1 VOIP security Presented by Mokkarala Ravi Kiran. Shenoy Aashish. Ved Ritu.
2 Introduction to VOIP VoIP was originally developed to provide voice communication between computer users in different locations. VoIP is a set of software, hardware and standards designed to make it possible to transmit voice over packet switched networks, either an internal Local Area Network, or across the Internet.
3 Advantages & Disadvantages of VOIP ADVANTAGES : Cost Effective. Integration with other services. Ex : Allowing web access with telephone features through a single PC or terminal PC to PC phone calls. Makes use of packet switching. Easy to upgrade. Bandwidth efficient. Benefit of providing telephone service to areas of low telephone coverage. Easy installation as compared to normal telephone systems. DISADVANTAGES: Startup cost. Security lapses. VoIP only works if the PC is switched on and the VoIP software is running. Poor sound quality and reliability generated by VoIP. If your internet connection goes off, you can t have you VOIP working. Needs Electric Power. Limited Emergency Calls.
4 Application of VoIP Skype. Gizmo. Yahoo messenger. AIM Voice Buster. jajah. oovoo. wengophone. SightSpeed. PhoneGnome. Zfone.
5 VOIP Risks, Threats & Vulnerability. Confidentiality & Privacy : Switch Default Password Vulnerability Classical Wiretrap Vulnerability. Web server Interfaces. IP Phone Netmask Vulnerability. Extension to IP address mapping vulnerability. Integrity Uses : Intrusion. Insecure state. DHCP server insertion attack. TFTP server insertion attack. Availability and Denial of Service : CPU Resource Consumption Attack without any account information. Exploitable Software Flaws. Default Password Vulnerability. Account Lockout Vulnerability.
6 VOIP Data Handling
7 QOS issues related to VOIP Latency. Jitter. Packet Loss Bandwidth and Effective Bandwidth. Need for Speed. Power failure and Backup Systems. Quality of service Implications for Security
9 H.323 Security,Encryption Security Issues: Firewalls. NAT. & Performance Issues. Encryption and Performance Issue: Delay in VoIP system by addition of codec. Increase in processing time due to encryption. Significant delay introduced by computing HMAC hash values for authentication.
10 Firewalls, NAT and Call Establishment
11 Firewalls, NAT and Call Establishment 1. Firewalls and NAT - Formidable challenge to VOIP implementers. 2. Much of the standards work for SIP in the IETF 3. SIP, H.323 ans H.248 / MEGACO al have similar problems with Firewalls and NATs 4. IPV6 will not alleviate the need for Firewalls or NATs.
12 Firewalls, NAT and Call Establishment 1. Firewalls 2. Network Address translations 3. Voip Issues with respect to Firewalls and NATs. 4. Call Setup Considerations with NATs and Firewalls. 5. Mechanism to solve the NAT Problem
13 Firewalls, NAT and Call Establishment Firewalls 1. Firewall is usually the first line of defense against attackers. Traffic not meeting the requirements is dropped. Processing of traffic is determined by a set of rules specified by the Network Administrator. Provides a central location for deploying Security Policies no traffic can enter or exit the LAN without passing through it.
14 Firewalls, NAT and Call Establishment Advantage for VOIP: Firewalls Takes and enormous burden off the VOIP infrastructure. Security management is consolidated at the Firewalls instead of end points. Price to Pay : Complicates Aspects of VOIP like: o Dynamic port trafficking, o Call set up Procedures.
15 Firewalls, NAT and Call Establishment Firewalls Packet Filtering: <S IP S Port D IP D Port Protocol> Types of Firewalls: Stateless : No memory of traffic that occurred. Stateful: Remembers previous traffic and investigates the application data in a packet. Can handle traffic that may not be destined to a static port
16 Firewalls, NAT and Call Establishment Voip Specific Firewall Needs: Firewalls Added responsibility of brokering the data flow between the voice and data segments of the network. All voice traffic to and from these devices would have to be explicitly allowed if no firewalls were present because RTP makes use of dynamic UDP ports making the device vulnerable for a UDP DOS attack. Hence place these devices behind a stateful firewall to broker VOIP media traffic. Physical segmentation is not practical because of the capability of VOIP to have Voice and Data on the same Physical Network.
17 Firewalls, NAT and Call Establishment Network Address Translation Maps internal network addresses to external IP addresses. Contributes indirectly towards the security for a LAN, Making internal IP addresses less accessible for public Internet. NAT Routers are generally more secure than a PC directly connected to the Internet. o reduced chance of Open ports, Malicious programs, etc.
18 Firewalls, NAT and Call Establishment Full Cone NAT: Types of Network Address Translation same inertnal IP & PORT <==> same External IP & PORT any external host can communicate to the internal host by sending a packet to the mapped external ip. Restricted Cone NAT: same inertnal IP & PORT <==> same External IP & PORT unlike full cone, External host with IP address X can send packet to an internal host only if the internal host had previously sent a packet to IP address x.
19 Firewalls, NAT and Call Establishment Types of Network Address Translation ort Restricted Cone: same inertnal IP & PORT <==> same External IP & PORT imilar to Restricted Cone NAT but, External host with IP address X and ort number P can send a packet to an internal host only if the internal ost had previously sent a packet to IP address X and Port number P. ymmetric NAT: [(same inertnal IP & PORT) (Specific Destination IP & Port) ]<==> same External IP & PORT nly the external host that receives the packet can communicate to the nternal host.
20 Firewalls, NAT and Call Establishment IP Telephones Behind NAT and Firewall
21 Firewalls, NAT and Call Establishment Firewall, NATs and VOIP Issues FIREWALL: o RTP Traffic is dynamically assigned an even port number in the range ofudp ports ( ,534). o Thus Stateful Firewalls are used that can process H.323 and SIP. NAT: o The standard NAT practice of assigning new port numbers at random breaks the pair relationship between RTP and RTCP Port numbers. o Problem is exacerbated if both parties are behind NATs.
22 Firewalls, NAT and Call Establishment Firewall, NATs and VOIP Issues Incoming Calls: Careful Administration and rule definitions should be used at the firewalls when allowing incoming connections. Solutions: Application Level Gateways Firewall Control Proxies NATs create even more difficulties for incoming calls. as the external host must know the mapped External IP and Port at the NAT of the Internal Host.
23 Firewalls, NAT and Call Establishment Firewall, NATs and VOIP Issues Effect on QOS: VOIP is very sensitive to latency. QOS / VOIP Aware Firewalls are designed to avoid performance problems. Issue: Not only how fast the firewall can interact with the network traffic, but also how fast itz processor can handle VOIP Packets. Firewall has to open the packets for filtering them NAT has to fill in new data into these packets and send them across.
24 Firewalls, NAT and Call Establishment Call Setup Considerations with NATs and Firewalls Factors that influence the setup time of a VOIP call: At the Network Level: o Include the topology of the network o Location of both endpoints o Presence of NAT and Firewalls At the Application Level: o The degree or lack of Authentication and other data security measures. o Choice of protocol used to set up the call.
25 Firewalls, NAT and Call Establishment Call Setup Considerations with NATs and Firewalls 1. Application Level Gateways (ALG) ALGs is an embedded software on a Firewall or NAT. Allows for dynamic configuration based on application specific information. o A firewall with VOIP ALG can parse and understand H.323 or SIP and dynamically open and close the necessary ports. o When NAT is employed, the ALG needs to open up the VOIP packets and reconfigure the header information to correspond to the correct IP and Port addresses. Currently, ALG is the simplest and safest workaround to allow the coexistence of VOIP, Firewall and NAT.
26 Firewalls, NAT and Call Establishment Call Setup Considerations with NATs and Firewalls 1. Application Level Gateways (ALG) Significant performance and Fiscal costs associated with the implementation of an ALG. o The manipulation of VOIP packets introduces latency into the system. o Can slow down the throughput of the firewall o Contributes to general network congestion. o A firewall with ALG support will need to be upgraded each time the standards for VOIP change. o The additional Application Intelligence can introduce instabilities into the firewall itself.
27 Firewalls, NAT and Call Establishment Call Setup Considerations with NATs and Firewalls 2. Middlebox Solutions: Drawback of ALG - Embedded in the Firewall itself. Middlebox-style implies, placing an extra devic outside the firewall that performs many of the functions associated with an ALG.
28 Firewalls, NAT and Call Establishment Call Setup Considerations with NATs and Firewalls 2. Middlebox Solutions: The Midcom Protocol has not been finalized yet by the IETF. Advantages: Abstracting Stateful inspection and manipulation of signaling packets from the NATs and Firewalls will improve scalability and reduce cost of updating the network. Performance improvement. Disadvantages: The Middlebox requires protection from attackers. A second firewall must be placed outside to protect the device
29 Firewalls, NAT and Call Establishment Call Setup Considerations with NATs and Firewalls 3. Session Border Controllers (SBC): SBCs are dedicated appliances that offer one or more of the following services to a VOIP Perimeter: o Firewall / NAT translation, o Call Admission Control, o Service Level Agreement Monitoring, o Support for Lawful intercept o Protocol interworking. Demand for these devices is likely to grow in the future.
30 Firewalls, NAT and Call Establishment Mechanism to solve the NAT Problem 1. Simple Traversal of UDP through NATs (STUN) 2. Traversal Using Relay NAT (TURN) 3. Interactive Connectivity Establishment (ICE) 4. Universal Plug and Play (UPnP)
31 Encryption & IPsec
32 Necessity Protec,on from Internal hackers Protec,on from Packet Sniffers Challenges and Tradeoffs QOS and Latency vs Security
33 IPSec Architecture
34 Transport and Tunnel
35 o IPsec encrypted voice overhead: 80 bytes => required bandwidth 40 kbps VOIPSec Issues Delay o Processing PCM to G.729 to packet o Encryp,on ESP encapsula,on + 3DES o Serializa,on IPsec overhead: about 40 bytes (depending on configura,on) IP header: 20 bytes UDP + RTP headers: 20 bytes RTP header compression: 3 bytes for IP+UDP+RTP Effects on 8 kbps CODEC (voice data: 20 bytes) o clear text voice overhead: 3 bytes => required bandwidth ~ 9 kbps
36 Encryp,on Decryp,on Latency Study by Barberi et al. DES vs 3DES vs SHA- 1 vs 3DES + SHA- 1 Scheduling in Crypto Engines (Routers, Firewalls) vs Crypto Engines(FIFO) Homogenous Traffic Differen,a,on
37 Expanded Packet Size Increased Header overhead Bandwidth u,liza,on reduced by 63% IPSec NAT Incompa,bility Sender Authen,ca,on AH and ESP incompa,bility IKE Nego,a,ons required
38 Solu,ons for VOIPSec
39 Encryp,on at Endpoints LANs do not require Encryp,on Important for Internet traffic Endpoint issue Processing Capabili,es New Devices with high processing SRTP and MIKEY
40 SRTP AES counter, f8(umts) modes. HMAC- SHA1, Akey= 80 bits, 128 bit MasterKey Confiden,ality for RTP as well as for RTCP by encryp,on of the respec,ve payloads; Confiden,ality - encryp,on of payloads. Integrity and replay protec,on. Session keys Refresh cryptanalysis guard. Framework allows upgrading with new cryptographic algorithms. Secure session key deriva,on with pseudo- random func,on at both ends; Sal,ng keys - against pre- computa,on alacks. Security for unicast and mul,cast RTP applica,ons.
41 SRTP Advantages Low computa,onal cost. Low bandwidth cost and a high throughput. Small footprint. RTP profile - easy integra,on into RTP stack. Independent from transport, network, and physical layers. Low key management overhead.
42 MIKEY Implemented as an Independent somware library Establishment of key material within a 2- way handshake Four op,ons for Key Distribu,on: Preshared- key Public- key encryp,on Diffie- Hellman key exchange protected by public- key encryp,on Diffie- Hellman key exchange protected with preshared- key and keyed hash func,ons (using a MIKEY extension (DHHMAC))
44 NAT/IPSec Compa,bility Realm- Specific IP (RSIP) IPv6 Tunnel Broker IP Next Layer (IPNL) UDP encapsula,on.
45 Trunking Protocol suite Channels Overhead Codec bitrate Trunked bitrate unicast bitrate Frame Relay or MP kbps G.729 (8 kbps) 67.6 kbps 92.8 kbps MPLS kbps G.729 (8 kbps) 82.8 kbps kbps IPSec kbps G.729 (8 kbps) 98.8 kbps kbps Codec Payload bandwidth MOS Descrip<on This is the second most supported codec and offers nearly the same quality as G.711. The key advantage is that it is compressed eight,mes smaller than G.711 while sounding G kbps 3.92 almost as good.
46 Legal Direc<ves The Privacy Act of Office of Management and Budget "Guidance on the Privacy Act Implica,ons of Call Detail Programs to Manage Employees' Use of the Government's Telecommunica,on System" (See FEDERAL REGISTER, 52 FR 12990, April 20, 1987). NARA General Records Schedule 12, which requires a 36- month reten,on of telephone CDR records hlp://www.archives.gov/records_management/ ardor/grs12.html VOIP Deployment SIP vs H Mul,- protocol devices End- to- End vs Firewall based VPNs vs Hybrids
47 THANK YOU
48 VOIP FAQ (Appendix) 1. What is VOIP? Voice Over Internet Protocol is a set of somware, hardware, and standards designed to make it possible to transmit voice over packet switched networks, either an internal Local Area Network, or across the Internet. 2. What are some of the advantages of VOIP? a. Cost a VOIP system is usually cheaper to operate than an equivalent office telephone system with a Private Branch Exchange and conven,onal telephone service. b. Integra,on with other services Innova,ve services are emerging that allow customers to combine web access with telephone features through a single PC or terminal. For example, a sales representa,ve could discuss products with a customer using the company s web site. In addi,on, the VOIP system may be integrated with video across the Internet, providing a teleconferencing facility. 3. What are some of the disadvantages of VOIP? a. Startup cost although VOIP can be expected to save money in the long run, the ini,al installa,on can be complex and expensive. In addi,on, a single standard has not yet emerged for many aspects of VOIP, so an organiza,on must plan to support more than one standard, or expect to make rela,vely frequent changes as the VOIP field develops. b. Security the flexibility of VOIP comes at a price: added complexity in securing voice and data. Because VOIP systems are connected to the data network, and share many of the same hardware and somware components, there are more ways for intruders to alack a VOIP system than a conven,onal voice telephone system or PBX.
49 VOIP FAQ (Appendix) 1. What is VOIP? Voice Over Internet Protocol is a set of somware, hardware, and standards designed to make it possible to transmit voice over packet switched networks, either an internal Local Area Network, or across the Internet. 2. What are some of the advantages of VOIP? a. Cost a VOIP system is usually cheaper to operate than an equivalent office telephone system with a Private Branch Exchange and conven,onal telephone service. b. Integra,on with other services Innova,ve services are emerging that allow customers to combine web access with telephone features through a single PC or terminal. For example, a sales representa,ve could discuss products with a customer using the company s web site. In addi,on, the VOIP system may be integrated with video across the Internet, providing a teleconferencing facility. 3. What are some of the disadvantages of VOIP? a. Startup cost although VOIP can be expected to save money in the long run, the ini,al installa,on can be complex and expensive. In addi,on, a single standard has not yet emerged for many aspects of VOIP, so an organiza,on must plan to support more than one standard, or expect to make rela,vely frequent changes as the VOIP field develops. b. Security the flexibility of VOIP comes at a price: added complexity in securing voice and data. Because VOIP systems are connected to the data network, and share many of the same hardware and somware components, there are more ways for intruders to alack a VOIP system than a conven,onal voice telephone system or PBX.
50 Glossary Applica<on Level Gateway (ALG) Applica,on Level Gateways (ALGs) are applica,on specific transla,on agents that allow an applica,on (like VOIP) on a host in one address realm to connect to its counterpart running on a host in different realm transparently. An ALG may interact with NAT to set up state, use NAT state informa,on, modify applica,on specific payload and perform whatever else is necessary to get the applica,on running across disparate address realms. Abstract syntax nota<on one (ASN.1): A standard, flexible method that (a) describes data structures for represen,ng, encoding, transmiyng, and decoding data, (b) provides a set of formal rules for describing the structure of objects independent of machine- specific encoding techniques, (c) is a formal network- management Transmission Control Protocol/ Internet Protocol (TCP/IP) language that uses human- readable nota,on and a compact, encoded representa,on of the same informa,on used in communica,ons protocols, and (d) is a precise, formal nota,on that removes ambigui,es. Call Processor component that sets up and monitors the state of calls, and provides phone number transla,on, user authoriza,on, and coordina,on with media gateways. Firewall Control Proxy - component that controls a firewall s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termina,on.
51 Glossary Applica<on Level Gateway (ALG) Applica,on Level Gateways (ALGs) are applica,on specific transla,on agents that allow an applica,on (like VOIP) on a host in one address realm to connect to its counterpart running on a host in different realm transparently. An ALG may interact with NAT to set up state, use NAT state informa,on, modify applica,on specific payload and perform whatever else is necessary to get the applica,on running across disparate address realms. Abstract syntax nota<on one (ASN.1): A standard, flexible method that (a) describes data structures for represen,ng, encoding, transmiyng, and decoding data, (b) provides a set of formal rules for describing the structure of objects independent of machine- specific encoding techniques, (c) is a formal network- management Transmission Control Protocol/ Internet Protocol (TCP/IP) language that uses human- readable nota,on and a compact, encoded representa,on of the same informa,on used in communica,ons protocols, and (d) is a precise, formal nota,on that removes ambigui,es. Call Processor component that sets up and monitors the state of calls, and provides phone number transla,on, user authoriza,on, and coordina,on with media gateways. Firewall Control Proxy - component that controls a firewall s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termina,on.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish
SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University ABSTRACT The growth of market for real-time IP communications is a big wave prevalent in
Wireless Networks: Network Protocols/Mobile IP Mo$va$on Data transfer Encapsula$on Security IPv6 Problems DHCP Adapted from J. Schiller, Mobile Communications 1 Mo$va$on for Mobile IP Rou$ng based on IP
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
Why SSL is better than IPsec for Fully Transparent Mobile Network Access SESSION ID: SP01-R03 Aidan Gogarty HOB Inc. firstname.lastname@example.org What are we all trying to achieve? Fully transparent network access
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
Encapsulating Voice in IP Packets Major VoIP Protocols This topic defines the major VoIP protocols and matches them with the seven layers of the OSI model. Major VoIP Protocols 15 The major VoIP protocols
Introduction SIP is fast becoming the Voice over IP protocol of choice. During this 3-day course delegates will examine SIP technology and architecture and learn how a functioning VoIP service can be established.
Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
VegaStream Information Note Considerations for a VoIP installation To get the best out of a VoIP system, there are a number of items that need to be considered before and during installation. This document
Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,
Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation email@example.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
Data Networking and Architecture The course focuses on theoretical principles and practical implementation of selected Data Networking protocols and standards. Physical network architecture is described
An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this
SSVVP SIP School VVoIP Professional Certification Exam Objectives The SSVVP exam is designed to test your skills and knowledge on the basics of Networking, Voice over IP and Video over IP. Everything that
A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing
Technical White Paper for Traversal of Huawei Videoconferencing Systems Between Private and Public Networks Huawei Technologies Co., Ltd. All rights reserved. Contents Contents 1 Overview... 1 2 H.323...
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University 1 What is NAT NAT - Network Address Translation RFC 3022
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
SIP Trunking and Voice over IP Agenda What is SIP Trunking? SIP Signaling How is Voice encoded and transported? What are the Voice over IP Impairments? How is Voice Quality measured? VoIP Technology Confidential
Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation firstname.lastname@example.org The Session Initiation Protocol (SIP) is the future
encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their
Proceedings of the International Multiconference on ISSN 1896-7094 Computer Science and Information Technology, pp. 21 29 2007 PIPS Securing Voice over Internet Protocol Ahmad Ghafarian, Randolph Draughorne,
ABC SBC: Securing the PBX FRAFOS GmbH Introduction A widely reported fraud scenarios is the case of a malicious user detecting the address of a company s PBX and accessing that PBX directly. Once the attacker
1.1 Multipoint Control Unit (MCU) A. The MCU shall be capable of supporting (20) continuous presence HD Video Ports at 720P/30Hz resolution and (40) continuous presence ports at 480P/30Hz resolution. B.
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is a ideal to help the SMBs increase the broadband
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
POZNAN UNIVE RSITY OF TE CHNOLOGY ACADE MIC JOURNALS No 80 Electrical Engineering 2014 Assaid O. SHAROUN* VOICE OVER IP AND NETWORK CONVERGENCE As the IP network was primarily designed to carry data, it
Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in
Traversing Firewalls with Video over IP: Issues and Solutions V Table of Contents Introduction Role of a Firewall Deployment Issues Relating to IP Video and Firewall Traversal The VCON SecureConnect Solution
VOIP TELEPHONY: CURRENT SECURITY ISSUES Authors: Valeriu IONESCU 1, Florin SMARANDA 2, Emil SOFRON 3 Keywords: VoIP, SIP, security University of Pitesti Abstract: Session Initiation Protocol (SIP) is the
CHAPTER 2 Sections in this chapter address the following topics: Single Site, page 2-1 Multisite Implementation with Distributed Call Processing, page 2-3 Design Considerations for Section 508 Conformance,
IP Ports and Protocols used by H.323 Devices Overview: The purpose of this paper is to explain in greater detail the IP Ports and Protocols used by H.323 devices during Video Conferences. This is essential
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
SIP The Next Big Step Voice over IP Communications Presented By: Stephen J. Guthrie VP of Operations Blue Ocean Technologies Goals What are our Goals for Today? Executive Summary: It is expected that real-time
Applications that Benefit from IPv6 Lawrence E. Hughes Chairman and CTO InfoWeapons, Inc. Relevant Characteristics of IPv6 Larger address space, flat address space restored Integrated support for Multicast,
High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have
Course 4: IP Telephony and VoIP Telecommunications Technical Curriculum Program 3: Voice Knowledge 6/9/2009 1 Telecommunications Technical Curriculum Program 1: General Industry Knowledge Course 1: General
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
APNIC elearning: IPSec Basics Contact: email@example.com esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
SIP Trunking Christina Hattingh Darryl Sladden ATM Zakaria Swapan Cisco Press 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Contents Introduction xix Part I: From TDM Trunking to SIP Trunking
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
Advanced Networking Skype Renato Lo Cigno Credits for part of the original material to Saverio Niccolini NEC Heidelberg Skype characteristics Skype is a well known P2P program for real time communications
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
An Oracle White Paper June 2013 Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios Introduction Voice
Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare firstname.lastname@example.org https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
ENTERPRISE VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication
Networking 4 Voice and Video over IP (VVoIP) Course Objectives This course will give delegates a good understanding of LANs, WANs and VVoIP (Voice and Video over IP). It is aimed at those who want to move
SBC WHITE PAPER The Critical Component Table of Contents of your VoIP Infrastructure... 3 Enter the SBC... 4 Functions... 5 Security... 5 Denial of Service... 5 Toll Fraud... 6 Encryption... 6 Policy...
Over IP Per Call Bandwidth Consumption Interactive: This document offers customized voice bandwidth calculations with the TAC Bandwidth Calculator ( registered customers only) tool. Introduction Before
Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with
Applied Networks & Security VoIP with Critical Analysis http://condor.depaul.edu/~jkristof/it263/ John Kristoff email@example.com IT 263 Spring 2006/2007 John Kristoff - DePaul University 1 Critical analysis
Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband
INTERNET VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
HOSTED VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel with a WatchGuard Firebox II or Firebox III (software version 4.5 or later)
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch
Article VoIP Introduction Internet telephony refers to communications services voice, fax, SMS, and/or voice-messaging applications that are transported via the internet, rather than the public switched
Cisco CCNP 642 845 Optimizing Converged Cisco Networks (ONT) Course Number: 642 845 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: Cisco CCNP Exam 642 845:
Network Considerations for IP Video H.323 is an ITU standard for transmitting voice and video using Internet Protocol (IP). It differs from many other typical IP based applications in that it is a real-time
Introduction This 4-day course offers a practical introduction to 'hands on' VoIP engineering. Voice over IP promises to reduce your telephony costs and provides unique opportunities for integrating voice
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
2 Overview of VoIP Systems In their simplest form, Voice over IP protocols simply enable two (or more) devices to transmit and receive real-time audio traffic that allows their respective users to communicate.
Advanced Network Security Testing Avalanche Unified Security Testing Michael Jack Agenda The need for Defense In-depth Security Performance Issues Unified Testing Spirent User Quality of Experience Products