Community Tech-Talk series is all about discussing and sharing insights on specific topics, selectively chosen based on most-common conversation themes happening in community from our technology area.
I decided to discuss about "Understanding Cisco Unified Communications Security" to address some of your most talked about concerns primarily reflected in the community discussions, pertinent to Security of Cisco Unified Communications Solution.
Cisco Unified Communications Solution Security – Overview
The long waged war between TDM and IP Telephony is over and the winner is: VoIP! Long ago seen down upon IP based communications and UC adoption have changed and continue to change the communications paradigm. As more and more organizations adopt IP Telephony / Unified Communication (UC) solutions, they savor the potential of – power of connectivity, lower costs, and improved productivity. It can’t be denied that business agility is the mantra for success in an increasingly competitive and global environment and UC allows organizations supporting attainment of internal and external stakeholder satisfaction by enabling organizations to embed communications and collaboration into business processes. Collaboration with customers, employees, contractors, and strategic partners help accelerate time‐to-market, conscious decision making, and innovation hence, resulting in world class business agility.
However, with obvious benefits of UC there’re a number of threats that come to life when the essence of VoIP is based on data networks, which have been under attack ever since the conception of the Internet. There’s not one but many threats when it pertains to your UC solution, as simple as eavesdropping to as complex as a Denial of Service (DOS) attack. Within the context of UC solution, the whole ecosystem must be secured from business process driven communications to network infrastructure to UC applications to endpoints to management. And that too in a manner that – the security implied upholds protection of intellectual property and proprietary information, preserves corporate brands and reputations, and complies with all applicable laws and regulations.
This blog is dedicated to help you understand the need for UC security and to comprehend the various intricacies of securing a Cisco UC solution.
How to Secure Cisco UC Solution?
The key to achieve a secure Cisco UC solution requires taking into consideration voice, data, and video communications as a singular and coherent system and implementing a multilayered, uniformly applied defense construct for the system infrastructure, call control, applications, management, and endpoints. In other words adopting the Defense-in-Depth approach. Every organization has a different need for level of security for securing its data information assets and UC elements. For example, a school or a university may have a lower level of security compared to a banking company which might have higher standards of security set for its clients.
The security mechanism for a UC network should be a layered solution, with multiple security controls at multiple levels within the network, application, endpoints, and so on. This defense‐in‐depth approach minimizes the likelihood of a single point of failure, which could otherwise compromise overall security. The bottom line being, the confidentiality, integrity, and availability (CIA) of critical UC and network resources must be ensured and the security features should be transparent to the end user, possibly simple to administer, standards‐based, and cost‐effective.
Organizations should examine UC security from a business vision and goal attainment perspective by defining policies for usage of – data, voice, conferencing, Instant Messaging (IM), presence, and so on services. The UC security policy/strategy must be aligned and balanced against business risks. Essentially, the UC specific security policy becomes a guideline and stepping stone to enable enterprise wide security for a UC solution. Figure 1 portrays the ideal approach to defense-in-depth.
Figure 1 Cisco UC Security Pyramid
A UC security policy as illustrated in figure 1 is a result of existing security gaps and security assessment and should be in line with an organization’s processes, vision, and goals.
With end-to-end security construct in mind, let’s look at the various threats against which this construct will protect your UC solution.
Threats around UC Network
There’re a host of threats around UC networks and table 1 covers the most common threats pertinent to Cisco UC networks.
Table 1 Threats pertinent to Cisco UC networks
Threat | Events / Symptoms | Impact on UC Solution / Organization |
Toll fraud | Unauthorized resource usage, illegitimate long distance / international calling | Loss of revenue - huge telecom bills |
Eavesdropping | Leakage of sensitive / confidential information | Loss of confidentiality |
Identity Spoofing | Spoofing of someone's identity (e.g. MAC, IP) | Loss of confidentiality and integrity |
Call Hijacking | Calls hijacked from legit to hacker's platform | Loss of integrity, confidentiality |
Denial of Service | Legitimate users denied from using voice services | Loss of service (availability) |
Unsolicited Calling (SPIT) | Spamming of IP PBX, Voicemail | Loss of service (availability) |
RTP Injection | Injecting malformed packets in active RTP stream | Loss of integrity, confidentiality |
Vhishing | Unsolicited calling - probing for user account detail, and password | Loss of confidentiality |
Physical assault | Physical sabotage / damage | Loss of information and service |
Security Construct for Secure Cisco UC Network
To achieve end to end security for a Cisco UC solution, everything from perimeter access to user endpoints to peripheral gateways to UC servers to firewalls to physical access should be secured. This is depicted in figure 2.
Figure 2 End-to-End Security Construct
Table 2 Cisco UC Security – Relevant Cost, Complexity, and Security
Protected Entity | Low Security, Cost, and Complexity | Medium Security, Cost, and Complexity | High Security, Cost, and Complexity |
Network Infrastructure | Basis network layer ACLs Data and Voice VLAN segregation Data and Voice SSID separation Switch Port Security | Rate Limiting ACLs Stateful inspection Firewalls IOS CBAC, ZBFW IPSec Tunnels Scavenger QoS | TLS Proxy / UC Proxy Intrusion Prevention / Detection Cisco ASA AIC dot1x CCTV, Motion Sensors |
UC Applications | OS Hardening (Windows Servers) Antivirus (Windows Servers) Class of Restriction Strong Password / Pin Management Policy Phone Setting Restriction | Host Intrusion Prevention (HIPS) User Groups / Roles (MLA) Forced Authorization Codes Signed Firmware and Configuration Files | SRTP for media / TLS for Signaling IPSec to gateways / Firewalls Secure Conference Calls Encrypted TFTP Transfer |
UC Endpoints | Restricted Settings Access Disable PC Voice VLAN / Voice VLAN Span | VPN Phone MIC based secure media / signaling | Secure Network Admission (NAC) SRTP for media / TLS for Signaling LSC based secure media / signaling |
Management | Segregation of management VLAN | SSH Access to managed devices Secure RDP | AAA for management access Out of Band management network |
Table 2 summarizes the various security controls which can be applied at various layers for attaining a secure UC solution.
In a nutshell, the following are recommended best practices and recommended security controls to design and deploy secure Cisco IP telephony networks.
Physical Security
- Guards at data center or facility fringe
- Badge access to data center for authorized personnel only.
- Doors and windows with break proof glass
- CCTV cameras
- Equipment secured in racks in data center and in closets at user access level
- Uninterrupted Power Supply for servers and network gear
Switching Layer Security
- Segregation of Data and Voice VLAN (PVID, VVID)
- Switch Port Security
- Dynamic ARP inspection (DAI)
- DHCP snooping
- Dot1x - Network Access Control
- VLAN pruning
Routing Layer Security
- Routing protocol authentication
- Secure access to router GUI (HTTPS)
- Filtering of RFC 1918 addresses (at aggregation from untrusted networks)
- Route poisoning prevention
- Layer 3 QOS for segregating intended traffic from scavenger/malicious traffic
Perimeter Security
- Cisco ASA for zoning in enterprises (Inside, Outside, DMZ) and filter traffic from / to Internet
- IPSec/SSL VPN based off Cisco ASA Firewall and IOS routers
- UC proxy services (TLS proxy/Phone proxy)
- Cisco ASA Application Inspection Control
- Network Intrusion Prevention System (NIPS)
CUCM Security
- Encrypted media and signaling
- Secure access to GUI (HTTPS)
- Secure LDAP integration
- Secure voicemail integration
- Secure Trunks
- External CA Integration
- SSO solution Integration
- Role based management and user access (MLA)
Unity Connection Security
- TLS for signaling and SRTP for media
- Secure access to GUI (HTTPS)
- Secure LDAP integration
- Secure integration with call control
- External CA Integration
- SSO solution Integration
Presence Security
- TLS for signaling and SRTP for media
- Secure access to GUI (HTTPS)
- Secure integration with call control
- Secure LDAP integration
- External CA Integration
- Secure CUPC
Cisco Unified IP Phone Security
- Locally Significant Certificates (LSC), Manufacturing Installed Certificates (MIC)
- Secure network admission (dot1x)
- Restricted access to settings
- Secure WiFi admission (WPA, WPA2)
- Phone hardening
- VPN Phone
Network Management Security
- Secure access to network equipment and servers – Segregate management VLAN/Network
- SSH, SCP, SFTP, HTTPS for secure management access
- Well defined backup and restore processes, and disaster recovery program
Summing up
While UC solutions have obvious benefits such as rapid ROI realization, lower TCO, and services which help connect internal and external stakeholders when it matters most, there’re unseen risks involved which if not taken care of in time can be devastating. UC solutions share the underlying network infrastructure’s weaknesses. Fortunately, the host of threats which comes by nature of the network and VoIP’s requirement can be satisfactorily alleviated by leveraging an end-to-end security construct provided organizations realize the risks and manage them via holistic enterprise wide security architecture. The Defense-in-depth concept helps combat both internal and external threats that pester the sanctity of your UC network. The whole idea is to consider voice, data, and video communications as a singular unified system and implementing a multilayered, uniformly applied defense construct for the system infrastructure, call control, applications, endpoints, and management network. This minimizes the possibility that a failure of one or more components in the security construct could compromise overall security. Moreover, treating the development of a UC security program as a collaborative cross‐organizational project involving teams from various technical areas within and outside of organization helps build a network which can withstand a flurry of attacks. All in all, it’s your UC network and it’s you who should be in control of it and the services it delivers, not someone else!
Watch the Tech-Talk and checkout the Presentation Slides
Hope the blog was informative and proves useful for understanding Cisco UC Security specifics as well as designing, deploying, and managing secure Cisoc UC networks. Please do share your feedback and opinion via the comments session below.
Thank you for reading the blog!
Additional References:
Securing the life line of your organization - IP Communications (Cisco IP Telephony Solutions):
Best Practices for Deploying Secure Cisco IP Telephony Solutions:
http://www.ciscopress.com/articles/article.asp?p=1966660
Ask the Expert – Cisco Unified IP Phone Security:
https://supportforums.cisco.com/thread/2182313
Chalk Talk: An Insight into Cisco IP Telephony Security Controls (TS Newsletter Oct 2012):
https://supportforums.cisco.com/docs/DOC-27154
Cisco IP Telephony Security Framework:
http://www.ciscopress.com/articles/article.asp?p=1946177
Chalk Talk: An Insight to Cisco Unified Communications Manager (CUCM) Certificates:
Securing Cisco IP Telephony Networks – A Reference, A Guide, and A Companion
Unified Communications is slowly but surely becoming part of the modern day organization’s day-to-day-operations. In fact, some organizations depend on it to the extent of their core business or processes based on IP communications. Sadly though, the security aspect pertinent to IP based communications network, applications, and underlying infrastructure is usually not taken into consideration (or is ignored) when enterprises and businesses think of deploying unified communications. While, it’s easier to build security into design before deployment of a UC network, many organizations and stakeholders either tend to shy away from it (could be due to complexity, cost, manpower) or just keep it aside for later discussion (which never happens or only happens when there’s a security exploit).
It's only natural to think about the security of your network or a network you have designed or deployed. Cisco IP Telephony networks are no different, and they need their share of security to ensure that things work out the way you planned them and not how an attacker plans them to work for his motives.
Now, there's a manual, a reference, a guide, and most importantly - a companion to assist you with all security related questions, configuration, and design issues, pertinent to Cisco UC.
Securing Cisco IP Telephony Networks empowers you to lay out a plan for securing your Cisco UC network, plan a 360 degree defense construct, and protect vital IT assets ranging from network perimeter to layer 2 to layer 3 to UC applications to UC endpoints. This book is an indispensable resource for Cisco UC and Security engineers, consultants, administrators, architects, and executives, who are tasked with ensuring security of enterprise / SMB UC solutions.
The book is available as a paperback edition or eBook (epub, PDF, Kindle format) at Cisco Press, Amazon, Barnes and Noble, and various leading online and offline stores.
http://www.amazon.com/dp/1587142953
http://www.ciscopress.com/title/9781587142956
http://www.barnesandnoble.com/w/securing-cisco-ip-telephony-networks-akhil-behl/1109153076
Author Bio
Akhil Behl is a Solutions Architect with Cisco Advanced Services, focusing on Cisco Collaboration and Security Architectures. He leads collaboration and security projects worldwide for Cisco Advanced Services and the Collaborative Professional Services (CPS) portfolio. Prior to his current role, he spent ten years working in various roles at Linksys as a Technical Support Lead, as an Escalation Engineer at Cisco Technical Assistance Center (TAC), and as a Network Consulting Engineer in Cisco Advanced Services. Akhil has a bachelor of technology degree in electronics and telecommunications from IP University, India, and a master’s degree in business administration from Symbiosis Institute, India.
Akhil is a dual Cisco Certified Internetwork Expert (CCIE No. 19564) in Voice and Security. He also holds many other industry certifications, such as Project Management Professional (PMP), Information Technology Infrastructure Library (ITIL) professional, VMware Certified Professional (VCP), and Information Security Management. He’s a prolific speaker and over the course of his career, he has presented and contributed in various industry forums such as Interop, Enterprise Connect, Cloud Connect, Cloud Summit, Computer Society of India (CSI), Cisco Networkers, IT Expo, and Cisco SecCon. He has several research papers published to his credit in various international journals.
He is the author of Cisco Press title ‘Securing Cisco IP Telephony Networks’ which is available as paperback and in eBook edition.
