The growth of unified communications (UC) and in particular voice over Internet Protocol (VoIP) telephony has led to the merger of voice, messaging, video and data networks, where multi-modal voice, video and/or other communication media have become simply applications running over a data network. The term UC as used herein is meant to include all modes of communication running over a packet network, comprising without limitation VoIP telephony, instant messaging, presence information, and video conferencing along with non real time communication services such as unified messaging. As data networks have grown, various threats to the security of the data networks have similarly grown, such as hacking, intrusion, viruses and malicious code all of which are aimed at penetrating and damaging, or subverting, the target data network and the information that it carries. Security for data networks has evolved primarily in the form of simple firewalls and application specific firewalls, such as session border controllers, which control the perimeter of the network and thus prevent unauthorized entry into the data network.
Unfortunately such security measures do not fully address the security needs of a UC network, at least in part because the firewalls and session border controllers do not monitor internal traffic within the network. In particular, a malicious user who has gained access to the network can reprogram any of the VoIP phones on the network from behind the firewall. For example, and without being limiting, a malicious user can: arrange to forward all calls from a VoIP phone to a different telephone number; enable the on-board microphone of the VoIP phone to send all detected sounds to a predetermined destination, thus eavesdropping on the area surrounding the VoIP phone; conference all calls with a predetermined destination, thus eavesdropping on all calls made or received; arrange to have a VoIP telephone or a compromised voice server dial large numbers of telephone numbers in search of a device that can be exploited, a process known as “war dialing”; or arrange for the VoIP telephone to generate automatically-dialed pre-recorded phone calls, a process known as spam over IP telephony (SPIT).
Another VoIP-related class of attacks may be directed at a VoIP call manager such as a softswitch, IP-Centrex server or IP-PBX, rather than at a VoIP terminal. A perpetrator of such VoIP call manager targeted attack may, for example and without being limiting, break into a voice mail system, change user privilege information and/or tamper with internal PBX cost tables in order to conceal costly fraudulent calls to international or premium service numbers.
Other UC network elements can be similarly exploited. For example, and without being limiting, a malicious user can divert or eavesdrop on traffic from an IP-based video surveillance cameras or tamper with a presence server in order to divert messaging, voice and video call traffic to a maliciously selected destination.
In addition to the above threats of targeted attacks on a single mode of communication, perpetrators may effect more complex cross-modality attacks in the event that multi-modal communication is enabled by the UC network. For example, and without being limiting, the attacker may compromise a VoIP terminal and then use the compromised VoIP terminal to attack data systems attached to the same network. In another non-limiting example, the attacker may use a compromised smartphone attached to a UC network in order to attack a call manager or steal credit card information.
In addition to the above simple or complex direct attacks at the various modalities of UC that take place at layers 5, 6 and 7, i.e. at the session, presentation and application layers of the OSI Reference Model, respectively, perpetrators may exploit vulnerabilities of the lower layers of data communication networks, such as layer 4 (transport layer), layer 3 (network layer) and even layer 2 (the data link layer). One non-limiting example of the latter is a vulnerability of an IP network to the so-called “ARP poisoning” attack that results in a change of internal routing tables of network terminals, among them personal computers, VoIP phones and video cameras, allowing the perpetrator to perform a Layer 2 based “man in the middle” attack by routing all traffic through a malicious computer attached to the same network. In particular, the freely available “Cain and Abel” hacking software can be used to perform unauthorized recording of VoIP conversations between any two IP telephones attached to the same IP sub-network.
The UC attack surface available to perpetrators is further expanded by the non-uniform treatment of security by manufacturers of the various UC servers and terminals and a variety of devices and the associated vendor specific threats, resulting in difficult to detect threats when such devices are mixed on the same UC network.
What is desired, and not provided by the prior art, is a security apparatus and method which is operative behind a firewall or session border controller to monitor and maintain security of UC network communication preferably including security of the variety of elements engaged in switching, routing, serving and terminating Unified Communication traffic.