Challenges and opportunities for Open Source solutions

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Challenges and opportunities for Open Source solutions"

Transcription

1 GDS HA83090K2 D3 S MGD 7 W510200RQ1 UT 10 T28GHY620 JH7 BE4ET276 90K2 D39HA83 0K2 D39HA830 8JD6200NS12 RQ1 UTW H7 BE4ET2763J 8HGDOI0912 M1 Y T28GH UTW K2 GDS HA83090K2 D3 S MGD 7 W510200RQ1 UT 10 T28GHY620 JH7 BE4ET276 90K2 D39HA83 0K2 D39HA830 8JD6200NS12 RQ1 Security UTW in By: Juan Oliva H7 BE4ET2763J 8HGDOI0912 Editor: Paul Estrella Voice Over IP Implementations M1 Y Translation: Elvita Crespo T28GH Challenges and opportunities for Open Source solutions The current availability of Voice over IP solutions (VoIP by its acronym), has allowed thousands of companies worldwide to adopt this technology. As the main tool in "unified communications" environments, it has allowed the integration of telephony with data processing systems and through that, to a universe of applications that have combined, extended, or created new functionality. There are many existing standards that have allowed the generation of this convergence with a dramatic impact on the availability and cost reduction. However, being VoIP a digital technology where the IP protocol is the foundation, it is not exempt from being exposed to the vulnerabilities found in network environments. Nowadays, there is little awareness and documentation about existing and emerging security issues, which has a major contrast with the levels of economic loss to which a business is exposed in an implementation of this type. For this reason, it is necessary to set up the right security for the selected platform and its environment, as usually there is not only a single point or vector of attack, and the VoIP platform is not the only software service in a company. It is important to have a general overview, to acquire knowledge, and above all, to know about all the elements that interact with the platform. Not only the hardware and software elements, but also to know about people, network administrators, integrators, and specialists, as they are the ones who maintain and implement the safety rules at different levels. This document provides an overall picture of the guidelines and considerations that should be taken into account in order to provide security in VoIP platforms.

2 28MGDS20910 Security in Voice Over IP Implementations R HGDOI0912 H7 RQ1 Current state of security in VoIP systems I0912 SSH and web systems. 0K2 8JD6200NS12 RQ1 28MGDS20910 R HGDOI0912 H7 RQ1 7 1 Some threats are not very different from those that currently exist in a data network, such as SQL injection at the level of Web applications, DoS (denial of service) in services like RDP or http, and session theft, or password cracking 1 in A number of these services are part of a Voice over IP platform nowadays, so they just drag this kind of problems, or we could also say that they "increase the interest of an attacker." We are not just talking about getting access to a database or server, but the possibility of making a fair amount of phone calls that could translate into thousands of dollars. However, if we refer exclusively to Voice over IP, we find that SIP is the signaling protocol that has been more widely accepted in the industry, and upon which we can point out some potential threats I0912 Eavesdropping 0K2 8JD6200NS12 RQ1 It is a technique used to capture calls. This is plainly more related to espionage, and it is a collateral status of an attack known as "Man-in-the-middle". If the attack is successful, it is possible to capture communications. This is based on what is known as ARP table poisoning, which consists of sending fake ARP messages in order to associate the attacker's MAC address with the IP address of the attacked target, posing as, for example, a router or a PBX. Once achieved, it is possible not only to capture conversations based on RTP protocol, but also any other information passing through services that are not encrypted. Denial of Service (DoS) attacks in VoIP They are usually scripts, whose objective is to generate packet flooding. From this perspective, there are two types existing for this attack: UDP PACKETS One is the one that uses the so-called SIP methods. The most common is called INVITE FLOOD, which generates so many requests to the VoIP platform that the system eventually ends up serving the attacker only. This causes that valid users can no longer use the service, in addition to generating excessive system processing and memory usage. The other one produces Internet bandwidth flood, better known as UDP FLOOD. This one also generates a lot of packages, but having the goal of consuming all the bandwidth contracted by the victim. It is particularly aimed at operators or companies that commercialize voice traffic. These types of attacks are difficult to handle, since perimeter security devices such as Firewalls, UTMs (Unified Threat Management) or IPSs (Intrusion prevention system), cannot repel this attack with traditional blocking, on the contrary, it is necessary to use specialized equipment to divert them. 1 Process to attempt to guess user s passwords.

3 SIP brute force Attack It is the most common attack developed towards VoIP platforms. It is about guessing the passwords of the SIP entities created on the server. Once the credentials are stolen, it can authenticate against the VoIP server or platform to generate calls. The ability to guess passwords is performed by tools that automate this process. One example is SIPVicious suite, which runs a process known as enumeration of entities, to later run the password cracking process by using dictionaries in plain text files. This kind of attack is very similar to the one performed against the SSH service. VoIP Spam (SPIT - Spam over Internet Telephony) This is not a vulnerability itself, but rather privacy intrusions when receiving unsolicited calls trying to sell a product, as has been happening for many years now with . This is one of the most common uses for call dialers. Caller ID Spoofing It is the ability to modify the Caller ID to impersonate an individual or a company, such as a bank. In the past, implementing such attacks required a rather complex and expensive telephony infrastructure. Today it is no longer the case, since the vast majority of VoIP platforms will allow the overwriting of this phone field. Security in proprietary solutions Proprietary solutions have a wide range of products for every need, which often represent trends in technology and services in the market and later become customer needs. The reality is that many of these solutions are implemented as black boxes for the customer or certified integrator. This responds to a "solution control policy", since the less you can see inside, the less chance there is of finding vulnerabilities or security flaws. However, in this market field, no one is free from having flaws, even the best safes can present problems. In proprietary Voice over IP platforms, you may find buffer overflow vulnerabilities (poor control of data copied on memory), remote command execution, and denial of service, these being faults more common than you can imagine.

4 To "discover" these flaws simply take a look at sites like exploit-db or Packet Storm and search for some of the most representative brands. Based on this, you cannot sell any as the safest solution. An important topic to be mentioned is related to remediation or corrections, which are usually much more expensive. The simplest thing that could happen is that they are only addressed as a firmware version update, which may involve an investment at the license level. The other side of the coin is even more complex and includes a complete change of equipment. In this case, we may face the dilemma of either buying a box again or staying vulnerable. Security in Open Source solutions opportunities Open Source solutions are not free from security reports. The advantage is that on one hand, there are companies that are behind the development, and on the other hand, there are supporting developer communities. Here it is important to mention that, unlike proprietary solutions, where 90% of the development, revision, and correction is performed in-house, the Open Source distributions have a significant number of people in different parts of the world, under different work environments, that add to the work of the main developer, allowing these solutions to be developed at a faster rate, which includes improvements and fixes. Several open source solutions have benefited from this situation, and they have now evolved into benchmarks in certain sectors of software industry, and clear competitors in others. It is not surprising that over 90% of supercomputers in the world use Linux. Solutions such as Asterisk, Drupal, Firefox, Zimbra, Endian, Zentyal are a clear example that this business model works and that it is sustainable. Another important topic regarding Open Source solutions is that they are under the scrutiny of independent developers, their community, and the general public, so that hidden software intended for data collection or any other purpose not related to the purpose promoted by the lead developer is detected. UDP PACKETS Elastix as another tool of enterprise information systems Elastix is an open source unified communications solution based on Linux and Asterisk, with features that go beyond a conventional PBX. The platform contains tools that provide unified messaging, virtual fax, corporate instant messaging system, among others. A unified communications system as Elastix is not an isolated element in a company, but a part of its process flow in such a way that it establishes an ideal condition of convergence. A clear example is the development of systems for querying data from a telephone line which, combined with Text-to-Speech engines, automates and makes service processes more agile, thus optimizing resources.

5 Another important example is the ability for a customer to make a phone call and be automatically served, only by clicking on the company website from a browser 2. All these elements provide added value, not only to the company, but also to customers, who always expect an immediate response. What does Elastix bring at the security level? Elastix, starting from version 2.0, includes a security module, which is an important tool that includes a complete Firewall manager to configure ports and services. For many, the handling and management of firewall iptables at the core level in Linux based distributions can be a headache, mainly because the application provides many features. However, the addition of this option allows the administration of access ports in a friendlier and more concrete way, especially in scenarios where we need to filter by source (a web interface for example) or when we have to enable the SIP and RTP ports and deny everything else. UDP PACKETS The module also allows to "audit", which shows all failed and allowed accesses to the management interface, which is useful to keep access track. Another feature, called weak keys, takes a tour of the passwords of all configured extensions, verifying if these meet strong password policies. 2 A process that combines several technologies, including WebRTC, VoIP and a VoIP distro.

6 How to complement security? Infrastructure, training, best practices Implementing security in VoIP platforms often raises complex questions because in reality it all depends on the need for accessibility and services we need to incorporate. Some scenarios include::. Elastix to the PSTN 3, local extensions and remote administration.. Elastix to the PSTN, local extensions, remote administration, and VoIP 4 provider for outbound calls.. Elastix to the PSTN, local extensions, remote administration, VoIP provider for outbound calls, and inbound calls with DID.. Elastix to the PSTN, local extensions, remote administration, VoIP provider for outbound calls, inbound calls with DID, and remote extensions. PSTN REMOTE EXTENSIONS LOCAL IP PHONES AND LOCAL SOFTPHONES IP PBX / REMOTE EXTENSIONS - VOIP EXTENSIONS - INTERNET SERVICES - IVRs - SCALABILITY These scenarios are not unique, and the easy access to technology makes them to become increasingly complex. However, currently there are tools and infrastructure models that can be implemented to provide assurance. A significant challenge is the positioning of a perimeter firewall, especially when its management is not borne by the customer. Make it clear from the start: It is not impossible to run Elastix properly behind a firewall, but great deal of coordination and tuning is necessary. More importantly, the firewall should not be considered as an element that guarantees security by 100%. That would be a big mistake. You need to go much further than that, and one of the options available is to implement software that proactively reacts to attacks from the start. Two solutions that work quite well are Fail2ban and Snort, it is advisable to consider them in the design stage of the implementation. 3 Public Switched Telephone Network 4 Voice over IP

7 Responsibilities Establishing obligations is a very delicate aspect as there are different people involved in the implementation process, particularly in the platform maintenance. Each person requires coordination and establishment of roles and responsibilities. Two basic roles in an implementation are: Integrator or Specialist Role It is the professional who provides the solution and who performs the deployment after proper analysis, which should be done together with the customer. Some of their responsibilities are:. Identifying customer needs.. Establishing proper platform positioning based on the requirements.. Implementing the functionality requested by the customer.. Knowledge of risks inherent to the platform. Customer Role This is probably the most important role, since this person is the one who will ultimately maintain the system, but even more, this person will set the initial requirement, choose the supplier, set the budget for the implementation, and the one who should make decisions prior to implementation. It is a role that, in an ideal scenario, will include the company CEO, IT 5 manager and systems administrator. He should have sufficient knowledge to preserve the operation of the platform. Some of their responsibilities are:. Knowing internal (LAN) and external (internet) risks.. Keeping secure passwords.. Establishing security as priority versus flexibility.. Consulting a specialized company, whether through a support contract or specific services.. Requesting the telephony carrier to set outbound limits to the PSTN.. Training their technical staff in the implemented solutions.. Frequently training their technical staff in security topics. 5 Information Technology

8 Future Challenges The challenges towards the future stand on the side of mobility and easy access to resources. Companies and end users are increasingly involved with user-friendly tools, such as Hangouts or Skype. But under all of this, there is always the question of: How to solve the security problem? A simple answer would be "come up with security mechanisms for each scenario." An important example is the communication security, meaning remote links and connections between branches, which should aim at hindering the access to voice packets and preventing illegal sniffing. Tools such as TLS (Transport Layer Security) and SRTP (Secure Real-time Transport Protocol) though they sound very complex, are standard protocols supported in Elastix. Its successful implementation can ensure the confidentiality of communications in environments where it is top priority to minimize this risk. USER A USER B Another example relates to collaborative environments such as telework, where remote extensions are a key necessity. For this case, the implementation of virtual private networks or "VPNs", provide a lot of flexibility, since there is currently a wide range of computers, laptops, phone handsets and mobile devices available that incorporate VPN client software. This solution not only allows us to securely connect to our private network, but also, in the case of VoIP implementations, eliminates issues associated with NAT Traversal. TUNNEL TUNNEL TUNNEL IP PHONE

9 About Author Juan Oliva Computer Security and IP Telephony consultant with over 10 years experience in the field. He is very involved in projects regarding hacking testings, vulnerability analysis and exploitation, among other tasks of computer security. He also develops implementation and assurance of IP telephony platforms based on Elastix, Call Center, Cloud Solutions and Hosted PBX projects. Part of the challenge also includes the expansion of security measures in parallel with the release and development of software and hardware solutions. Technology has advanced so fast that it has not allowed to adequately convey implementation needs at the infrastructure and knowledge level. It is becoming indispensable to have a suitable technology adviser, either in-house or by expert companies. This allows an organization to focus on its core business, which in most cases is not technology, but rather using it to achieve goals. Undoubtedly, ongoing training is vital. Today the professional has more responsibility and it is clear that having skills or knowledge in security is an added value that makes a significant difference when performing a deployment. The Elastix team, for example, is well aware of this need, which is why they have designed a security course as part of their training program. The objective is to complement, since best practices are communicated from the point of platform installation. Conclusions It is clear that along with technological advances, vulnerabilities will continue to appear. However, essential protection mechanisms are also developed, the challenge will always be in the order of knowledge, analysis, and application, so that we may determine a solution for every need. Elastix Security Master Become a part of the select group of Elastix Certified Professionals

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

SIP Trunking with Microsoft Office Communication Server 2007 R2

SIP Trunking with Microsoft Office Communication Server 2007 R2 SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY

More information

An outline of the security threats that face SIP based VoIP and other real-time applications

An outline of the security threats that face SIP based VoIP and other real-time applications A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

Ingate Firewall/SIParator SIP Security for the Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Voice over IP Security

Voice over IP Security Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

Grandstream Networks, Inc. UCM6100 Security Manual

Grandstream Networks, Inc. UCM6100 Security Manual Grandstream Networks, Inc. UCM6100 Security Manual Index Table of Contents OVERVIEW... 3 WEB UI ACCESS... 4 UCM6100 HTTP SERVER ACCESS... 4 PROTOCOL TYPE... 4 USER LOGIN... 4 LOGIN TIMEOUT... 5 TWO-LEVEL

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

Enumerating and Breaking VoIP

Enumerating and Breaking VoIP Enumerating and Breaking VoIP Introduction Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organizations which have implemented VoIP are either unaware

More information

Voice over IP (VoIP) Vulnerabilities

Voice over IP (VoIP) Vulnerabilities Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT diane.davidowicz@noaa.gov "Security problems in state of the art IP-Telephony

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

How to make free phone calls and influence people by the grugq

How to make free phone calls and influence people by the grugq VoIPhreaking How to make free phone calls and influence people by the grugq Agenda Introduction VoIP Overview Security Conclusion Voice over IP (VoIP) Good News Other News Cheap phone calls Explosive growth

More information

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP

More information

Attachment Q5. Voice over Internet Protocol (VoIP)

Attachment Q5. Voice over Internet Protocol (VoIP) DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information

VoIP Security: How Secure is Your IP Phone?

VoIP Security: How Secure is Your IP Phone? VoIP Security: How Secure is Your IP Phone? Dan York, CISSP Director of IP Technology, Office of the CTO Chair, Mitel Product Security Team Member, Board of Directors, VoIP Security Alliance (VOIPSA) ICT

More information

SIP Security Controllers. Product Overview

SIP Security Controllers. Product Overview SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

ICANWK406A Install, configure and test network security

ICANWK406A Install, configure and test network security ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with

More information

Skype Connect Requirements Guide

Skype Connect Requirements Guide Skype Connect Requirements Guide Version 4.0 Copyright Skype Limited 2011 Thinking about implementing Skype Connect? Read this guide first. Skype Connect provides connectivity between your business and

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables

More information

Villains and Voice Over IP

Villains and Voice Over IP Villains and Voice Over IP Heather Bonin ECE 578 March 7, 2004 Table of Contents Introduction... 3 How VOIP Works... 3 Ma Bell and her Babies... 3 VoIP: The New Baby on the Block... 3 Security Issues...

More information

FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com

FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com WebRTC for the Enterprise FRAFOS GmbH FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com This document is copyright of FRAFOS GmbH. Duplication or propagation or extracts

More information

Mitigating the Security Risks of Unified Communications

Mitigating the Security Risks of Unified Communications 2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Mitigating the Security Risks of Unified Communications Fernando Almeida 1 +, Jose

More information

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== Table of Contents Introduction to VoIP Security... 2 Meet Our Expert - Momentum Telecom... 2 BroadWorks... 2 VoIP Vulnerabilities... 3 Call

More information

SS7 & LTE Stack Attack

SS7 & LTE Stack Attack SS7 & LTE Stack Attack Ankit Gupta Black Hat USA 2013 akg0x11@gmail.com Introduction With the evolution of IP network, Telecom Industries are using it as their core mode of communication for their network

More information

VoIP Security Methodology and Results. NGS Software Ltd

VoIP Security Methodology and Results. NGS Software Ltd VoIP Security Methodology and Results NGS Software Ltd Barrie Dempster Senior Security Consultant barrie@ngssoftware.com Agenda VoIP Security Issues Assessment Methodology Case Study: Asterisk VoIP Security

More information

VoIP Telephone system benefits:

VoIP Telephone system benefits: s Why IP PBX? The VoIP Phone system is evolving, which is why you will find SIP based, IP PBXs like pbxnsip, offering more value for money and features than a traditional proprietary phone system. Traditional

More information

Implementing VoIP monitoring solutions. Deployment note

Implementing VoIP monitoring solutions. Deployment note Implementing VoIP monitoring solutions Deployment note Introduction With VoIP being an integral part of modern day business communications, enterprises are placing greater emphasis on the monitoring and

More information

Com.X IP PBX The complete communications solution in a box

Com.X IP PBX The complete communications solution in a box IP PBX Utilising VPN security when extending PBX services to remote users Virtual Private Network It is not uncommon for a single company to occupy more than one set of premises. Individual users on geographically

More information

NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service

NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service This document describes the benefits of the NEWT Digital PBX solution with respect to features, hardware partners, architecture,

More information

Security and the Mitel Teleworker Solution

Security and the Mitel Teleworker Solution Security and the Mitel Teleworker Solution White Paper July 2007 Copyright Copyright 2007 Mitel Networks Corporation. This document is unpublished and the following notice is affixed to protect Mitel Networks

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network 10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity

More information

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006

VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006 VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006 VoIP technology has the tech geeks buzzing. It has been touted as: - the killer of telecoms - a solution

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

TOPIC understanding VoIP vulnerabilities

TOPIC understanding VoIP vulnerabilities How Fragile is your VoIP Implementation? For a long time, telecommunications networks and telephony services have been a part of the critical information infrastructure. They have always had high requirements

More information

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server Quick Start Guide October 2013 Copyright and Legal Notice. All rights reserved. No part of this document may be

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

White Paper. avaya.com 1. Table of Contents. Starting Points

White Paper. avaya.com 1. Table of Contents. Starting Points White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting

More information

Secure VoIP for optimal business communication

Secure VoIP for optimal business communication White Paper Secure VoIP for optimal business communication Learn how to create a secure environment for real-time audio, video and data communication over IP based networks. Andreas Åsander Manager, Product

More information

Security principles Firewalls and NAT

Security principles Firewalls and NAT Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Security Guidance for Deploying IP Telephony Systems

Security Guidance for Deploying IP Telephony Systems Report Number: I332-016R-2005 Security Guidance for Deploying IP Telephony Systems Systems and Network Attack Center (SNAC) Released: 14 February 2006 Version 1.01 SNAC.Guides@nsa.gov ii This Page Intentionally

More information

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications Oracle s Solution for Secure Remote Workers Providing Protected Access to Enterprise Communications Our forecast shows that the worldwide mobile worker population will increase to more than 1.3 billion

More information

Recommendations for secure deployment of an IP-PBX

Recommendations for secure deployment of an IP-PBX Internet Telephony Services Providers Association Recommendations for secure deployment of an IP-PBX Version 2 November 2013 Contact: admin@itspa.org.uk Contents Introduction... 3 Health Warning!... 3

More information

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Proprietary 2011 Media5 Corporation Table of Contents Introduction... 3 Solution Overview... 3 Network Topology... 4 Network Configuration...

More information

VoIPon Solutions www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0) 1245 600560. Ranch Asterisk VoIP Solution

VoIPon Solutions www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0) 1245 600560. Ranch Asterisk VoIP Solution Ranch Asterisk VoIP Solution Ranch Networks manufactures Network appliances built to advance VoIP telephony deployments. The RN series of products provide security, reliability, and scalability to VoIP

More information

642 552 Securing Cisco Network Devices (SND)

642 552 Securing Cisco Network Devices (SND) 642 552 Securing Cisco Network Devices (SND) Course Number: 642 552 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional, Cisco Firewall Specialist,

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

ITSPA. Recommendations for secure deployment of an IP-PBX. Public. Node4 Limited Richard Buxton 31/05/2011

ITSPA. Recommendations for secure deployment of an IP-PBX. Public. Node4 Limited Richard Buxton 31/05/2011 ITSPA Recommendations for secure deployment of an IP-PBX Public Node4 Limited Richard Buxton 31/05/2011 Recommendations for secure deployment of an IP-PBX Node4 are members of the Internet Telephony Service

More information

2010 White Paper Series. Top Ten Security Issues Voice over IP (VoIP)

2010 White Paper Series. Top Ten Security Issues Voice over IP (VoIP) 2010 White Paper Series Top Ten Security Issues Voice over IP (VoIP) Top Ten Security Issues with Voice over IP (VoIP) Voice over IP (VoIP), the use of the packet switched internet for telephony, has grown

More information

VoIP Security Threats and Vulnerabilities

VoIP Security Threats and Vulnerabilities Abstract VoIP Security Threats and Vulnerabilities S.M.A.Rizvi and P.S.Dowland Network Research Group, University of Plymouth, Plymouth, UK e-mail: info@network-research-group.org This paper presents the

More information

Networking: EC Council Network Security Administrator NSA

Networking: EC Council Network Security Administrator NSA coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Securing VoIP Networks using graded Protection Levels

Securing VoIP Networks using graded Protection Levels Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract

More information

VoIP Survivor s s Guide

VoIP Survivor s s Guide VoIP Survivor s s Guide Can you really save $, improve operations, AND achieve greater security and availability? Presented by Peggy Gritt, Founder and CEO of the VoIP A non-biased organization for the

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0 Avaya Solution & Interoperability Test Lab Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0 Abstract These Application Notes describe the steps for

More information

Black Box Analysis and Attacks of Nortel VoIP Implementations

Black Box Analysis and Attacks of Nortel VoIP Implementations Black Box Analysis and Attacks of Nortel VoIP Implementations Richard Gowman, CISSP Eldon Sprickerhoff, CISSP CISA www.esentire.com Copyright 2007 esentire, Inc. Who we are... esentire, Inc. Based out

More information

FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com

FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com WebRTC for Service Providers FRAFOS GmbH FRAFOS GmbH Windscheidstr. 18 Ahoi 10627 Berlin Germany info@frafos.com www.frafos.com This document is copyright of FRAFOS GmbH. Duplication or propagation or

More information

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Hosting more than one FortiOS instance on. VLANs. 1. Network topology Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of

More information

Last update: February 23, 2004

Last update: February 23, 2004 Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to

More information

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP (VoIP) Denial of Service (DoS) Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based

More information

Security Awareness. Wireless Network Security

Security Awareness. Wireless Network Security Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition

More information

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border Siemens Enterprise Communications Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border April 2011 Agenda 1 Industry Trends 2 Customer Initiatives

More information

Multi-layered Security Solutions for VoIP Protection

Multi-layered Security Solutions for VoIP Protection Multi-layered Security Solutions for VoIP Protection Copyright 2005 internet Security Systems, Inc. All rights reserved worldwide Multi-layered Security Solutions for VoIP Protection An ISS Whitepaper

More information

Threat Mitigation for VoIP

Threat Mitigation for VoIP Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities

More information

Security & Reliability in VoIP Solution

Security & Reliability in VoIP Solution Security & Reliability in VoIP Solution July 19 th, 2006 Ram Ayyakad ram@ranchnetworks.com About My background Founder, Ranch Networks 20 years experience in the telecom industry Part of of architecture

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent

More information

Release the full potential of your Cisco Call Manager with Ingate Systems

Release the full potential of your Cisco Call Manager with Ingate Systems Release the full potential of your Cisco Call Manager with Ingate Systems -Save cost with flexible connection to Service Providers. -Save mobile costs, give VoIP mobility to your workforce. -Setup an effective

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network

ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network Release: 1 ICTTEN5168A Design and implement an enterprise voice over internet protocol and

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Firewall and UTM Solutions Guide

Firewall and UTM Solutions Guide Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

Industrial Firewalls Endpoint Security

Industrial Firewalls Endpoint Security Industrial Firewalls Endpoint Security Is there a need for a new type of industrial firewall? Industries have a huge park of different management and control systems to monitor their production. These

More information

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE Microsoft Office Communications Server 2007 & Coyote Point Equalizer DEPLOYMENT GUIDE Table of Contents Unified Communications Application Delivery...2 General Requirements...6 Equalizer Configuration...7

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

Securing Unified Communications for Healthcare

Securing Unified Communications for Healthcare Securing Unified Communications for Healthcare Table of Contents Securing UC A Unique Process... 2 Fundamental Components of a Healthcare UC Security Architecture... 3 Making Unified Communications Secure

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information