accepted it must be as good as or better than the PSTN. Therefore, security can not change the specs. For H.323, SIP, RTP, and others but must performs its role without compromise. In addition, a voice call may travel through 15- 20 different systems.

The major issues are

Latency- G.114 requires 150 ms. For 1 way traffic, 100 ms across N.America, and 400 ms for international traffic. The entire  end      to  end VOIP call includes Call Set up, Encryption, Encoding, Sample Capture, Parkerizing, to the final Move to Output will take up to 121 ms.
Jitter     – Out of Sequence Packets
RTP        - Special Header fields that reassemble packets into a voice signal are carried
                   as payload by UDP.

Several Immediate Security Vulnerabilities

1. VOIP  – protocols are based on a very well accepted set of Stds.
2. RTP    – through conversions from voice signals to data signals in the payload sector to voice again RTP would be vulnerable.
                 – Voice Packets are carried as Payload and most security appliance do not
                  inspect payload.
                – Packets are carried Out of Band and accessible by Cyber Criminals.

These aspects of VOIP bring vulnerabilities and opportunity for Cyber Criminals to launch a DDOS, Flood on SIP Messages, Capturing Customer Records, and others.

Barrier1 introduces only 12.4 microsecs. Delay, SIP aware, and H.323 compatible. Barrier1 has been providing Network Security for VOIP for over 4 years without modifications.

  Barrier1 used for Police Squad Cars and Emergency Vehicles brings greater effectiveness and affordability

 IF Your Police Squad Car or Emergency Service Vehicles have a Laptop and are connected to YOUR Network via wireless, YOU ARE VULNERABLE FOR A CYBER ATTACK just like Land Lines

 There is a growing demand to install laptops into Police Squad Cars and other emergency vehicles and connect them via wireless thus giving access to needed information where ever they are.  Access to information can truly save lives, increase job performance, increase efficiency and increase utility of services provided.  However, you also open your self up for Cyber Attackers

 The problem has been the traditional VPN like IP Sec. IP Sec is very sensitive to delay, jitter, and clocking. We all know that wireless signals are spotty in terms of strength. Thus, the connection is dropped. This is not acceptable when Police are required to respond to all corners of the city, county, or state. They have to have access to perform their duties and assignments.  Barrier1 and its clientless SSL-VPN will deliver the speed, connection state, and price that allows for a successful and Implementation of this application.

 Barrier1 brings greater effectiveness, accuracy, and affordability than any other product attempting to provide security for this type of application.

Barrier1 was Designed to Stop Polymorphic Attacks

 The race between the hackers/cyber criminals and the security pros over the protection of digital assets and sensitive information continues and is actually escalating at a furious pace. Over the years, attackers began to change there methods. The security pros countered with solutions that required individual “Point Solutions”. Firewalls, Anti-Spam, Anti-Virus, Web Content filtering, IDS/IDP, Traffic Shaping, etc. were brought to the market to solve the security problems at hand. Then cyber attackers began to change again and a “List Based Systems” were brought to the market. Today, static libraries of signatures and definitions used to detect attacks are no longer the total solution. The spamming and virus writing community has learned how to get around these list based systems. At the same time everyone thinks they are secure- YOU ARE NOT. NOW WE HAVE POLYMORPHIC ATTACKS.

 Polymorphic attacks are not new but there abilities are showing up more often.  Polymorphic are designed with the purpose of not being detected.  They accomplish this goal by having the ability to mutate with each instance. This gives the attacker the ability to walk through the traditional signature and list-based systems. One of the mutating or changing aspects of these attacks is the “Data Payload”. Each attack has different byte content.  The method used to skirt most IDS systems and Anti-Virus systems is a method which changes the byte frequency in the payload.  The signature only and the Packet Header IDS systems will not detect this. Barrier1, will detect polymorphic attacks because they have learned what is a normal data payload stream for the organization. Thus, when any deviation from the normal profile occurs, it is blocked and reported.  Yet, it gives a high degree of accuracy in terms of false positive and false negative measures.

 Barrier1 with its Advanced Intelligence will detect polymorphic attacks.  Barrier1 with its designed criteria of “ Intelligence”, monitors the Packet Header and signatures as well as the “Data Payload” and learns what normal traffic on your network is. In the event there is an abnormal or unusual change in the Data Payload, Packet headers, and other attack vectors,  Barrier1 would alert and if in full automation mode, would block the transmission then report..

Barrier1 and Speed

During the past year there has been a lot of emphasis and marketing claims on appliances increasing the speed of the appliance.  Barrier1 was designed for speed. Barrier1 and its Industry breaking design has always brought best in class speed.

Results:

• Max Throughput                                                   11,797.1  Mbs
• Avg. Top-end                                                       11,286.0  Mbs
• Max Avg. Top-end Throughput/port                            940.5  Mbs
• Concurrent TCP Capacity
  • Number of Concurrent user sessions:                           179
  • Number of inbound ports:                                                6
  • Barrier1 CPU idle:                                                       198%
  • Barrier1 CPU usage                                                        2%
  • Number of Errors:                                                          0
  • Aggregate number of users to max Barrier1          106,326
  • Total Max TCP connections                                1,667,052
  • HTTP Transfer Rate                                       647,311,500
  • IP Fragmentation Handling                             415,754,400
  • Illegal Traffic Handling                                  417,604,200 bpsec. Transfer rate
  • Latency                                                      
    • Packet Size            Av. Latency
      • 64                197.89
      • 512              202.11
      • 1518            237.11
      • HTTP            234.33

Barrier1  Stops SQL Injection Attacks

Hackers have changed their sight to SQL injection attacks. As of the end of 2008, SQL injection attacks have grown by over 50%. This style of attacks is not new but signals a change. In fact many experts are stating that SQL injection is the attack method of choice. Hackers and Cyber Criminals have their sites and resources on malware-laden URLs on the web.  The sheer size and volume of these attacks also indicates the lack of attention and protection organizations have placed on their web site and web applications. 

To stop SQL injection type of attacks requires new tools. The traditional Firewall, Anti Virus, URL filtering, and IDS run as independent process is not going to stop an SQL injection. SQL injection was designed to get around the traditional network security protections.  Most websites need to be public and therefore must allow public web traffic to communicate with your web application generally over port 80/443.  SQL is the only way the web application interacts with the Dbase.  That includes the relational dbases from Oracle, Microsoft Access, MS SQL, File maker Pro

Barrier1 Stops Smallest  Executables known as Portable Executables (PE 133 bytes)

 Recently a County IT department had experienced being blocked from a Web site that previously was open. The obvious question was “Why’. Today’s cyber criminals continue to refine there attacks. Why not, they want the information and they do not want to get caught. Portable Executables is an integral part of the entire Microsoft OS. If you can figure out a way to control and manipulate the Portable Executables files you have access and control

What is Null Byte Poising?

• The attacker can alter the command line.
• Replace key areas of the string with null bytes and  the program behavior is changed.  The Null Byte forces the string to end at that point.

Why Traditional Security Appliances and Individual Point Solutions do not work

• ALL Firewalls including Stateful Firewall look at only 5 things.
• IDS/IDP look for only patterns that are known
• Anti Virus only looks for known patterns in email
• Web Application Firewalls look at only layer 7 of OSI

How Does Barrier1 Stop Null Byte Positing?

• Barrier1 “AARE Engine” learns what the requests are and compares the return strings.

It is the ability to identify the changes to a network and its traffic that give Barrier1

• Barrier1 can inspect all 7 OSI layers in Near Real Time