Columbia - Verizon Research Secure SIP: Scalable DoS Prevention Mechanisms for SIP- based VoIP Systems, and Validation Test Tools
|
|
- Paulina Edwards
- 8 years ago
- Views:
Transcription
1 Columbia - Verizon Research Secure SIP: Scalable DoS Prevention Mechanisms for SIP- based VoIP Systems, and Validation Test Tools Sarvesh Nagpal, Eilon Yardeni, Henning Schulzrinne Columbia University Gaston Ormazabal Verizon Laboratories July 7, 2008 Verizon Copyright 2008.
2 Agenda Background &Research Focus Goals Project Overview VoIP DoS Attack Taxonomy DoS Detection and Mitigation Strategy DoS Validation Methodology Conclusions Verizon Copyright
3 Background & Research Focus Verizon needs to solve security problem for VoIP services Protocol-aware application layer gateway for RTP SIP DoS/DDoS detection and prevention for SIP channel Attack targets SIP infrastructure elements (proxy, softswitch, SBC, CSCF- P/I/S) End-points (SIP phones) Supporting services (e.g., DNS, Directory, DHCP, HSS, DIAMETER, Authorization Servers) Need to verify performance & scalability at carrier class rates Security and Performance are a zero sum game Verizon Copyright
4 Goals Study VoIP DoS for SIP Definition define SIP specific threats Detection how do we detect an attack? Mitigation defense strategy and implementation Validation validate our defense strategy Generate requirements for future security network elements and prototypes Share these requirements with vendors Generate the test tools and strategies for their validation Share these tools with vendors Verizon Copyright
5 SIP DoS Attack Taxonomy DoS Implementation flaws Application level Flooding Verizon Copyright
6 Mitigation Strategy Implementation flaws are easier to deal with Systems can be tested before used in production Systems can be patched when a new flaw is discovered Attack signatures can be integrated with a firewall Application level and flooding attacks are harder to defend against SIP infrastructure element defense Commercially available solutions for general UDP/SYN flooding but none for SIP Address application level and flooding attacks specifically for SIP Verizon Copyright
7 Mitigation Solution Overview Untrusted Trusted Filter I DPPM Filter II sipd SIP SIP SIP VoIP Traffic Attack Traffic RTP RTP Verizon Copyright
8 CloudShield CS-2000 System 10/100/ / System Level Port Distribution Application Server Module Pentium 1GHz ASM Backplane Gigabit Ethernet Interconnects DPPM D 0 D 1 P 0 E P 0 E D 0 D 1 DPPM Intel IXP E 2 1 E 2 Intel IXP 2800 F 0 C 3 C 4 F 0 C 3 C 4 Verizon Copyright
9 SIP Detection and Mitigation Filters Authentication Based - Return Routability Check Require SIP built-in digest authentication mechanism Authentication with shared secret Filter out spoofed sources Method Based Rate Limiting Transaction based Thresholding of message rates INVITE Errors State Machine sequencing Filter out-of-state messages Allow in-state messages Dialog based Only useful in BYE and CANCEL messages Verizon Copyright
10 SIP Digest Authentication Statistics Digest authentication accounts for nearly 80% of processing cost of a call for a stateless server 45% of a call for a stateful server* Additional cost 70% for message processing 30% for authentication computation (hashing)* * SIP Security Issues: The SIP Authentication Procedure and its Processing Load, Salsano et al., IEEE Network, November 2002 Verizon Copyright
11 Return-Routability Routability Implementation Succeeds SIP UA IP INVITE SIP/2.0 Via: SIP/2.0/UDP :5060 Max-Forwards: 70 From: To: Contact: Subject: sipstone invite test CSeq: 1 INVITE Call-ID: @lagrange.cs.columbia.edu Content-Type: application/sdp Content-Length: 211 v=0 o=user IN IP s=mbone Audio t= i=discussion of Mbone Engineering Issues e=mbone@somewhere.com c=in IP t=0 0 m=audio 3456 RTP/AVP 0 a=rtpmap:0 PCMU/8000 INVITE, 407 Needs Proxy-Authorization Untrusted DPPM sipd Remove Add Filter s=mbone Audio 407 Needs t= Auth 0 NPUINVITE, ( , INVITE Proxy-Auth nonce ) CAM RAM ( , nonce="6ydardp51p8ef9h4iihmuc7ifde=" ) INVITE sip:test1@cs.columbia.edu SIP/2.0 SIP/2.0 Via: SIP/2.0/UDP 407 Proxy :5060 Authentication Required Via: Max-Forwards: SIP/2.0/UDP :7898 From: sip:test5@cs.columbia.edu To: sip:test1@cs.columbia.edu; tag=2cg7xx0dzqvuilbukfywga Contact: sip:test5@ :5060 Call-ID: Subject: sipstone @lagrange.cs.columbia.edu invite test CSeq: 13 INVITE Date: Call-ID: Fri, @lagrange.cs.columbia.edu 14 Apr :51:33 GMT Server: Content-Type: Columbia-SIP-Server/1.24 application/sdp Content-Length: 0211 Proxy-Authenticate: Proxy-Authorization: Digest realm="cs.columbia.edu", username="anonymous", realm="cs.columbia.edu", nonce="6ydardp51p8ef9h4iihmuc7ifde=", Trusted nonce="6ydardp51p8ef9h4iihmuc7ifde=", stale=false, uri="sip:test1@cs.columbia.edu", algorithm=md5, response=" edd6c0b64befc c", qop="auth,auth-int" opaque="", algorithm="md5" v=0 o=user IN IP i=discussion of Mbone Engineering Issues e=mbone@somewhere.com c=in IP t=0 0 m=audio 3456 RTP/AVP 0 a=rtpmap:0 PCMU/8000 INVITE Verizon Copyright
12 Dialogs and Transactions in SIP Caller Individual Messages CALLEE INVITE 180 Ringing Transaction OK ACK Dialog BYE 200 OK Transaction 2 Verizon Copyright
13 Method Specific Filtering This approach involves defense against specific method vulnerabilities INVITE Filter redundant INVITE messages by looking up its Transaction-ID and rejecting if its Transaction-ID already exists in State tables. Responses 100 Trying 180 Ringing 200 OK Errors ( ) Out-of-State Sequence of unexpected messages Verizon Copyright
14 Transaction Filtering For every new SIP request message received, a Transaction-ID (TXNID) is created TXNID is a 32 bit integer calculated by HASH (Top Via: BranchID, CSEQ Method Value) TXNIDs are stored in a different CAM table (from pinholes and nonces) If TXNID is duplicate, drop the packet Ideally only one SIP request message allowed per TXNID Binary switch Retransmission of same request multiple times require a finite retransmissions window 5 packets in current network set up Should be settable for more complex networks Optimization to reduce false positives If TXNID is not duplicate, then go on to next step When new subsequent status messages are received: If status message record is valid, request accepted If status message record is bogus, packet dropped Additional check rate of requests per transaction per second not to exceed a selected finite number (6), else packet dropped Verizon Copyright
15 SIP Transaction State Validation Makes an entry for first Transaction Request and logs subsequent status messages Logs all messages on per transaction basis Use of wild cards in regular expression syntax All permutations of allowed states validated in a single operation Received packet is added to status messages table for original Transaction If received status message fits valid state pattern, it is accepted Messages resulting in invalid state pattern are dropped and also removed from transaction message log e.g.: the sequence INVITE, 100, 180, 200, 180, 200 causes filter to only allow INVITE, 100, 180, 200, and 180/200 is struck out as 180 is out of state Transaction state is rolled back to the last known good state Overlays on top of other filtering mechanisms Verizon Copyright
16 SIP Transaction State Validation Request Message Response Message Response Message Response Message Response Message Transaction ID 0 1 Transaction Message Code Log INVI _100 _180 _180 _200 Regular Expression Engine Regular Expression List INVI(_100)*?(_180)*?_200{0,1}?(\x00){4} Verizon Copyright
17 Integrated DDOS and Dynamic Pinhole Filter ASM sipd Linux server FCP/UDP CAM DDOS Table DPPM SIP CAM Static Table SIP DDOS CAM Dynamic Table Inbound Lookup Switch Outbound Drop Verizon Copyright
18 Test Tools SIPp, SIPStone, and SIPUA are benchmarking tools for SIP proxy and redirect servers Establish calls using SIP in Loader/Handler mode A controller software module (securesip) wrapped over SIPp/SIPUA/SIPStone launches legitimate and illegitimate calls at a pre-configured workload SIPp Robust open-source test tool / traffic generator for SIP Customizable XML scenarios for traffic generation 5 inbuilt timers to provide accurate statistics Customized to launch SIP DoS attack traffic scenarios designed to cause proxy to fail SIPStone Continuously launches spoofed calls which the proxy is expected to filter For this project enhanced with: Null Digest Authentication Optional spoofed source IP address SIP requests SIPUA Test Suite Built-in Digest Authentication functionality Sends 160 byte RTP packets every 20ms Settable to shorter interval (10ms) if needed for granularity Starts RTP sequence numbers from zero Dumps call number, sequence number, current timestamp and port numbers to a file Verizon Copyright
19 Method-based SIP DoS Attack Scenarios Flood of Requests Flood of Responses Flood of Out-of-State Verizon Copyright
20 securesip Controller Controller Automated Web-based Control Software run on SUN (Linux) box Connects to the Pair of End Points (Loaders and Handlers) Supplies external traffic generation over Private Channel (6252) Launches attack traffic Changes type of traffic on the fly External stress on SUT SIPp in Array Form supplies traffic from 16 SUN (Linux) boxes in various configurations for SIP DoS experiments SIPUA in Array Form supplies traffic from 16 SUN (Linux) boxes for pinhole experiments Results Analyzer Gathers, analyzes and correlates results Handler/Loaders update results to database in real-time Controller analyzes results from databases and aggregates them to get the number of initiated and torn-down calls and their rates Verizon Copyright
21 Integrated Testing and Analysis Environment Legitimate Loaders SIPUA/SIPp Attack Loaders SIPStone/SIPp Call Handlers SIPUA/SIPp GigE Switch GigE Switch Controller securesip Firewall SIP Proxy Verizon Copyright
22 securesip Test Results for DoS & Pinholes SIP DoS Measurements (showing max supported call rates) Dynamic Pinhole Firewall Filters OFF Firewall Filters ON Traffic Composition Non-Auth Traffic Auth Good Traffic Auth Good Traffic + Spoof Traffic Auth Good Traffic + Flood of Requests Auth Good Traffic + Flood of Responses Auth Good Traffic + Flood of Out-of- State Good Attack CPU Good Attack CPU CPS CPS Load CPS CPS Load Concurrent Call rate Calls (CPS) Delay due to Firewall Pinhole opening ms Pinhole closing ms Verizon Copyright
23 Conclusions Research Results Demonstrated SIP vulnerabilities for VoIP resulting in new DoS susceptibility Work is fully reusable to secure a Presence infrastructure Implemented some carrier-class mitigation strategies Developed generic requirements Removed SIP DoS traffic at carrier class rates Prototype is first of its kind in the world Built a validation testbed to measure performance Developed customized test tools Built a high powered SIP-specific Dos Attack tool in a parallel computing distributed testbed Crashed a SIP Proxy in seconds Built a Theft of Service Architectural Integrity Validation Tool using parallel computing Intellectual Property Research activity resulted in six patent applications Commercialization Socialized new requirements and test tools with vendor community to address rapid field deployment Vendors generally very interested in new opportunities Licensing agreements currently under negotiation Rapid implementation is now expected Verizon Copyright
24 Thank you Thank you! Questions? Verizon Copyright 2008.
25 Next Steps - Possible New Projects Address Interception/Modification and Eavesdropping Study of SRTP and associated protocols (SDES) Comparison study of IPSec and TLS Study of SPIT prevention as a possible new service offering Filtering of unwanted phone calls Intrusion Detection Large scale call logs data analysis for DoS and ToS SIP DoS Testbed Maintenance and ongoing research New machines (200 +) Verizon Copyright
26 Backup Slides Verizon Copyright
27 Mitigation Prototype Implementation Firewall platform filters media and SIP proxy authentication attempts, and rate-limits messages based on Method specific controls Utilizes wire-speed deep packet inspection Thresholds are kept internal in the DPPM State is only kept in Firewall in CAM tables Firewall controlling proxy model for media filtering and the authentication filter Columbia's SIP Proxy sipd controls the Firewall Deep Packet Inspection Server Utilize the Firewall Control Protocol to establish/insert filters in CAM table in real time SIP UAs being authentication challenged (IP, nonce) Media ports Verizon Copyright
28 Dynamic Pinhole Filtering SIPUA User2 SIPUA User1 INVITE From: c=in IP m=audio RTP/AVP :43564 CAM Table :56432 SIP/ OK From: <sip:user1@handler> c=in IP m=audio RTP/AVP 0 Verizon Copyright
29 Pinhole Problem Definition Problem parameterized along two independent vectors Call Rate (calls/sec) Related to performance of SIP Proxy in Pentium Concurrent Calls Related to performance of table lookup in IXP 2800 Data Collected in Excel spreadsheet format {Number of concurrent calls, calls/sec, Opening delay, Closing delay, device} SIP Proxy SIP RAVE Opening delay data provided in units of 20 ms packets Closing delay data provided in units of 10 ms packets Verizon Copyright
30 Pinhole Data Results Concurrent calls Calls/Sec SIP Proxy SIP RAVE Open delay Close delay Open delay Close delay 10K K K K K K Verizon Copyright
31 Intellectual Property - Patent Applications Fine Granularity Scalability and Performance of SIP Aware Border Gateways: Methodology and Architecture for Measurements Inventors: Henning Schulzrinne, Kundan Singh, Eilon Yardeni (Columbia), Gaston Ormazabal (Verizon) Architectural Design of a High Performance SIP-aware Application Layer Gateway Inventors: Henning Schulzrinne, Jonathan Lennox, Eilon Yardeni (Columbia), Gaston Ormazabal (Verizon) Architectural Design of a High Performance SIP-aware DOS Detection and Mitigation System Inventors: Henning Schulzrinne, Eilon Yardeni, Somdutt Patnaik (Columbia), Gaston Ormazabal (Verizon) Architectural Design of a High Performance SIP-aware DOS Detection and Mitigation System - Rate Limiting Thresholds Inventors: Henning Schulzrinne, Somdutt Patnaik (Columbia), Gaston Ormazabal (Verizon) System and Method for Testing Network Firewall for Denial of Service (DoS) Detection and Prevention in Signaling Channel Inventors: Henning Schulzrinne, Eilon Yardeni, Sarvesh Nagpal (Columbia), Gaston Ormazabal (Verizon) Theft of Service Architectural Integrity Validation Tools for Session Initiation Protocol (SIP) Based Systems Inventors: Henning Schulzrinne, Sarvesh Nagpal (Columbia), Gaston Ormazabal (Verizon) Verizon Copyright
32 Publications, Presentations, Recognition Presentation at NANOG 38 Oct (HS/GO) Securing SIP: Scalable Mechanisms for Protecting SIP-Based VoIP Systems Authors: Henning Schulzrinne, Eilon Yardeni, Somdutt Patnaik (Columbia), Gaston Ormazabal (Verizon) Paper approved for publication in NANOG Proceedings Made a headline in VON Magazine on October 11, 2006: Presentation to at Global 3G Evolution Forum Tokyo, Japan, Jan (GO) Presentation at IPTComm 2007 New York City, July, 2007 (GO) Presentation at OSS/BSS Summit Tucson, AZ, September, 2007 (GO) Paper for current work submitted to IPTComm 2008 Secure SIP: A scalable prevention mechanism for DoS attacks on SIP based VoIP systems Authors: Henning Schulzrinne, Eilon Yardeni, Sarvesh Nagpal (Columbia), Gaston Ormazabal (Verizon) Work incorporated in a new Masters level course on VoIP Security taught at Columbia in Fall 2006 COMS : Special Topics in Computer : VoIP Security (HS) CATT Technological Impact Award Verizon Copyright
33 VoIP Threat Taxonomy Scope of our research Scope of our research *- VoIP Security and Privacy Threat Taxonomy, VoIP Security Alliance Report, October, 2005 ( Verizon Copyright
34 SIP Digest Authentication User Agent Client (UAC) INVITE Proxy Server Compute response = F(nonce, username, password, realm) 407 Proxy Authentication Required (nonce, realm..) ACK Generate the nonce value nonce a uniquely generated string used for one challenge only and has a life time of 60 seconds INVITE (nonce, response ) Authentication: compute F(nonce, username, password, realm) and compare with response Verizon Copyright
35 Dialog Filtering Filtering based on Dialog parameters Broader brushstroke than Transaction level Only useful with floods of CANCEL or BYE requests Identify a BYE message by its Dialog-ID Maintain a database of INVITE sources (Contacts) Verify and accept a BYE message only from legitimate source addresses Reject it if it is not a part of an existing dialog Verizon Copyright
36 Value to Verizon Enhanced VoIP security via standards and vendor involvement Columbia requirements valid for VoIP, Presence and Multimedia architectures Rolled the requirements and lessons learned into the Verizon security architecture and new element requirements database for procurement Working with Verizon vendors to mitigate exposures Setup one-of-its-kind laboratory facilities for VoIP security evaluations and product development At Columbia, prototype rapid development incubator At Verizon, Columbia/Verizon collaborative test tools set up for a more realistic complex IP-routed laboratory environment Intellectual Property with Six Patent Applications Taken research quickly into marketplace with rapid commercialization Licensing Agreement with equipment manufacturers Several vendors interested Exclusive vs. Non-exclusive Verizon Intellectual Property contact: Gwen Thaxter (gwen.thaxter@verizon.com, ) Verizon Copyright
37 Verizon Business Impact SIP DoS work Global Network Engineering & Planning Organization Support Technology organization to define new security architecture for VoIP Services Network & Information Security Organization Better Security Reviews of Advantage VoIP Service Global Customer Service & Provisioning Organization Sales Engineering Premier Accounts Team Briefing SIP ToS work Office of Chief Financial Officer Credit&Collections Verizon Copyright
38 Recommended Next Steps for Verizon Conversion of research into a product that Verizon can use Need to determine optimal architectural placement of DoS prevention functionality for VoIP and Presence Security Security vs. Performance Hardware vs. Software Implementation Proxy/Softswitch (SW) SBC or New network element (HW/SW), Router? Use internally (protect VZ Network) Use externally (sell new security services to large customers) Continue relationship with Columbia Research in related areas Proposal to study SRTP Maintain the testbeds for further research and to assist in product development during product testing cycle Feedback loop of research and product cycle Get other companies interested to synergize resources and share results What can we see doing to make the working relationship even more productive? Verizon Copyright
39 SIP Session Analysis SIP sessions/calls can be broken down to 4 levels of granularity A call contains one or more Dialogs A Dialog contains one or more Transactions Request/response Typically 2 in case of an INVITE-200 OK & BYE-OK type of session Transactions are of two types Client INVITE Transactions Non-INVITE Transactions Server INVITE Transactions Non-INVITE Transactions Verizon Copyright
40 securesip Control Architecture Verizon Copyright
41 Strategy Focus VULNERABILITY : Most security problems are due to: flexible grammar syntax-based attacks Plain text interception and modification SIP over UDP ability to spoof SIP requests Registration/Call Hijacking Modification of Media sessions SIP Method vulnerabilities Session teardown Request flooding Error Message flooding RTP flooding Flooding Application Level STRATEGY: Two DoS detection and mitigation filters and ToS tools SIP: Two types of rule-based detection and mitigation filters Media: SIP-aware dynamic pinhole filtering Verizon Copyright
42 Return-Routability Routability Implementation Fails Untrusted Trusted SIP UA INVITE X DPPM NPU 407 INVITE Add Needs Filter Auth ( , nonce ) sipd IP Needs Auth CAM RAM ( , nonce="6ydardp51p8ef9h4iihmuc7ifde=" ) Verizon Copyright
43 SIP Message Relationships CAM database has very low latency lookups Aged lookup tables implemented to track dialog and transaction relationships Message lookup tables Dialog-ID Table Transaction-ID Table Messages Identified by Type and Code Type: Request or Response Code: Request Method or Response Status Code Dialog ID Transaction ID Verizon Copyright
44 Validation Strategy Methodology for Anti Spoofing Use the SIPp and SIPStone testing tools in a distributed environment to generate legitimate and attack SIP traffic respectively Generate both legitimate and spoofed source address requests Measure the following calls/sec throughput values: Legitimate requests, without authentication (C apacity ) Legitimate requests, with authentication (N ormal ) Legitimate (N ormal ) and spoofed requests (SA ttacknof ), without filters Legitimate (N ormal ) and spoofed requests (SA ttackf ), with filters (D efense ) Identify the impact of spoofed addresses floods on the calls/sec rate of legitimate requests Expect to see SA ttackf << SA ttacknof, and ideally, D = N Calculate False Positive and False Negative rates from measurements: FP= (N ormal - D efense )/N ormal FN= SA ttackf / SA ttacknof Verizon Copyright
45 Validation Strategy Methodology for Rate Limiting Use the SIPp and SIPStone testing tools in a distributed environment to generate legitimate and attack SIP traffic respectively Generate both legitimate and spoofed source address requests Measure the following calls/sec throughput values: Legitimate requests, without authentication (C apacity ) Legitimate requests, with authentication (N ormal ) Legitimate (N ormal ) and Method requests/response/oos (MA ttacknof ), without filters Legitimate (N ormal ) and Method requests/response/oos (MA ttackf ), with filters (D efense ) Identify the impact of spoofed addresses floods on the calls/sec rate of legitimate requests Expect to see MA ttackf << MA ttacknof, and ideally, D = N Calculate False Positive and False Negative rates from measurements: FP= (N ormal - D efense )/N ormal FN= MA ttackf / MA ttacknof Verizon Copyright
46 Firewall Components Static Filtering Filtering of pre-defined ports (e.g., SIP, ssh, 6252) Dynamic Filtering Filtering of dynamically opened RTP ports Filtering of nonce and method redundancy Switching Layer Perform switching between the input ports Firewall Control Module Intercept SIP call setup messages Get nonce from 407 Need Auth Get RTP ports from the SDP Maintain call state Firewall Control Protocol The way the Firewall Control Module talks with the firewall Push filter for SIP UA authentication challenge (with nonce) and media ports Push dynamic table updates to the data plane May be used by multiple SIP Proxies that control one or more firewalls Firewall Data Plane Execution Part of SIP-proxy Executed in the Linux Control Plane Verizon Copyright
47 The Bigger Picture - Columbia VoIP Testbed Columbia VoIP test bed is collection of various open-source, commercial and home-grown SIP components provides a unique platform for validating research Columbia-Verizon Research partnership has addressed major security problems signalling, media and social threats Researched DoS solutions verified against powerful test setup at very high traffic rates ToS successfully validated integrity of different setups of test bed Verizon Copyright
Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems
Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems Henning Schulzrinne Eilon Yardeni Somdutt Patnaik Columbia University CS Department Gaston Ormazabal Verizon
More informationVerizon Columbia Research on VoIP Security A Model Academia/Industry Collaboration. Gaston Ormazabal. Verizon Laboratories.
Verizon 2009 All Rights Reserved. 1 Verizon Columbia Research on VoIP Security A Model Academia/Industry Collaboration Gaston Ormazabal Verizon Laboratories May 13, 2009 June 16, 2009 Verizon 2009 All
More informationLarge Scale SIP-aware Application Layer Firewall
1 Large Scale SIP-aware Application Layer Firewall Eilon Yardeni and Henning Schulzrinne, Department of Computer Science, Columbia University Gaston Ormazabal, Verizon Labs Abstract Placing voice traffic
More informationSecure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems
Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems Gaston Ormazabal 1, Sarvesh Nagpal 2, Eilon Yardeni 2, and Henning Schulzrinne 2 1 Verizon Laboratories gaston.s.ormazabal@verizon.com
More informationPerformance Measurement Tools for SIP Server. Samit Jain Columbia University, New York sj2195@cs.columbia.edu
Performance Measurement Tools for SIP Server Samit Jain Columbia University, New York sj2195@cs.columbia.edu TABLE OF CONTENTS 1. ABSTRACT.. 3 2. INTRODUCTION..4 3. PERFORMANCE ISSUES..6 4. ARCHITECTURE..10
More informationHow To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib
NetVanta Unified Communications Technical Note The Purpose of a SIP-Aware Firewall/ALG Introduction This technical note will explore the purpose of a Session Initiation Protocol (SIP)-aware firewall/application
More informationVoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009
VoIP some threats, security attacks and security mechanisms Lars Strand RiskNet Open Workshop Oslo, 24. June 2009 "It's appalling how much worse VoIP is compared to the PSTN. If these problems aren't fixed,
More informationBasic Vulnerability Issues for SIP Security
Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future
More informationVoice over IP (SIP) Milan Milinković milez@sbox.tugraz.at 30.03.2007.
Voice over IP (SIP) Milan Milinković milez@sbox.tugraz.at 30.03.2007. Intoduction (1990s) a need for standard protocol which define how computers should connect to one another so they can share media and
More informationSIP Essentials Training
SIP Essentials Training 5 Day Course Lecture & Labs COURSE DESCRIPTION Learn Session Initiation Protocol and important protocols related to SIP implementations. Thoroughly study the SIP protocol through
More informationHow to make free phone calls and influence people by the grugq
VoIPhreaking How to make free phone calls and influence people by the grugq Agenda Introduction VoIP Overview Security Conclusion Voice over IP (VoIP) Good News Other News Cheap phone calls Explosive growth
More informationNTP VoIP Platform: A SIP VoIP Platform and Its Services
NTP VoIP Platform: A SIP VoIP Platform and Its Services Speaker: Dr. Chai-Hien Gan National Chiao Tung University, Taiwan Email: chgan@csie.nctu.edu.tw Date: 2006/05/02 1 Outline Introduction NTP VoIP
More informationVoice over IP & Other Multimedia Protocols. SIP: Session Initiation Protocol. IETF service vision. Advanced Networking
Advanced Networking Voice over IP & Other Multimedia Protocols Renato Lo Cigno SIP: Session Initiation Protocol Defined by IETF RFC 2543 (first release march 1999) many other RFCs... see IETF site and
More informationMedia Gateway Controller RTP
1 Softswitch Architecture Interdomain protocols Application Server Media Gateway Controller SIP, Parlay, Jain Application specific Application Server Media Gateway Controller Signaling Gateway Sigtran
More informationVoice Over IP (VoIP) Denial of Service (DoS)
Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based
More informationAn outline of the security threats that face SIP based VoIP and other real-time applications
A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications
More informationSecurity of VoIP. Analysis, Testing and Mitigation of SIP-based DDoS attacks on VoIP Networks
Security of VoIP Analysis, Testing and Mitigation of SIP-based DDoS attacks on VoIP Networks A thesis submitted in partial fulfilment of the requirements for the Degree of Master of Science in Computer
More informationA Novel Approach for Evaluating and Detecting Low Rate SIP Flooding Attack
A Novel Approach for Evaluating and Detecting Low Rate SIP Flooding Attack Abhishek Kumar Department of Computer Science and Engineering-Information Security NITK Surathkal-575025, India Dr. P. Santhi
More informationTransparent weaknesses in VoIP
Transparent weaknesses in VoIP Peter Thermos peter.thermos@palindrometech.com 2007 Palindrome Technologies, All Rights Reserved 1 of 56 Speaker Background Consulting Government and commercial organizations,
More informationAGILE SIP TRUNK IP-PBX Connection Manual (Asterisk)
AGILE SIP TRUNK IP-PBX Connection Manual (Asterisk) 1. Login to CID (Customer ID) Login https://manager.agile.ne.jp/login.php USERNAME Password 2. Go to SIP List of SIP TRUNK SIP SIP List Buy SIP Trunk
More informationDenial of Services on SIP VoIP infrastructures
Denial of Services on SIP VoIP infrastructures Ge Zhang Karlstad University ge.zhang@kau.se 1 Outline Background Denial of Service attack using DNS Conclusion 2 VoIP What is VoIP? What is its advantage?
More informationSIP Trunking & Peering Operation Guide
SIP Trunking & Peering Operation Guide For Samsung OfficeServ May 07, 2008 doc v2.1.0 Sungwoo Lee Senior Engineer sungwoo1769.lee@samsung.com OfficeServ Network Lab. Telecommunication Systems Division
More informationRam Dantu. VOIP: Are We Secured?
Ram Dantu Professor, Computer Science and Engineering Director, Center for Information and Computer Security University of North Texas rdantu@unt.edu www.cse.unt.edu/~rdantu VOIP: Are We Secured? 04/09/2012
More informationVoIP Security. Threats and Countermeasures. Eric Chen NTT Information Sharing Platform Laboratories & VOIPSA Technical Board of Advisors
VoIP Security Threats and Countermeasures Eric Chen NTT Information Sharing Platform Laboratories & VOIPSA Technical Board of Advisors Agenda Increasing awareness of VoIP security Top VoIP security threats
More informationSonus Networks engaged Miercom to evaluate the call handling
Lab Testing Summary Report September 2010 Report 100914 Key findings and conclusions: NBS5200 successfully registered 256,000 user authenticated Total IADs in 16 minutes at a rate of 550 registrations
More informationAV@ANZA Formación en Tecnologías Avanzadas
SISTEMAS DE SEÑALIZACION SIP I & II (@-SIP1&2) Contenido 1. Why SIP? Gain an understanding of why SIP is a valuable protocol despite competing technologies like ISDN, SS7, H.323, MEGACO, SGCP, MGCP, and
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationMultimedia Communication in the Internet. SIP Security Threads. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS 1
Multimedia Communication in the Internet SIP Security Threads Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS 1 Denial of Service Prevent service availability Software vulnerabilities
More informationSIP Basics. CSG VoIP Workshop. Dennis Baron January 5, 2005. Dennis Baron, January 5, 2005 Page 1. np119
SIP Basics CSG VoIP Workshop Dennis Baron January 5, 2005 Page 1 Outline What is SIP SIP system components SIP messages and responses SIP call flows SDP basics/codecs SIP standards Questions and answers
More informationA Lightweight Countermeasure to Cope with Flooding Attacks Against Session Initiation Protocol
A Lightweight Countermeasure to Cope with Flooding Attacks Against Session Initiation Protocol Intesab Hussain, Soufiene Djahel, Dimitris Geneiatakis ±, and Farid Naït-Abdesselam LIPADE, University of
More informationSession Initiation Protocol (SIP) The Emerging System in IP Telephony
Session Initiation Protocol (SIP) The Emerging System in IP Telephony Introduction Session Initiation Protocol (SIP) is an application layer control protocol that can establish, modify and terminate multimedia
More informationMultimedia & Protocols in the Internet - Introduction to SIP
Information and Communication Networks Multimedia & Protocols in the Internet - Introduction to Siemens AG 2004 Bernard Hammer Siemens AG, München Presentation Outline Basics architecture Syntax Call flows
More informationEvaluating DoS Attacks Against SIP-Based VoIP Systems
Evaluating DoS Attacks Against SIP-Based VoIP Systems M. Zubair Rafique, M. Ali Akbar and Muddassar Farooq Next Generation Intelligent Networks Research Center (nexgin RC) FAST National University of Computer
More informationProtect Yourself Against VoIP Hacking. Mark D. Collier Chief Technology Officer SecureLogix Corporation
Protect Yourself Against VoIP Hacking Mark D. Collier Chief Technology Officer SecureLogix Corporation What Will Be Covered How to assess the security of your IPT network: In house/external and ground
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationSIP Session Initiation Protocol
SIP Session Initiation Protocol Laurent Réveillère Enseirb Département Télécommunications reveillere@enseirb.fr Session Initiation Protocol Raisin 2007 Overview This is a funny movie! I bet Laura would
More informationPart II. Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., National Taiwan University
Session Initiation Protocol oco (SIP) Part II Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., National Taiwan University Email: acpang@csie.ntu.edu.tw
More informationOfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide
OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server Quick Start Guide October 2013 Copyright and Legal Notice. All rights reserved. No part of this document may be
More informationSIP Server Implementation and Performance on a Bare PC
82 SIP Server Implementation and Performance on a Bare PC A. Alexander, R. Yasinovskyy, A. L. Wijesinha, and R. Karne Department of Computer & Information Sciences Towson University Towson, MD 21252 USA
More information1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationSIP OVER NAT. Pavel Segeč. University of Žilina, Faculty of Management Science and Informatics, Slovak Republic e-mail: Pavel.Segec@fri.uniza.
SIP OVER NAT Pavel Segeč University of Žilina, Faculty of Management Science and Informatics, Slovak Republic e-mail: Pavel.Segec@fri.uniza.sk Abstract Session Initiation Protocol is one of key IP communication
More informationTechnical Communication 1201 Norphonic emergency rugged telephone on Alcatel-Lucent OmniPCX Enterprise
Technical Communication 1201 Norphonic emergency rugged telephone on Alcatel-Lucent OmniPCX Enterprise This document describes configuration procedure for your Alcatel-Lucent OmniPCX Enterprise PBX in
More informationSession Initiation Protocol (SIP) 陳 懷 恩 博 士 助 理 教 授 兼 計 算 機 中 心 資 訊 網 路 組 組 長 國 立 宜 蘭 大 學 資 工 系 Email: wechen@niu.edu.tw TEL: 03-9357400 # 340
Session Initiation Protocol (SIP) 陳 懷 恩 博 士 助 理 教 授 兼 計 算 機 中 心 資 訊 網 路 組 組 長 國 立 宜 蘭 大 學 資 工 系 Email: wechen@niu.edu.tw TEL: 03-9357400 # 340 Outline Session Initiation Protocol SIP Extensions SIP Operation
More informationARCHITECTURES TO SUPPORT PSTN SIP VOIP INTERCONNECTION
ARCHITECTURES TO SUPPORT PSTN SIP VOIP INTERCONNECTION 10 April 2009 Gömbös Attila, Horváth Géza About SIP-to-PSTN connectivity 2 Providing a voice over IP solution that will scale to PSTN call volumes,
More informationPrevention of Anomalous SIP Messages
International Journal of Future Computer and Communication, Vol., No., October 03 Prevention of Anomalous SIP Messages Ming-Yang Su and Chung-Chun Chen Abstract Voice over internet protocol (VoIP) communication
More informationSIP Security in IP Telephony
SIP Security in IP Telephony Muhammad Yeasir Arafat and M. Abdus Sobhan School of Engineering and Computer Science Independent University, Bangladesh E-mail: sobhan30@gmail.com Abstract Today the session
More informationAnat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology
Unregister Attack in SIP Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology Unregister Attack We present a new VoIP Denial Of
More informationSIP ALG - Session Initiated Protocol Applications- Level Gateway
SIP ALG is a parameter that is generally enabled on most commercial router because it helps to resolve NAT related problems. However, this parameter can be very harmful and can actually stop SIP Trunks
More informationBest Practices for Securing IP Telephony
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
More informationLoad Testing 2U Rockbochs System
Load Testing 2U Rockbochs System The purpose of this paper is to discuss the results of load testing the 2U system from Rockbochs. The system in question had the following hardware: Intel Celeron Processor
More informationSession Initiation Protocol (SIP)
SIP: Session Initiation Protocol Corso di Applicazioni Telematiche A.A. 2006-07 Lezione n.7 Ing. Salvatore D Antonio Università degli Studi di Napoli Federico II Facoltà di Ingegneria Session Initiation
More informationConfiguring SIP Support for SRTP
Configuring SIP Support for SRTP This chapter contains information about the SIP Support for SRTP feature. The Secure Real-Time Transfer protocol (SRTP) is an extension of the Real-Time Protocol (RTP)
More informationSIP: Protocol Overview
SIP: Protocol Overview NOTICE 2001 RADVISION Ltd. All intellectual property rights in this publication are owned by RADVISION Ltd. and are protected by United States copyright laws, other applicable copyright
More informationRadius/LDAP authentication in open-source IP PBX
Radius/LDAP authentication in open-source IP PBX Ivan Capan, Marko Skomeršić Protenus d.o.o. Telecommunications & networking department Zrinskih i Frankopana 23, Varaždin, 42000, Croatia ivan.capan@protenus.com,
More informationVoice over IP Security
Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationThe use of IP networks, namely the LAN and WAN, to carry voice. Voice was originally carried over circuit switched networks
Voice over IP Introduction VoIP Voice over IP The use of IP networks, namely the LAN and WAN, to carry voice Voice was originally carried over circuit switched networks PSTN (Public Switch Telephone Network)
More informationSession Initiation Protocol (SIP) Vulnerabilities. Mark D. Collier Chief Technology Officer SecureLogix Corporation
Session Initiation Protocol (SIP) Vulnerabilities Mark D. Collier Chief Technology Officer SecureLogix Corporation What Will Be Covered Introduction to SIP General SIP security SIP vulnerabilities and
More informationSession Initiation Protocol
TECHNICAL OVERVIEW Session Initiation Protocol Author: James Wright, MSc This paper is a technical overview of the Session Initiation Protocol and is designed for IT professionals, managers, and architects
More informationSession Border Controller
CHAPTER 13 This chapter describes the level of support that Cisco ANA provides for (SBC), as follows: Technology Description, page 13-1 Information Model Objects (IMOs), page 13-2 Vendor-Specific Inventory
More informationKnut Omang Ifi/Oracle 16 Nov, 2015
RT protocols and Firewall/NAT - SIP FW/NAT support in the Linux kernel Knut Omang Ifi/Oracle 16 Nov, 2015 32 Overview Quick overview of some protocols in use for real-time multimedia SIP/SDP Other protocols
More informationSIP: Session Initiation Protocol. Copyright 2005 2008 by Elliot Eichen. All rights reserved.
SIP: Session Initiation Protocol Signaling Protocol Review H323: ITU peer:peer protocol. ISDN (Q.931) signaling stuffed into packets. Can be TCP or UDP. H225: Q931 for call control, RAS to resolve endpoints
More informationHacking Trust Relationships of SIP Gateways
Hacking Trust Relationships of SIP Gateways Author : Fatih Özavcı Homepage : gamasec.net/fozavci SIP Project Page : github.com/fozavci/gamasec-sipmodules Version : 0.9 Hacking Trust Relationship Between
More informationThree-Way Calling using the Conferencing-URI
Three-Way Calling using the Conferencing-URI Introduction With the deployment of VoIP users expect to have the same functionality and features that are available with a landline phone service. This document
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationInternet Services & Protocols Multimedia Applications, Voice over IP
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Multimedia Applications, Voice over IP Dipl.-Inform. Stephan Groß Room: GRU314
More informationMan-in-the-Middle Attack on T-Mobile Wi-Fi Calling
Man-in-the-Middle Attack on T-Mobile Wi-Fi Calling Jethro Beekman Christopher Thompson Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2013-18
More informationUser authentication in SIP
User authentication in SIP Pauli Vesterinen Helsinki University of Technology pjvester@cc.hut.fi Abstract Today Voice over Internet Protocol (VoIP) is used in large scale to deliver voice and multimedia
More informationNTP VoIP Platform: A SIP VoIP Platform and Its Services 1
NTP VoIP Platform: A SIP VoIP Platform and Its Services 1 Whai-En Chen, Chai-Hien Gan and Yi-Bing Lin Department of Computer Science National Chiao Tung University 1001 Ta Hsueh Road, Hsinchu, Taiwan,
More informationSIP Introduction. Jan Janak
SIP Introduction Jan Janak SIP Introduction by Jan Janak Copyright 2003 FhG FOKUS A brief overview of SIP describing all important aspects of the Session Initiation Protocol. Table of Contents 1. SIP Introduction...
More informationVoIP Fundamentals. SIP In Depth
VoIP Fundamentals SIP In Depth 9 Rationale SIP dominant intercarrier and carrier-to-customer protocol Good understanding of its basic operation can help rapidly resolve problems. 10 VoIP Call Control &
More informationVOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationETM System SIP Trunk Support Technical Discussion
ETM System SIP Trunk Support Technical Discussion Release 6.0 A product brief from SecureLogix Corporation Rev C SIP Trunk Support in the ETM System v6.0 Introduction Today s voice networks are rife with
More informationNAT TCP SIP ALG Support
The feature allows embedded messages of the Session Initiation Protocol (SIP) passing through a device that is configured with Network Address Translation (NAT) to be translated and encoded back to the
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationTECHNICAL SUPPORT NOTE. 3-Way Call Conferencing with Broadsoft - TA900 Series
Page 1 of 6 TECHNICAL SUPPORT NOTE 3-Way Call Conferencing with Broadsoft - TA900 Series Introduction Three way calls are defined as having one active call and having the ability to add a third party into
More informationMultimedia Communication in the Internet. SIP: Advanced Topics. Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS
Multimedia Communication in the Internet SIP: Advanced Topics Dorgham Sisalem, Sven Ehlert Mobile Integrated Services FhG FOKUS SIP and NAT NAT Concept NAT = Network Address Translation Share one IP address
More informationMobicents 2.0 The Open Source Communication Platform. DERUELLE Jean JBoss, by Red Hat 138
Mobicents 2.0 The Open Source Communication Platform DERUELLE Jean JBoss, by Red Hat 138 AGENDA > VoIP Introduction > VoIP Basics > Mobicents 2.0 Overview SIP Servlets Server JAIN SLEE Server Media Server
More informationA Model-based Methodology for Developing Secure VoIP Systems
A Model-based Methodology for Developing Secure VoIP Systems Juan C Pelaez, Ph. D. November 24, 200 VoIP overview What is VoIP? Why use VoIP? Strong effect on global communications VoIP will replace PSTN
More informationSIP Security. ENUM-Tag am 28. September in Frankfurt. Prof. Dr. Andreas Steffen. Agenda. andreas.steffen@zhwin.ch
ENUM-Tag am 28. September in Frankfurt SIP Security Prof. Dr. Andreas Steffen andreas.steffen@zhwin.ch Andreas Steffen, 28.09.2004, ENUM_SIP.ppt 1 Agenda SIP The Session Initiation Protocol Securing the
More informationDeveloping Higher Density Solutions with Dialogic Host Media Processing Software
Telecom Dialogic HMP Media Server Developing Higher Density Solutions with Dialogic Host Media Processing Software A Strategy for Load Balancing and Fault Handling Developing Higher Density Solutions with
More informationDetecting Spam in VoIP Networks. Ram Dantu Prakash Kolan
Detecting Spam in VoIP Networks Ram Dantu Prakash Kolan More Multimedia Features Cost Why use VOIP? support for video-conferencing and video-phones Easier integration of voice with applications and databases
More informationInternet Services & Protocols Multimedia Applications, Voice over IP
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Multimedia Applications, Voice over IP Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail:
More informationChapter 2 PSTN and VoIP Services Context
Chapter 2 PSTN and VoIP Services Context 2.1 SS7 and PSTN Services Context 2.1.1 PSTN Architecture During the 1990s, the telecommunication industries provided various PSTN services to the subscribers using
More informationSIP Trunk 2 IP-PBX User Guide Asterisk. Ver1.0.0 2015/08/01 Ver1.0.3 2015/09/17 Ver1.0.4 2015/10/07 Ver1.0.5 2015/10/15 Ver1.0.
SIP Trunk 2 IP-PBX User Guide Asterisk Ver1.0.0 2015/08/01 Ver1.0.3 2015/09/17 Ver1.0.4 2015/10/07 Ver1.0.5 2015/10/15 Ver1.0.6 2015/10/23 Index 1. SIP Trunk 2 Overview 3 2. Purchase/Settings in Web Portal
More informationDoS/DDoS Attacks and Protection on VoIP/UC
DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements
More informationIP-Telephony SIP & MEGACO
IP-Telephony SIP & MEGACO Bernard Hammer Siemens AG, Munich Siemens AG 2001 1 Presentation Outline Session Initiation Protocol Introduction Examples Media Gateway Decomposition Protocol 2 IETF Standard
More informationHow To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack
DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page
More informationEnabling Security Features in Firmware DGW v2.0 June 22, 2011
Enabling Security Features in Firmware DGW v2.0 June 22, 2011 Proprietary 2011 Media5 Corporation Table of Contents Scope... 3 Acronyms and Definitions... 3 Setup Description... 3 Basics of Security Exchanges...
More informationWHITE PAPER. Testing Voice over IP (VolP) Networks
WHITE PAPER Testing Voice over IP (VolP) Networks www.ixiacom.com P/N 915-1767-01 Rev B January 2014 2 Table of Contents VoIP Voice over IP... 4 VoIP Benefits... 4 VoIP Challenges... 4 Network requirements
More informationVoice Over IP and Firewalls
Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more
More information3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW
3.1 SESSION INITIATION PROTOCOL (SIP) OVERVIEW SIP is an application layer protocol that is used for establishing, modifying and terminating multimedia sessions in an Internet Protocol (IP) network. SIP
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationGrandstream Networks, Inc. UCM6100 Security Manual
Grandstream Networks, Inc. UCM6100 Security Manual Index Table of Contents OVERVIEW... 3 WEB UI ACCESS... 4 UCM6100 HTTP SERVER ACCESS... 4 PROTOCOL TYPE... 4 USER LOGIN... 4 LOGIN TIMEOUT... 5 TWO-LEVEL
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationApplication Notes for Configuring SIP Trunking between McLeodUSA SIP Trunking Solution and an Avaya IP Office Telephony Solution 1.
Avaya Solution & Interoperability Test Lab Application Notes for Configuring SIP Trunking between McLeodUSA SIP Trunking Solution and an Avaya IP Office Telephony Solution 1.0 Abstract These Application
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More information