The Internet, as TV commercials and newspaper columns will tell you, is a scary place, a wild west amalgam of unrestricted freedom and licentious behavior populated by any variety of miscreants whose goal is to disrupt your life. Of course telecom providers—and cable increasingly falls into the telecom category—try to maintain their pristine peer-to-peer connections or virtual private networks (VPNs), but even they occasionally touch this scary medium. Frankly, a cable operator has no control over whom its voice customers call—they might call someone on the PSTN or another cable system, but they might also call someone who uses Vonage or Skype, which do route their calls via the Internet. The cable operator may say it’s not their network, but that’s hard to tell a layman who’s using a cable—or even telco—broadband connection. That’s the alarmist point of view. On the other side are those who say that IP telephony—packetized telephony as cable prefers—is as safe as or safer than traditional constant bit rate (CBR) telephony and maybe even a little less prone to attacks because there’s no need or desire to pirate a service that’s cheap. The moderate view In between those two extremes is the moderate view presented by Juniper Networks: There will likely be a security issue with VoIP services, and while it hasn’t shown up quite yet, it might not be as bad as the doomsayers think. After all, "even in the traditional legacy side, it was an issue at one time as well as even in the mobile side; security and service theft and things like that were big issues," said Scott Heinlein, senior manager of voice solutions in Juniper’s Cable Products Business group. "No doubt that at some point it will be a big thing." It may already have been a big thing and nobody knows because it was hushed up by providers wary of spooking a growing base of paying subscribers. That’s unlikely, although conspiratorially fun. More likely, VoIP just isn’t popular enough now to make it worthwhile for some hooligan to go in and disrupt things. John Treece, who works with Heinlein as director of business development in the Cable Products Business group, thinks cable’s past will help it when it approaches its voice future. History’s on cable’s side "One of the things MSOs have going for them is history," Treece said. "To some extent … they’ve had security vulnerabilities with their cable modem products. Whether it’s MAC spoofing or theft of service or even denial-of-service attacks for that matter, they have a pretty good grasp of what to look for." They’ve also "put a lot of things in place internally based on that history that gives them a leg up from a security perspective, whether it’s marking or QoS policies to ensure security. They’ve learned the imperativeness of having a risk mitigation strategy," he said. Cable’s problem is that it might consider VoIP security similar to signal theft where, unless flea markets started selling set-tops that "fell off cable trucks" and subscribers were climbing poles to turn on whole neighborhoods, signal theft was an isolated annoyance that was really just the price of doing business providing television. VoIP denial of service is a different beast. "An operator has to have the philosophy that you can’t let one guy sitting in his home office take down your entire network," said Heinlein. Two attack modes That guy—the type that gives home office workers a bad name—can attack from two different directions: on-network and outside the network. Juniper, anticipating these attacks and understanding human nature, has developed a session border controller (SBC)-based security solution that handles in-bound security. The second is "direct threat mitigation" that "gives the operator the opportunity to completely let both detection and isolation happen in a dynamic nature." Whether operators believe that there are threats to their voice networks—and it’s likely that some are sticking their heads in the silicon and avoiding the issue—there must be steps to mitigate the risk, Heinlein said. "It becomes increasingly important that you have mechanisms in place that can flag and isolate it and then … correct the problem," he said. "Security has come a long way. While it’s one of those things that probably will happen, it’s going to be very rare for actual security attacks to be successful and actually cause any major issues or problems within the networks." It’s not a reason to be complacent, especially as VoIP morphs into the even more complex SIP and IMS and all the other jargon associated with merging fixed and mobile networks. IMS and FMC "There needs to be security for all those potential devices because they all become devices that can be attacked," he said. "That’s one of the keys; being able to place the appropriate security devices in front of the IMS elements or devices or functionality to make sure they remain secure." – Jim Barthold

The Daily

Subscribe

Editor’s Note

Your next issue of Cablefax Daily will arrive Monday. Stay safe and enjoy

Read the Full Issue
The Skinny is delivered on Tuesday and focuses on the cable profession. You'll stay in the know on the headlines, topics and special issues you value most. Sign Up