This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Chapter 10: Security and Monitoring
telephony apps. That would not be a good situation anywhere: voice is expected to
work 100 percent of the time.
But rather than respond to threats after you’ve already become a victim, you can use
a few techniques to proactively monitor for problems. These techniques are applied
at places where network traffic is concentrated: routers and softPBX servers.
Project 10.3. Logging and Controlling VoIP Packets
What you need for this project:
• A Linux PC capable of running the NetFilter firewall (iptables)
When a Linux NetFilter firewall is used to protect a group of VoIP bastion hosts or
just as a gateway router for a segment where VoIP is used, a lot of VoIP-related
events can be monitored and logged. Logging from the firewall is useful for the secu-
rity-minded, but it’s important for other reasons, too. It lets you get a feel for which
remote networks and hosts are communicating with your VoIP services and how
often they are. This can improve your understanding of bandwidth consumption and
traffic patterns on your network, besides giving you a keener awareness of security.
NetFilter’s default configuration provides for no logging. If you want a particular
type of packet logged, say, from a specific network or on a specific port, you must
tell NetFilter to log it. When a packet is logged, its pertinent information is sent to
syslog to be stored. Syslog is the system-wide logging daemon that is a staple in most
Unix-variant operating systems.
Some sysadmins and VoIP skeptics are concerned that a perpetrator might try to gain
access to a private IP network through the PSTN. Even if it were possible for an
attacker to fatally exploit a bug in the VoIP infrastructure—say, a codec—her only
means of transmitting data into the compromised host would be through the analog or
TDM connection to the PSTN.
Once compromised, it is possible this connection wouldn’t be running any longer,
thus cutting off the attacker’s pathway into the network. The attacker’s available band-
width would be less than 64 kbps, and he would have no means of sending IP traffic,
because his pathway into the system wouldn’t even be TCP/IP-enabled. Even if he
could crash the host, he couldn’t transmit any data to it through the PSTN. So, aside
from a denial of service due to an exploited bug somewhere in the VoIP network, the
threat here is understandably low.