VoIP Security. Threats and Countermeasures. Eric Chen NTT Information Sharing Platform Laboratories & VOIPSA Technical Board of Advisors

Size: px
Start display at page:

Download "VoIP Security. Threats and Countermeasures. Eric Chen NTT Information Sharing Platform Laboratories & VOIPSA Technical Board of Advisors"

Transcription

1 VoIP Security Threats and Countermeasures Eric Chen NTT Information Sharing Platform Laboratories & VOIPSA Technical Board of Advisors

2 Agenda Increasing awareness of VoIP security Top VoIP security threats Best current practices Ongoing research efforts

3 Industry Activity VoIP Security Alliance (VOIPSA) launched in 2005 Mission: To promote VoIP security research, education and awareness To become a one-stop source of testing tools/methodologies Membership: Over 100 members on the Technical Board Include NTT, Mitel, Avaya, Nortel, Siemens, Alcatel, Extreme Networks, AT&T, Verizon, Columbia University VOIPSEC mailing list for discussion of VoIP security issues Projects: Threat taxonomy, best practices etc

4 VoIP Security Threat Taxonomy Refer to for more details

5 Conference Activity

6 VoIP Security Books Source:

7 Zero Day Auctions Now Include VoIP Source: WabiSabiLabi Home Page 26 June 2008

8 VoIP Attack Tools Now Available Online More than 80 VoIP attack/security tools known (still increasing)

9 Agenda Increasing awareness of VoIP security Top VoIP security threats Best current practices Ongoing research efforts

10 Finding Targets using Google Cisco Grandstream Sipura Polycom VoIP phones with built-in web servers to allow easy configuration May be indexed by Google if connected to the Internet without any protection Can easily find these phones using keywords included in the default URLs

11 SPIT SPam over Internet Telephony Definition: Automated telemarketing calls (excluding human calls) Not yet a problem due to the small number of VoIP users Can be more serious than PSTN marketing calls Can be easily automated Can be performed at low cost Can perform broadcast No country barrier in terms of call charges -> large scale Yahoo!BB Phone incidents in Japan 2004/2 Unsolicited commercial messages for an adult website 2004/8 "Number scanning" for active VoIP phone numbers (050- [provider code]-xxxx) at the rate of 6000 calls/day 2004/11 Unsolicited automatic messages asking for personal information Contracts with these spammers are terminated by the provider

12 SIP Scanning Send requests (REGISTER OPTIONS etc) with various spoofed originating UID to a SIP server Servers that respond with different replies for valid and invalid UIDs may be exploited

13 Example: SIPSCAN

14 Flood-based DoS Attacks VoIP is vulnerable to flood-based DoS attacks at various layers General DoS attacks target at TCP/IP Same threats to any web server on the Internet VoIP-specific DoS attacks target at UDP-based SIP and RTP Flood of bogus signaling packets may overload CPU of any SIP server or UA Flood of bogus RTP packets may degrade audio stream quality Tools available: kphone-ddos, RTP flooder, SIPBomber, SIPsak, Scapy, IAXFlooder, Seagull and SIPsak

15 Retrieve IP Address Motivation Method Send arbitrary packets to the target Call the target and sniff the incoming packets Contact info in 200 OK Source IP of the incoming RTP IP address of the target included

16 Fuzzing Attacks Send malformed SIP messages Buffer overflow Via: SIP/2.0/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Integer anomalies Content-Length: -1 Invalid addresses INVITE SIP/2.0 Structural anomalies Cseq: 7038 INVITE a1 a2 a3 a4 a5 a6 a7 a8 a9 a10 Can either crash the target or execute arbitrary code

17 Eavesdropping INVITE SIP Proxy A INVITE OK SIP Proxy B Intercept signaling packets to analyze call patterns INVITE OK OK Alice RTP Bob Intercept conversation

18 Eavesdropping Scenarios Wireless LAN with weak security Physical access to intermediate network nodes UA vulnerability ARP-Spoofing

19 Agenda Increasing awareness of VoIP security Top VoIP security threats Best current practices Ongoing research efforts

20 How to avoid being Googled Follow the product guidelines Disable the web server Apply necessary security measures (FW, NAT etc) Use Google to look for exposed devices in one s company

21 Use VoIP Firewalls VoIP clients use various RTP ports to connect with their peers outside. Statically opening all possible ports using a regular firewall introduces new threats. VoIP firewall Dynamically open/close necessary ports through stateful inspection of VoIP traffic ( pinhole ) Inspecting the SDP payload in an INVITE message, extract the UDP port number to be used and open the port before the session starts Close the port when the BYE message corresponding to the session is detected Hide IP addresses of VoIP clients using NAT to prevent them from being direct targets on the Internet

22 Segregation of VoIP Network Segregate data and voice networks using VLAN etc Minimize impact on voice network from sudden traffic surge caused by PCs infected by worms on data network Reduce the risks of eavesdropping Prevent broadcast traffic on data network from entering VoIP network To further prevent unauthorized machines from accessing and attacking voice network IEEE802.1x MAC address filtering Allows only dedicated VoIP appliances on voice network (less programmability, less risk to be exploited) What to do with soft phones (e.g. X-Lite)? Don t allow them on mission-critical voice networks Restrict installation of applications Deploy immune networks

23 Software Updates Check various sources for new vulnerability information Source VOIPSA Blue Box CERT/CC JPCERT/CC IPA Vendor HP Description New VoIP security/attack tools Blog and mailing list discussions VoIP security-related podcast Tutorials Security incident report SIP vulnerability report (Japanese only) New firmware and patches URL com/

24 Penetration Tests Conduct simulated attacks using tools available on PROTOS/Codenomicon (fuzzing) SIPSCAN SiVuS SIPBomber...etc Verification criteria Terminal status Connection status QoS

25 Encryption Securing the signaling channel IPSec TLS/DTLS Securing the media channel IPSec SRTP (two candidates for SRTP key exchange now at IETF) DTLS-SRTP ZRTP

26 Vendor Solutions Arbor Networks (http://www.arbornetworks.com) Borderware (http://www.borderware.com) Captus Networks (http://www.captusnetworks.com) Cisco Riverhead (http://www.cisco.com) Ingate (http://www.ingate.com) Mazu Networks (http://www.mazunetworks.com) Mirage Networks (http://www.miragenetworks.com) SecureLogix (http://www.secuirelogix.com) Sipera (http://www.sipera.com) TippingPoint (http://www.tippingpoint.com) TopLayer (http://www.toplayer.com)

27 Agenda Increasing awareness of VoIP security Top VoIP security threats Best current practices Ongoing research efforts

28 Research Opportunities in VoIP Security VoIP-specified DDoS attacks SPIT Adaptive detection against fuzzing attacks

29 NTT s SIP Guard for SIP-specific DoS attacks Eric Y. Chen, "Detecting DoS Attacks on SIP Systems", IEEE workshop on VoIP Management and Security at NOMS 2006, Canada, April 2006

30 NEC s VOIP SEAL Roman Schlegel, Saverio Niccolini, Sandra Tartarelli, Marcus Brunner SPam over Internet Telephony (SPIT) Prevention Framework, GLOBECOM 2006

31 Other Research Efforts Gaston Ormazabal, Secure SIP: A scalable prevention mechanism for DoS attacks on SIP based VoIP systems, IPTCOMM 2008 Charles Shen, SIP Server Overload Control: Design and Evaluation, IPTCOMM 2008 Mohamed Nassar, Holistic VoIP Intrusion Detection and Prevention System, IPTCOMM 2007 Jens Fiedler, VoIP Defender: Highly Scalable SIP-based Security Architecture, IPTCOMM 2007 Ge Zhang, Denial of Service Attack and Prevention on SIP VoIP Infrastructures Using DNS Flooding, IPTCOMM 2007

32 Conclusion VoIP is still an emerging technology, so is its security framework No such thing as perfect security, but risks can be significantly reduced using currently available solutions Challenges for Vendor Increase effort devoted to software engineering practices to minimize implementation flaws Provider User Learn to securely integrate different physical components (SIP servers, SIP clients) and solutions from multiple vendors Be aware of the new threats introduced by VoIP

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP (VoIP) Denial of Service (DoS) Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

An outline of the security threats that face SIP based VoIP and other real-time applications

An outline of the security threats that face SIP based VoIP and other real-time applications A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications

More information

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009 VoIP some threats, security attacks and security mechanisms Lars Strand RiskNet Open Workshop Oslo, 24. June 2009 "It's appalling how much worse VoIP is compared to the PSTN. If these problems aren't fixed,

More information

Verizon Columbia Research on VoIP Security A Model Academia/Industry Collaboration. Gaston Ormazabal. Verizon Laboratories.

Verizon Columbia Research on VoIP Security A Model Academia/Industry Collaboration. Gaston Ormazabal. Verizon Laboratories. Verizon 2009 All Rights Reserved. 1 Verizon Columbia Research on VoIP Security A Model Academia/Industry Collaboration Gaston Ormazabal Verizon Laboratories May 13, 2009 June 16, 2009 Verizon 2009 All

More information

Session Initiation Protocol (SIP) Vulnerabilities. Mark D. Collier Chief Technology Officer SecureLogix Corporation

Session Initiation Protocol (SIP) Vulnerabilities. Mark D. Collier Chief Technology Officer SecureLogix Corporation Session Initiation Protocol (SIP) Vulnerabilities Mark D. Collier Chief Technology Officer SecureLogix Corporation What Will Be Covered Introduction to SIP General SIP security SIP vulnerabilities and

More information

VoIP Security: How Secure is Your IP Phone?

VoIP Security: How Secure is Your IP Phone? VoIP Security: How Secure is Your IP Phone? Dan York, CISSP Director of IP Technology, Office of the CTO Chair, Mitel Product Security Team Member, Board of Directors, VoIP Security Alliance (VOIPSA) ICT

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems

Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems Henning Schulzrinne Eilon Yardeni Somdutt Patnaik Columbia University CS Department Gaston Ormazabal Verizon

More information

Footprinting. Vendor press releases and case studies Resumes of VoIP personnel Mailing lists and user group postings Web-based VoIP logins

Footprinting. Vendor press releases and case studies Resumes of VoIP personnel Mailing lists and user group postings Web-based VoIP logins Voice Over IP Security Mark D. Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com www.securelogix.com www.voipsecurityblog.com Outline Outline Introduction Attacking

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Voice over IP Security

Voice over IP Security Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

Protect Yourself Against VoIP Hacking. Mark D. Collier Chief Technology Officer SecureLogix Corporation

Protect Yourself Against VoIP Hacking. Mark D. Collier Chief Technology Officer SecureLogix Corporation Protect Yourself Against VoIP Hacking Mark D. Collier Chief Technology Officer SecureLogix Corporation What Will Be Covered How to assess the security of your IPT network: In house/external and ground

More information

Ram Dantu. VOIP: Are We Secured?

Ram Dantu. VOIP: Are We Secured? Ram Dantu Professor, Computer Science and Engineering Director, Center for Information and Computer Security University of North Texas rdantu@unt.edu www.cse.unt.edu/~rdantu VOIP: Are We Secured? 04/09/2012

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Threat Mitigation for VoIP

Threat Mitigation for VoIP Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities

More information

Conducting an IP Telephony Security Assessment

Conducting an IP Telephony Security Assessment Conducting an IP Telephony Security Assessment Mark D. Collier Chief Technology Officer mark.collier@securelogix.com www.securelogix.com Presentation Outline Ground rules and scope Discovery Security policy

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Intrusion Prevention: The Future of VoIP Security

Intrusion Prevention: The Future of VoIP Security Intrusion Prevention: The Future of VoIP Security Introduction...2 VoIP Building Blocks...3 VoIP Security Threat Scenarios...7 Attacks against the underlying VoIP devices OS...7 Configuration Weaknesses

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Ingate Firewall/SIParator SIP Security for the Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...

More information

Presenter. Zane Ryan. Director Dot Force zane.ryan@dotforce.co.uk www.dotforce.co.uk

Presenter. Zane Ryan. Director Dot Force zane.ryan@dotforce.co.uk www.dotforce.co.uk Presenter Zane Ryan Director Dot Force zane.ryan@dotforce.co.uk www.dotforce.co.uk Ingate Systems Headquarters in Stockholm, Sweden North American subsidiary in New Hampshire Long Island, New York San

More information

DEPLOYING VoIP SECURELY

DEPLOYING VoIP SECURELY DEPLOYING VoIP SECURELY Everyone knows that Voice-over-IP (VoIP) has been experiencing rapid growth. Even still, you might be surprised to learn that: 10% of all voice traffic is now transmitted with VoIP

More information

Villains and Voice Over IP

Villains and Voice Over IP Villains and Voice Over IP Heather Bonin ECE 578 March 7, 2004 Table of Contents Introduction... 3 How VOIP Works... 3 Ma Bell and her Babies... 3 VoIP: The New Baby on the Block... 3 Security Issues...

More information

Evaluation of Security and Countermeasures for a SIP-based VoIP Architecture

Evaluation of Security and Countermeasures for a SIP-based VoIP Architecture Evaluation of Security and Countermeasures for a SIP-based VoIP Architecture Marius HERCULEA, Tudor Mihai BLAGA, Virgil DOBROTA Technical University of Cluj-Napoca Faculty of Electronics, Telecommunications

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Transparent weaknesses in VoIP

Transparent weaknesses in VoIP Transparent weaknesses in VoIP Peter Thermos peter.thermos@palindrometech.com 2007 Palindrome Technologies, All Rights Reserved 1 of 56 Speaker Background Consulting Government and commercial organizations,

More information

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP ENTERPRISE VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

VOIP TELEPHONY: CURRENT SECURITY ISSUES

VOIP TELEPHONY: CURRENT SECURITY ISSUES VOIP TELEPHONY: CURRENT SECURITY ISSUES Authors: Valeriu IONESCU 1, Florin SMARANDA 2, Emil SOFRON 3 Keywords: VoIP, SIP, security University of Pitesti Abstract: Session Initiation Protocol (SIP) is the

More information

IPTCOMM 2008 Heidelberg. VoIP Security: Do Claims of Threats Justify Continued Research Efforts? Jonathan Zar. Pingalo VOIPSA

IPTCOMM 2008 Heidelberg. VoIP Security: Do Claims of Threats Justify Continued Research Efforts? Jonathan Zar. Pingalo VOIPSA IPTCOMM 2008 Heidelberg VoIP Security: Do Claims of Threats Justify Continued Research Efforts? Jonathan Zar Pingalo VOIPSA Eric Chen NTT Information Sharing Platform Laboratories VOIPSA 1 Lots of Activity

More information

SIP SECURITY WILEY. Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne. A John Wiley and Sons, Ltd.

SIP SECURITY WILEY. Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne. A John Wiley and Sons, Ltd. SIP SECURITY Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne WILEY A John Wiley and Sons, Ltd., Publication Foreword About the Authors Acknowledgment xi xiii xv 1 Introduction

More information

Vulnerabilities in SOHO VoIP Gateways

Vulnerabilities in SOHO VoIP Gateways Vulnerabilities in SOHO VoIP Gateways Is grandma safe? Peter Thermos pthermos@vopsecurity.org pthermos@palindrometechnologies.com 1 Purpose of the study VoIP subscription is growing and therefore security

More information

Deployment of Snort IDS in SIP based VoIP environments

Deployment of Snort IDS in SIP based VoIP environments Deployment of Snort IDS in SIP based VoIP environments Jiří Markl, Jaroslav Dočkal Jaroslav.Dockal@unob.cz K-209 Univerzita obrany Kounicova 65, 612 00 Brno Czech Republic Abstract This paper describes

More information

CPNI VIEWPOINT 01/2007 INTERNET VOICE OVER IP

CPNI VIEWPOINT 01/2007 INTERNET VOICE OVER IP INTERNET VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany Service Provider implementation of SIP regarding security Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

Detecting Spam in VoIP Networks. Ram Dantu Prakash Kolan

Detecting Spam in VoIP Networks. Ram Dantu Prakash Kolan Detecting Spam in VoIP Networks Ram Dantu Prakash Kolan More Multimedia Features Cost Why use VOIP? support for video-conferencing and video-phones Easier integration of voice with applications and databases

More information

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network 10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity

More information

Security issues in Voice over IP: A Review

Security issues in Voice over IP: A Review www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu

More information

VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006

VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006 VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006 VoIP technology has the tech geeks buzzing. It has been touted as: - the killer of telecoms - a solution

More information

A Lightweight Countermeasure to Cope with Flooding Attacks Against Session Initiation Protocol

A Lightweight Countermeasure to Cope with Flooding Attacks Against Session Initiation Protocol A Lightweight Countermeasure to Cope with Flooding Attacks Against Session Initiation Protocol Intesab Hussain, Soufiene Djahel, Dimitris Geneiatakis ±, and Farid Naït-Abdesselam LIPADE, University of

More information

Securing VoIP Networks using graded Protection Levels

Securing VoIP Networks using graded Protection Levels Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract

More information

Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8

Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8 Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8 SR140531D 19 August 2014 Miercom www.miercom.com Overview Unify Inc. (formerly Siemens Enterprise Communications)

More information

SIP SECURITY. Status Quo and Future Issues. 23. Chaos Communication Congress: 27. - 30.12.2006, Berlin, Germany

SIP SECURITY. Status Quo and Future Issues. 23. Chaos Communication Congress: 27. - 30.12.2006, Berlin, Germany SIP SECURITY Status Quo and Future Issues 23. Chaos Communication Congress: 27. - 30.12.2006, Berlin, Germany Jan Seedorf - seedorf@informatik.uni-hamburg.de SVS - Security in Distributed Systems Intention

More information

Securing Enterprise VoIP. VoIP Vulnerabilities Patrick Young CEO Arlinx Inc.

Securing Enterprise VoIP. VoIP Vulnerabilities Patrick Young CEO Arlinx Inc. Securing Enterprise VoIP VoIP Vulnerabilities Patrick Young CEO Arlinx Inc. VoIP Security Patrick Young CEO Arlinx, Inc. http:// (954) 344-7665 Arlinx manufactures a telecom carrier grade application specific

More information

MAC Based Routing Table Approach to Detect and Prevent DDoS Attacks and Flash Crowds in VoIP Networks

MAC Based Routing Table Approach to Detect and Prevent DDoS Attacks and Flash Crowds in VoIP Networks BULGARIAN ACADEMY OF SCIENCES CYBERNETICS AND INFORMATION TECHNOLOGIES Volume 11, No 4 Sofia 2011 MAC Based Routing Table Approach to Detect and Prevent DDoS Attacks and Flash Crowds in VoIP Networks N.

More information

SIP Intrusion Detection and Response Architecture for Protecting SIP-based Services

SIP Intrusion Detection and Response Architecture for Protecting SIP-based Services SIP Intrusion Detection and Response Architecture for Protecting SIP-based Services KyoungHee Ko, Hwan-Kuk Kim, JeongWook Kim, Chang-Yong Lee, HyunCheol Jeong Applied Security Technology Team Korea Information

More information

VOIP SECURITY ISSUES AND RECOMMENDATIONS

VOIP SECURITY ISSUES AND RECOMMENDATIONS VOIP SECURITY ISSUES AND RECOMMENDATIONS Sathasivam Mathiyalakan MSIS Department, College of Management, University of Massachusetts Boston Phone: (617) 287 7881; Email: Satha.Mathiyalakan@umb.edu ABSTRACT

More information

hackers 2 hackers conference III voip (in)security luiz eduardo cissp, ceh, cwne, gcih

hackers 2 hackers conference III voip (in)security luiz eduardo cissp, ceh, cwne, gcih luiz eduardo cissp, ceh, cwne, gcih who am I? networking guy security guy employed by Aruba Networks wlan network for defcon, blackhat & ccc regular speaker at cons founder, dc55.org and... agenda intro

More information

Just as the ecommerce companies have

Just as the ecommerce companies have Protecting IMS Networks From Attack Krishna Kurapati Krishna Kurapati is the founder and CTO of Sipera Systems (www.sipera.com), a company that specializes in security for VOIP, mobile and multimedia communications.

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

The #1 Issue on VoIP, Fraud!

The #1 Issue on VoIP, Fraud! Know your enemy Sun Tzu's The Art of War The #1 Issue on VoIP, Fraud! How to identify, prevent and reduce damages caused by fraud Flavio E. Goncalves About me Author of the book Building Telephony Systems

More information

How to make free phone calls and influence people by the grugq

How to make free phone calls and influence people by the grugq VoIPhreaking How to make free phone calls and influence people by the grugq Agenda Introduction VoIP Overview Security Conclusion Voice over IP (VoIP) Good News Other News Cheap phone calls Explosive growth

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

A Reality Check on Security in VoIP

A Reality Check on Security in VoIP A Reality Check on Security in VoIP Communications Rick Robinson CISSP ISSAP IEEE Sr. Member Agenda Background Overview of Threats Top Ten With Reality Checks Trends Actions Pearls Questions Background

More information

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack You Joung Ham Graduate School of Computer Engineering, Hanshin University, 411, Yangsan-dong, Osan, Gyeonggi, Rep. of Korea

More information

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6?

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? - and many other vital questions to ask your firewall vendor Zlata Trhulj Agilent Technologies zlata_trhulj@agilent.com

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice

More information

DoS/DDoS Attacks and Protection on VoIP/UC

DoS/DDoS Attacks and Protection on VoIP/UC DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements

More information

VoIP Security Methodology and Results. NGS Software Ltd

VoIP Security Methodology and Results. NGS Software Ltd VoIP Security Methodology and Results NGS Software Ltd Barrie Dempster Senior Security Consultant barrie@ngssoftware.com Agenda VoIP Security Issues Assessment Methodology Case Study: Asterisk VoIP Security

More information

Implementing VoIP monitoring solutions. Deployment note

Implementing VoIP monitoring solutions. Deployment note Implementing VoIP monitoring solutions Deployment note Introduction With VoIP being an integral part of modern day business communications, enterprises are placing greater emphasis on the monitoring and

More information

Is Your Network Ready for VoIP?

Is Your Network Ready for VoIP? Is Your Network Ready for VoIP? Evaluating firewalls for VoIP access, control and security. CONTENTS The Network Will Never be the Same 2 A VoIP-Ready Firewall Criteria Checklist 2 Control Considerations

More information

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP HOSTED VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

Perspective on secure network for control systems in SPring-8

Perspective on secure network for control systems in SPring-8 Perspective on secure network for control systems in SPring-8 Toru Ohata, M. Ishii, T. Fukui* and R. Tanaka JASRI/SPring-8, Japan *RIKEN/SPring-8, Japan Contents Network architecture Requirement and design

More information

1152 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS PART C: APPLICATIONS AND REVIEWS, VOL. 37, NO. 6, NOVEMBER 2007

1152 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS PART C: APPLICATIONS AND REVIEWS, VOL. 37, NO. 6, NOVEMBER 2007 1152 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS PART C: APPLICATIONS AND REVIEWS, VOL. 37, NO. 6, NOVEMBER 2007 Security Challenge and Defense in VoIP Infrastructures David Butcher, Member, IEEE,

More information

CE 817 - Advanced Network Security VoIP Security

CE 817 - Advanced Network Security VoIP Security CE 817 - Advanced Network Security VoIP Security Lecture 25 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially

More information

PENTEST. Pentest Services. VoIP & Web. www.novacybersecurity.com

PENTEST. Pentest Services. VoIP & Web. www.novacybersecurity.com PENTEST VoIP & Web Pentest Services VoIP & WEB Penetration Testing The Experinced and National VoIP/Unified Communications R&D organization, NETAŞ NOVA Pentest Services test the applications, infrastructure

More information

Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information

Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information Changyong Lee, Hwankuk-Kim, Hyuncheol Jeong, Yoojae Won Korea Information Security Agency, IT Infrastructure Protection Division

More information

E-Guide. Sponsored By:

E-Guide. Sponsored By: E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

More information

Managing Risks at Runtime in VoIP Networks and Services

Managing Risks at Runtime in VoIP Networks and Services Managing Risks at Runtime in VoIP Networks and Services Oussema Dabbebi, Remi Badonnel, Olivier Festor To cite this version: Oussema Dabbebi, Remi Badonnel, Olivier Festor. Managing Risks at Runtime in

More information

Cisco ASA 5500 Series Unified Communications Deployments

Cisco ASA 5500 Series Unified Communications Deployments 5500 Series Unified Communications Deployments Cisco Unified Communications Solutions unify voice, video, data, and mobile applications on fixed and mobile networks, enabling easy collaboration every time,

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

SIP Trunking: Deployment Considerations at the Network Edge

SIP Trunking: Deployment Considerations at the Network Edge Small Logo SIP Trunking: Deployment Considerations at the Network Edge at the Network Edge Executive Summary The move to Voice over IP (VoIP) and Fax over IP (FoIP) in the enterprise has, until relatively

More information

Session Initiation Protocol Security Considerations

Session Initiation Protocol Security Considerations Session Initiation Protocol Security Considerations Sami Knuutinen Helsinki University of Technology Department of Computer Science and Engineering May 28, 2003 Abstract Session Initiation Protocol (SIP)

More information

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport

More information

Security Best Practices for Enterprise VoIP. Preventing Attacks and Managing Risk

Security Best Practices for Enterprise VoIP. Preventing Attacks and Managing Risk Security Best Practices for Enterprise VoIP Preventing Attacks and Managing Risk A Sipera White Paper September 2007 Summary To take full advantage of unified communications (UC), enterprises are extending

More information

Voice over IP Security

Voice over IP Security ii Voice over IP Security Patrick Park Copyright 2009 Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system

More information

VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011

VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 *Thanks to Prof. Angelos Keromytis for materials for these lecture slides. CSE545 - Advanced Network Security -

More information

Threats to be considered (1) ERSTE GROUP

Threats to be considered (1) ERSTE GROUP VoIP-Implementation Lessons Learned Philipp Schaumann Erste Group Bank AG Group IT-Security philipp.schaumann@erstegroup.com http://sicherheitskultur.at/ Seite 1 Threats to be considered (1) Eavesdropping

More information

Data Security in a Converged Network

Data Security in a Converged Network Data Security in a Converged Network A Siemens White Paper Author: Contributors: Joel A. Pogar National Practice Manager Secure Network Services Joel.Pogar@icn.siemens.com Jeff Corcoran Solutions Architect,

More information

An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems

An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems An Empirical Investigation into the Security of Phone Features in SIP-based VoIP Systems Ruishan Zhang 1, Xinyuan Wang 1, Xiaohui Yang 1, Ryan Farley 1, and Xuxian Jiang 2 1 George Mason University, Fairfax,

More information

IP Phone Security: Packet Filtering Protection Against Attacks. Introduction. Abstract. IP Phone Vulnerabliities

IP Phone Security: Packet Filtering Protection Against Attacks. Introduction. Abstract. IP Phone Vulnerabliities W H I T E P A P E R By Atul Verma Engineering Manager, IP Phone Solutions Communications Infrastructure and Voice Group averma@ti.com Introduction The advantages of a converged voice and data network are

More information

BEng (Hons) Telecommunications. Examinations for 2011 2012 / Semester 1

BEng (Hons) Telecommunications. Examinations for 2011 2012 / Semester 1 BEng (Hons) Telecommunications Cohort: BTEL/10A/FT Examinations for 2011 2012 / Semester 1 MODULE: IP Telephony MODULE CODE: TELC3107 Duration: 2 Hours Reading time: 15 Minutes Instructions to Candidates:

More information

Attachment Q5. Voice over Internet Protocol (VoIP)

Attachment Q5. Voice over Internet Protocol (VoIP) DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

A Model-based Methodology for Developing Secure VoIP Systems

A Model-based Methodology for Developing Secure VoIP Systems A Model-based Methodology for Developing Secure VoIP Systems Juan C Pelaez, Ph. D. November 24, 200 VoIP overview What is VoIP? Why use VoIP? Strong effect on global communications VoIP will replace PSTN

More information

Unregister Attacks in SIP

Unregister Attacks in SIP Unregister Attacks in SIP Anat Bremler-Barr Ronit Halachmi-Bekel Interdisciplinary Center Herzliya Email: {bremler,halachmi.ronit}@idc.ac.il Jussi Kangasharju Darmstadt University of Technology jussi@tk.informatik.tu-darmstadt.de

More information

Models of Secure VoIP Systems. VoIP Security Best Practice. Vol. II. Models of Secure VoIP Systems (Version: 1.2) NEC Corporation

Models of Secure VoIP Systems. VoIP Security Best Practice. Vol. II. Models of Secure VoIP Systems (Version: 1.2) NEC Corporation VoIP Security Best Practice (Version: 1.2) NEC Corporation Liability Disclaimer NEC Corporation reserves the right to change the specifications, functions, or features, at any time, without notice. NEC

More information

Hacking VoIP Exposed. David Endler, TippingPoint Mark Collier, SecureLogix

Hacking VoIP Exposed. David Endler, TippingPoint Mark Collier, SecureLogix Hacking VoIP Exposed David Endler, TippingPoint Mark Collier, SecureLogix Agenda Introductions Casing the Establishment Exploiting the Underlying Network Exploiting VoIP Applications Social Threats (SPIT,

More information

SIP Security in IP Telephony

SIP Security in IP Telephony SIP Security in IP Telephony Muhammad Yeasir Arafat and M. Abdus Sobhan School of Engineering and Computer Science Independent University, Bangladesh E-mail: sobhan30@gmail.com Abstract Today the session

More information

Multi-layered Security Solutions for VoIP Protection

Multi-layered Security Solutions for VoIP Protection Multi-layered Security Solutions for VoIP Protection Copyright 2005 internet Security Systems, Inc. All rights reserved worldwide Multi-layered Security Solutions for VoIP Protection An ISS Whitepaper

More information

Denial Of Service. Types of attacks

Denial Of Service. Types of attacks Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service

More information

SIP Security Status Quo and Future Issues Jan Seedorf

SIP Security Status Quo and Future Issues Jan Seedorf SIP Security Status Quo and Future Issues Jan Seedorf Security in Distributed Systems (SVS) University of Hamburg, Dept. of Informatics Vogt-Kölln-Str. 30, D-22527 Hamburg seedorf@informatik.uni-hamburg.de

More information

1-4244-0353-7/07/$25.00 2007 IEEE

1-4244-0353-7/07/$25.00 2007 IEEE Detecting SPIT Calls by Checking Human Communication Patterns J. Quittek, S. Niccolini, S. Tartarelli, M. Stiemerling, M. Brunner, T. Ewald NEC Europe Ltd., Kurfürsten-Anlage 36, 69115 Heidelberg, Germany;

More information

IxLoad-Attack: Network Security Testing

IxLoad-Attack: Network Security Testing IxLoad-Attack: Network Security Testing IxLoad-Attack tests network security appliances determining that they effectively and accurately block attacks while delivering high end-user quality of experience

More information