Print this page

Stopping Covert Communication

Covert Communication Exploitation

Data LeakageEnterprises perpetually fight an expensive and losing battle to stop malware infection of their networks.  The most dangerous and most worrisome threat that exploits the network's vulnerability to malware attacks are Advanced Persistent Threats (APT).  This class of malware successfully invades the enterprise networks and then observes, learns, and quietly attacks the enterprise's most valuable assets.   Stolen information (e.g., PII, competitive information, intellectual property, or financial information) is then transmitted out of the compromised network via covert channels to avoid detection.

Converged networks that have combined wireless, cellular and wireline networks; combined voice, video and data services; and combined fixed and mobile devices; are packed full of covert communication vulnerabilities.  However, Voice over IP (VoIP) is not only the most pervasive new service and but is also highly susceptible to exploitation as a covert communication channel.

VoIP is a Huge Covert Communication Threat

The US Defense Information Services Agency (DISA) recognizes VoIP as a means for data exfiltration (see Vulnerability Key V0021507) in the DISA Voice and Video over IP (VVoIP) Security Technical Implementation Guide (STIG) Version 3 Release 1.  It is a serious risk because VoIP systems have been designed handle lots of traffic very quickly. Unfortunately, the VoIP network that was intentionally designed as a "super-highway" to provide great voice quality can be misused to very quickly move data outside of the company's physical and virtual walls. Existing security appliances are unable to stop this abuse because they slow down and interrupt traffic through the use of deep packet inspection. Since slowing down and interrupting voice would dramatically garble and distort voice communication, deep packet inspection can not be used.

Encryption is also widely used to provide privacy for VoIP calls. In fact, encryption is the only solution that delivers private and secure communications. But once the media is encrypted, the content may or may not be voice. Who can tell? Inspection of the media stream is impossible because it is not visible as the result of encryption. So not only can your data flow out of your enterprise, it can flow out without detection!

Salare Security develops and markets unique VoIP security solutions that stop data leakage through VoIP channels. Unlike other security appliances, Salare’s products do not use deep packet inspection and thus do not degrade the Quality of Service (QOS) of voice. Salare Security's products even prevent point-to-point encrypted media streams from carrying data.

If you must comply with HIPAA, FERPA, SOX, PCI DSS, or GLBA and have VoIP traffic (sanctioned or unsanctioned) you need to act now. Both insiders and outsiders can steal data from your network and do so without detection.

Next page: Products