VoIP Telephony Network Security Considerations TR Title: VoIP Telephone Network Security Architectural Considerations
|
|
- Andra Gardner
- 8 years ago
- Views:
Transcription
1 VoIP Telephony Network Security Considerations TR Standards Project: PN URV Title: VoIP Telephone Network Security Architectural Considerations Source: 170 West Tasman Dr. San Jose, Ca USA Cisco Systems, Inc. Contact: Phone: Fax: Bob Bell Date: November 6, 2001 Distribution To: TIA TR41.4 and TIA TR ice This contribution has been prepared to assist TIA Standards Committee TR-41. It is offered to the committee as a basis for discussion and is not binding on Cisco Systems or any other company. The recommendations are subject to change in form and/or numerical value after further study. Cisco Systems specifically reserves the tight to at to, or amend, the quantitative statements contained herein. hing contained herein shall be construed as conferring by implication, or otherwise, any license or right under patent, whether or not the use of information herein necessarily employs an invention of any existing or later issued patent. The contributor grants a free, irrevocable license to the Telecommunications Industry Association (TIA) to incorporate text contained in this contribution and any modifications thereof in the creation of a TIA standards publication; to copyright in TIA s name any standards publication even though it may include portions of this contribution; and at TIA s sole discretion to permit others to reproduce in whole or in part the resulting TIA standards publication.
2 1. Introduction VoIP Security Network Security Architectural Considerations As an aid to discussion of the interconnectedness of the various components of a typical enterprise network, it is important to define the various segments of the network that may interconnect. The following description divides this typical network into 7 segments and associates a color with each segment. It is important to remember that this division is relative to the VoIP components of the network. In practice, there may be several subdivisions of each of these network segments. It is assumed for this discussion that there exists an isolation gateway between each of these components. Some may be structured on dedicated VLANs or physical LANs. The isolation gateways include devices such as routers and firewalls. VLANs may also exist within the switches. It is assumed for the purposes of this document that another, invisible network segment also exists. This special segment is the network intrusion detection segment and contains sensors and evaluation elements. These devices are not specifically defined within this document. 2. Network Segments Each of the following network segments contains similar devices. Physically, these segments may exist as separate physical LANs or as VLANs or aggregates of either or both types of topologies. Network segments are described as one of three categories. These are 1) service crucial, 2) service important, and 3) service neutral. This grading is relative to the functioning of the VoIP system and does not assume the importance of other network elements in relation to other enterprise missions. Service crucial network segments are those whose disruption would incapacitate the system. Thus, if elements in a service crucial segment are subject to a DoS attack, the entire VoIP phone system would cease to function. Service important network segments contain elements whose operation markedly enhances the functionality of the system. These would include conference bridges or IVR systems for internal use. Disruption of elements of this segment would cause significant loss of functionality within the systems but calls could still be made. Service neutral segments are those containing elements that do not significantly impact the VoIP system. Loss of a data server would not significantly impact the VoIP system as an example. 2.1 Central Call Control and Related Components Segment (Blue Network) This segment contains the call manager cluster and the database publisher. It can also include CTI servers and other devices that do not receive VoIP media streams. In addition, the CallAgent security registrar is contained within the Blue network. This network provides the signaling control for the system and the associated processes. This is a service crucial network segment Bob Bell Page 1 11/6/2001
3 2.2 Peripheral VoIP Elements Segment (Yellow Network) This segment contains those endpoints that receive VoIP media traffic. These include such items as DSP farms and Voice Mail. It also includes the VoIP Gateways and phones. It excludes VoIP devices that reside on both the Voice and Data networks. Thus, this grouping does not include PC-based VoIP Terminals. This is a service crucial or a service important network segment depending on the configuration and business plan. 2.3 Voice Associated Work Stations Segment (Green Network) This segment contains general-purpose devices that span both the Voice and Data networks. This includes the PC-based VoIP Terminals running on a workstation, attendant consoles, and other devices of this sort. This is a service important or service neutral segment depending on configuration. 2.4 Administrator Data Segment (Black Network) This segment contains the network administrators workstations and may also contain the user authorization and authentication systems used within the total network. This is a service crucial or service important network segment depending on configuration. 2.5 General Intranet Data Segment (Orange Network) This segment contains those workstations and servers comprising the Data Network infrastructure. There is a separate hierarchy of service crucial and service important, etc. units. In relationship to the VoIP system that is being profiled here, this network segment is service neutral at most. 2.6 Bastion Segment (White Network) This segment contains the servers and related infrastructure that allows access to services within the Internet. This includes HTTP proxies, mail forwarding servers, and Voice Portals. This segment, if it contains elements used within the VoIP systems is a service important segment. Otherwise, this segment is service neutral at most. 2.7 Internet Segment (Red Network) This segment is the Internet. It is a service neutral segment at best from the standpoint of the VoIP system. This segment should be considered armed and dangerous, and suspect under all conditions. 3. Segment Interconnection Mapping The following sections describe the information flows from one segment to the others. This mapping helps to identify the access controls needed for the information flows and also identifies the volume of information flow. 3.1 Blue Network This network segment contains the CALLAGENT and associated servers and processes. Internal communications within the network consists of inter-cluster communications, and signaling traffic. The endpoints should authenticate each other but privacy is probably not a big issue unless the cluster elements are remote from one another. Bob Bell Page 2 11/6/2001
4 To Yellow Network This information flow consists of signaling flows. The endpoints should authenticate each other. For high criticality units such as the DSP farms or Gateways, the endpoints shall authenticate to each other. For highly mobile devices, e.g. IP phones, the endpoints shall authenticate to each other. Signaling privacy is a significant concern as the keying information for the media privacy is contained in that information flow. If there is media traffic, because the CALLAGENT processor is providing the conference bridge capabilities for example, this downgrades the security of the blue network To Green Network This also consists primarily of signaling traffic. Because these devices represent a bridging of the Voice and Data networks, their links shall be authenticated and monitored to prevent these platforms from being used as attack platforms To Black Network There are two classes of information flows related to the Black network. These are composed of 1) user authentication traffic (e.g. RADIUS requests), and 2) Administration actions. The former traffic type is the more numerous and must follow the guidelines established for that type of traffic. It may include routing this traffic type through IPSEC tunnels or other restrictions. The latter traffic type must be authenticated and encrypted since internal information and machine structure is revealed in these messages. SSH or HTTPS are the recommended mechanisms for providing this protection To Orange Network Contact between the Blue and Orange networks should be extremely limited of at all. Such contact, in the case of user administration of their phone databases shall occur only over HTTPS or SSL/IPSEC protected linkage preferably using digital certificates as the means to authenticate. No other contact shall be allowed To White Network Contact to Internet based services such as stock quotes should terminate on a proxy server in the Bastion Network Segment. Information that is forwarded to the phones from these servers should do so on IPSEC controlled tunnels that terminate in the service conduits of the CALLAGENT. Certificate Revocation List updates from Cisco should also terminate in a Bastion server and be relayed to the CALLAGENT cluster via IPSEC controlled tunnels. No other contact is envisioned To Red Network No contact with the red network is allowed. 3.2 Yellow Network This network segment contains the phones and other media endpoints. Because this network segment is more available, greater security requirements exist. All devices must authenticate not only signaling events but also any images or other information Bob Bell Page 3 11/6/2001
5 purportedly from the blue segment must be signed digitally and validated before allowing them to become active within the elements of this network segment. Because of the centralized signaling scheme of the CALLAGENT system, the only internal communications between elements of the Yellow network should be media streams. These streams should be authenticated using HMAC techniques to assure integrity and origin. No other information flows between elements of this network segment are envisioned To Green Network Communications flows with the Green network are envisioned to be only media streams and should follow the same guidelines as the internal Yellow network flows. No other communications between elements of the Green network are envisioned To Black Network As with the Blue network above, all contact with the Black network is strictly limited by the operating rules of that network. A discussion of these rules is beyond the scope of this document To Orange Network The only contact with the Orange network is for the user to manage items on his own phone. This contact is envisioned to occur only over HTTPS secure, authenticated data flows. The authentication should be using standard HTTPS means. No other contact is envisioned To White Network No direct contact with the White network is envisioned. All messaging that uses this network should use the service conduits of CALLAGENT To Red Network No direct contact with the Red network is allowed. 3.3 Green Network This network contains elements that may bridge between the Voice and Data networks. As such, this network segment represents the point of highest threat to the CALLAGENT VoIP system. Peer communications follow the same guidelines as the Yellow network. However, this network is monitored very carefully for signs of attack. It is desirable that two IP interfaces exist for elements of this network segment. The first resides on the Green network segment. The second is homed on the data segment To Black Network Contact with this segment follows the strict rules of the Black segment. These rules are beyond the scope of this document To Orange Network Contact with the Orange network should only occur on the second network interface, if it exists. If a second physical network is not possible, then the use of VLAN separation is strongly recommended. If that is not possible, traffic from the orange network should be fully screened and controlled. Bob Bell Page 4 11/6/2001
6 To White Network Contact with the White network for the Green interface should not exist. All services requiring contact with the White network for the VoIP applications should come via the service conduits of the CALLAGENT To Red Network No direct connections with the red network are envisioned. 3.4 Black Network This administrative network has a set of strict guidelines for contact between it and the other network. That set of guidelines is under control of the enterprise network security personnel and is beyond the scope of this document. 3.5 Orange Network All contacts between the Orange network and those above it in this document are contained in previous sections. There is only one special case, that of an Orange device being connected to the switch in the back of the phone. All other contact is beyond the scope of this document To Yellow Network In the case of an Orange device connecting to the switch of a Phone, the Orange device shall not be allowed to transmit on any VLAN other than the base VLAN. All other IEEE 802.1u addresses should be blocked at that switch. This is to prevent the Orange device from assuming the role of a higher element and masquerading as a Blue network element. No other contact is envisioned except as described previously To White Network Contact with the White network should follow the security policies of the enterprise systems administrators To Red Network Contact with the Red Network should follow the network security guidelines established by the Systems Administators. 3.6 White Network Among other types of devices, the White network contains the proxy servers for services present on the phones. The information flows from these servers to the CALLAGENT servers are discussed above. No other communications flows are envisioned. Please note that it is extremely important that these servers be protected with Host-based intrusion detection systems as well as other anti-attack measures. The structure of a Bastion network is beyond the scope of this document To Red Network Contact with the Red network should follow the security policy of the systems administrators. 3.7 Red Network Under normal conditions, there should be no direct contact between elements of the Red network and any other elements within the VoIP System. Bob Bell Page 5 11/6/2001
7 4. Summary Tables From/To Blue Yellow Green Black Orange White Red Blue Simple Stringent Stringent Tightly None Yellow Stringent Stringent Stringent/ Green Black Orange White Stringent Tightly Stringent/ None None Media Only Red None None Table 1 Authentication None None None From/To Blue Yellow Green Black Orange White Red Blue Yes Yes HTTPS/ IPSEC None Required SSL/TLS Yellow YES Media Media None None None Only Only Green Yes Stringent/ Media Only HTTPS/ SSL/TLS Black Orange HTTPS/ SSL/TLS None HTTPS/ SSL/TLS White IPSEC None Red None None Table 2 - Privacy Bob Bell Page 6 11/6/2001
SpiderCloud E-RAN Security Overview
SpiderCloud E-RAN Security Overview Excerpt for SpiderCloud Wireless, Inc. 408 East Plumeria Drive San Jose, CA 95134 USA -hereafter called SpiderCloud- Page 1 of 7 Table of Contents 1 Executive Summary...5
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationBest Practices for Securing IP Telephony
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationSIP Signaling Protocol Update R1v1. 1000 West 14 th St. North Vancouver, B.C. V7P 3P3 Canada
R1v1 Document Number: TR41.4.4/01-11-013 STANDARDS PROJECT: PN-3-4462-URV TITLE: SIP Signaling Protocol Update R1v1 SOURCE: Polycom 1000 West 14 th St. North Vancouver, B.C. V7P 3P3 Canada CONTACTS: Peter
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationHow To Implement A Cisco Vip From Scratch
Overview of Cisco VoIP Infrastructure Solution for SIP The Cisco VoIP Infrastructure Solution for SIP implements a voice-over-packet network design using SIP to provide telephony services. It lays the
More informationNETE-4635 Computer Network Analysis and Design. Designing a Network Topology. NETE4635 - Computer Network Analysis and Design Slide 1
NETE-4635 Computer Network Analysis and Design Designing a Network Topology NETE4635 - Computer Network Analysis and Design Slide 1 Network Topology Design Themes Hierarchy Redundancy Modularity Well-defined
More informationLucent VPN Firewall Security in 802.11x Wireless Networks
Lucent VPN Firewall Security in 802.11x Wireless Networks Corporate Wireless Deployment is Increasing, But Security is a Major Concern The Lucent Security Products can Secure Your Networks This white paper
More informationWhy a Reverse Proxy with My Instant Communicator for mobiles??
Why a Reverse Proxy with My Instant Communicator for mobiles?? INTEGRATED COMMUNICATION SYSTEMS 8AL020043359DRARA, February 2010 What is OmniTouch 8600 My Instant Communicator? Is an aggregator of all
More informationExecutive Summary and Purpose
ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on
More informationFirewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles
Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationVoice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology
Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style
More informationMission-Critical Mobile Security: A Stronger, Sensible Approach
Mission-Critical Mobile Security: A Stronger, Sensible Approach An Overview of Unisys Stealth for Mobile By Rob Johnson White Paper 2 Table of Contents Abstract 4 Introduction 4 Unisys Stealth for Mobile
More informationWORK PROCESS SCHEDULE COMPUTER SYSTEMS ANALYST O*NET-SOC CODE: 15-1121.00 RAPIDS CODE: 2017HY. Work Process and Classroom Training Duties and Hours
WORK PROCESS SCHEDULE COMPUTER SYSTEMS ANALYST O*NET-SOC CODE: 5-.00 RAPIDS CODE: 07HY Work Process and Classroom Training Duties and Hours Period General Practices - Foundations On-the- Job Learning Hours
More informationScalable Secure Remote Access Solutions
Scalable Secure Remote Access Solutions Jason Dely, CISSP Principal Security Consultant jdely@ra.rockwell.com Scott Friberg Solutions Architect Cisco Systems, Inc. sfriberg@cisco.com Jeffrey A. Shearer,
More informationNetwork Security Topologies. Chapter 11
Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network
More informationApplication Note. Onsight Connect Network Requirements v6.3
Application Note Onsight Connect Network Requirements v6.3 APPLICATION NOTE... 1 ONSIGHT CONNECT NETWORK REQUIREMENTS V6.3... 1 1 ONSIGHT CONNECT SERVICE NETWORK REQUIREMENTS... 3 1.1 Onsight Connect Overview...
More informationCconducted at the Cisco facility and Miercom lab. Specific areas examined
Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationOvercoming Security Challenges to Virtualize Internet-facing Applications
Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing
More informationSecurity Overview Introduction Application Firewall Compatibility
Security Overview Introduction ShowMyPC provides real-time communication services to organizations and a large number of corporations. These corporations use ShowMyPC services for diverse purposes ranging
More informationOverview of Network Architecture Alternatives for 3GPP2 Femto Cells Jen M. Chen, et al. QUALCOMM Incorporated
3GPP2 Workshop, Boston, MA Title: Source: Contact: Overview of Network Architecture Alternatives for 3GPP2 Femto Cells Jen M. Chen, et al. QUALCOMM Incorporated Jen M. Chen QUALCOMM Incorporated 858-658-2543
More informationAsheville-Buncombe Technical Community College Department of Networking Technology. Course Outline
Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport
More informationFLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE. CTS 2655 and CNT 2102 with grade of C or higher in both courses
Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2662 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Voice Over IP CTS 2655 and CNT 2102 with grade
More informationMITEL SIP CoE. Technical. Configuration Note. Configure MCD for use with Intelepeer Service provider SIP Trunking. SIP CoE 14-4940-00313
MITEL SIP CoE Technical Configuration Note Configure MCD for use with Intelepeer Service provider SIP Trunking SIP CoE 14-4940-00313 NOTICE The information contained in this document is believed to be
More informationConsensus Policy Resource Community. Lab Security Policy
Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationThis chapter covers four comprehensive scenarios that draw on several design topics covered in this book:
This chapter covers four comprehensive scenarios that draw on several design topics covered in this book: Scenario One: Pearland Hospital Scenario Two: Big Oil and Gas Scenario Three: Beauty Things Store
More informationLab Testing Summary Report
Lab Testing Summary Report February 2007 Report 070228 Product Category: SMB IP-PBX Vendor Tested: Cisco Systems Product Tested: Cisco Unified Communications 500 Series Key findings and conclusions: Complete
More information12. Firewalls Content
Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall
More informationNEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service
NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service This document describes the benefits of the NEWT Digital PBX solution with respect to features, hardware partners, architecture,
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationehealth and VoIP Overview
ehealth and VoIP Overview Voice over IP (VoIP) configurations can be very complex. Your network could contain a variety of devices, applications, and configuration capabilities to support voice traffic.
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationConfiguration Example
Configuration Example Centralized Branch Office VPN Architecture (Hub & Spoke) Example configuration files created with WSM v11.10.1 Revised 7/24/2015 Use Case In this configuration example, an organization
More informationHow To Pass A Credit Course At Florida State College At Jacksonville
Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationDraft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications
Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing
More informationUnified Communications in RealPresence Access Director System Environments
[Type the document title] 3.0 October 2013 3725-78704-001B1 Deploying Polycom Unified Communications in RealPresence Access Director System Environments Polycom Document Title 1 Trademark Information Polycom
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More informationMITEL SIP CoE Technical. Configuration Note. Configure MCD for use with Thinktel SIP Trunking Service. SIP CoE 12-4940-00197
MITEL SIP CoE Technical Configuration Note Configure MCD for use with SIP Trunking Service SIP CoE NOTICE The information contained in this document is believed to be accurate in all respects but is not
More informationHow To Protect Your Network From Attack
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationManaged Services The. The Road to Revenue. Pravin Mahajan pmahajan@cisco.com. Session Number Presentation_ID
Managed Services The The Road to Revenue Pravin Mahajan pmahajan@cisco.com Session Number 1 Agenda Managed Services Introduction Solution Offerings Market to Services Mapping Summary 2 High Business Interest
More informationInformation Technology Security Guideline. Network Security Zoning
Information Technology Security Guideline Network Security Zoning Design Considerations for Placement of s within Zones ITSG-38 This page intentionally left blank. Foreword The Network Security Zoning
More informationWebEx Security Overview Security Documentation
WebEx Security Overview Security Documentation 8/1/2003: WebEx Communications Inc. WebEx Security Overview WebEx Security Overview Introduction WebEx Communications, Inc. provides real-time communication
More informationFireware Essentials Exam Study Guide
Fireware Essentials Exam Study Guide The Fireware Essentials exam tests your knowledge of how to configure, manage, and monitor a WatchGuard Firebox that runs Fireware OS. This exam is appropriate for
More informationEvaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture
Deploying Cisco ASA VPN Solutions Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and Course Flow Additional Cisco Glossary of Terms Your Training Curriculum Evaluation of the Cisco
More informationSonicWALL Corporate Design System. The SonicWALL Brand Identity
SonicWALL Corporate Design System The SonicWALL Brand Identity 1 SonicWALL Corporate Vision Vision Dynamic Security for the Global Network Our vision is simple: we believe security solutions should be
More informationWhite Paper. Telenor VPN
White Paper Telenor VPN Versjon 2.2 September 2006 Side 1 av 5 Table of contents 1 Short introduction... 3 2 Product information... 3 2.1 Mobile Data Access... 3 2.2 SMS Acess and SMS Bedrift... 4 2.3
More informationCisco IOS Firewall. Scenarios
Cisco IOS Firewall Common Deployment Scenarios http://www.cisco.com/go/iosfirewall com/go/iosfirewall Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. 1 Cisco IOS Firewall Feature Overview
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationVoice Over IP (VoIP) Denial of Service (DoS)
Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationJive Core: Platform, Infrastructure, and Installation
Jive Core: Platform, Infrastructure, and Installation Jive Communications, Inc. 888-850-3009 www.getjive.com 1 Overview Jive hosted services are run on Jive Core, a proprietary, cloud-based platform. Jive
More informationImplementing Cisco IOS Telephony and Unified Communications Express (IITUCX)
Implementing Cisco IOS Telephony and Unified Communications Express (IITUCX) Course Objectives Explain the benefits and components of a Cisco Unified Communications system Describe how traditional telephony
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server
ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server Inhalte Teil 01 Network Architecture Standards Network Components and Terminology Network Architecture Network Media Access Control Methods
More informationNTP VoIP Platform: A SIP VoIP Platform and Its Services
NTP VoIP Platform: A SIP VoIP Platform and Its Services Speaker: Dr. Chai-Hien Gan National Chiao Tung University, Taiwan Email: chgan@csie.nctu.edu.tw Date: 2006/05/02 1 Outline Introduction NTP VoIP
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationSecure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment
Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment Introduction 1 Distributed SCADA security 2 Radiflow Defense-in-Depth tool-set 4 Network Access
More informationNetwork Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering
Network Security by David G. Messerschmitt Supplementary section for Understanding Networked Applications: A First Course, Morgan Kaufmann, 1999. Copyright notice: Permission is granted to copy and distribute
More informationLab 5.5.3 Developing ACLs to Implement Firewall Rule Sets
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface
More informationConfiguring DHCP Snooping
CHAPTER 19 This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on Catalyst 4500 series switches. It provides guidelines, procedures, and configuration examples.
More informationConnecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP
Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual
More informationIMPLEMENTING CISCO IOS TELEPHONY AND UNIFIED COMMUNICATIONS EXPRESS (IITUCX)
Temario IMPLEMENTING CISCO IOS TELEPHONY AND UNIFIED COMMUNICATIONS EXPRESS (IITUCX) This course is designed to be the primary training for Cisco Unified Communications Manager Express and Cisco Unity
More informationTechnical Configuration Notes
MITEL SIP CoE Technical Configuration Notes Configure MCD for use with OpenIP SIP Trunking service SIP CoE 11-4940-00186 NOTICE The information contained in this document is believed to be accurate in
More informationVOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationPowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions
Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,
More informationLehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection
More informationT.38 fax transmission over Internet Security FAQ
August 17, 2011 T.38 fax transmission over Internet Security FAQ Give me a rundown on the basics of T.38 Fax over IP security. Real time faxing using T.38 SIP trunks is just as secure as sending faxes
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network
More informationFirewall Audit Techniques. K.S.Narayanan HCL Technologies Limited
Firewall Audit Techniques K.S.Narayanan HCL Technologies Limited Firewall Management Technology Network Security Architecture Firewall Placement Firewall Appliance Rule base compliance with security policy
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2013 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice. The software
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More informationSecuring VoIP Networks using graded Protection Levels
Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationThreats to be considered (1) ERSTE GROUP
VoIP-Implementation Lessons Learned Philipp Schaumann Erste Group Bank AG Group IT-Security philipp.schaumann@erstegroup.com http://sicherheitskultur.at/ Seite 1 Threats to be considered (1) Eavesdropping
More informationMaaS360 Mobile Enterprise Gateway
MaaS360 Mobile Enterprise Gateway Administrator Guide Copyright 2014 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software described
More informationHughesNet Broadband VPN End-to-End Security Using the Cisco 87x
HughesNet Broadband VPN End-to-End Security Using the Cisco 87x HughesNet Managed Broadband Services includes a high level of end-to-end security features based on a robust architecture designed to meet
More informationSIP Security Controllers. Product Overview
SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationCCNA. Course Fee: 8500 INR (Lab Access, Software s, Books, Tool Kits & Tax Included) Course Duration: 5 Days
CCNA The Cisco Certified Network Associate (CCNA) course consists of days 1 to 5 of the Cisco Networking Academy Programme. Course Fee: 8500 INR (Lab Access, Software s, Books, Tool Kits & Tax Included)
More informationSecurity for. Industrial. Automation. Considering the PROFINET Security Guideline
Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationHands on VoIP. Content. Tel +44 (0) 845 057 0176 enquiries@protelsolutions.co.uk. Introduction
Introduction This 4-day course offers a practical introduction to 'hands on' VoIP engineering. Voice over IP promises to reduce your telephony costs and provides unique opportunities for integrating voice
More informationINFORMATION TECHNOLOGY ENGINEER V
1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County
More informationBridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability
Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Overview... 3 Installing Bridgit Software... 4 Installing Bridgit Software Services... 4 Creating a Server Cluster... 4 Using
More informationQuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview
Overview Models JE404A Key features Based on a security-hardened version of Linux Works in conjunction with existing firewalls Receives SIP signaling directly from Internet Transparently supports NAT;
More informationDesigning a Windows Server 2008 Network Infrastructure
Designing a Windows Server 2008 Network Infrastructure MOC6435 About this Course This five-day course will provide students with an understanding of how to design a Windows Server 2008 Network Infrastructure
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationFirewalls. Ahmad Almulhem March 10, 2012
Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2
More informationModule 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.
SSM6435 - Course 6435A: Designing a Windows Server 2008 Network Infrastructure Overview About this Course This five-day course will provide students with an understanding of how to design a Windows Server
More informationBased on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel.
30. VoIP Example 3 (VoIP over VPN) Based on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel. In this example 3300V
More informationSophos UTM. Remote Access via PPTP. Configuring UTM and Client
Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without
More information