You are exactly correct on all accounts ...... MITM is an easy hack. I do it daily in hacking and product demonstrations.

One other note on VLAN's, they are for anything but security. It is a broadcast domain. There are many hacks out there to traverse VLAN's. Yersinia (a hacking app) allows you to hack layer 2 protocols. Pentration testing with this app allows VLAN hacking and VLAN hopping. Download and test app here: http://sourceforge.net/projects/yersinia

Furthermore, VLAN's do not protect against the many potential vulnerabilities introduced by the deployment of soft phones, which reside on the data VLAN, or other potential DoS attacks like floods related to the misconfiguration of hard phones or malicious attacks from inside the network. The significant security concerns for this type of deployment are mainly SIP/SCCP/H.323 call control and application level attacks including: DoS attacks from infected soft clients, Application level floods, Spoofing and impersonation, Theft of service, and Call state machine violations.

THe only way to protect VoIP is to properly authenticate and encrypt the protocols. The best solution is to scrub the data inline with a IPS device. That is what Sipera does -- The Sipera boxes are located in-line with the enterprise IP PBX, thus functioning as a gateway for each call server by monitoring all signaling traffic exchanged in the network. Since the majority of the concerns originate from soft clients running on PCs, Sipera also sit at the intersection of the VoIP and Data VLAN and monitor all signaling and media traffic as it passes between the two. Specific Sipera features that protect the network and end-users include: Source limiting for application level floods, Policy and signature-based filtering, Fingerprinting, Protocol anomaly filtering, and Behavior learning-based filtering. Sipera can be purchased at http://www.sipera.com.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1862/693#693