1 VmSat (VoIP monitoring & Security assessment tool) College: Pune Institute of Computer Technology, Pune Team Members: Krishna S. Ghodke Saurabh A. Gawande Roshan R. Ghumare Sumant D. Kukkar Sponsored By : GREAT SOFTWARE LABORATRY PVT. LTD. (GS Lab) (www.gs-lab.com) Contact: External Guide Internal Guide Mr.Avinash Shenoi Mr.Vivek Relan Mr.Tushar Rane
2 I] Idea and concept behind the Project: The deployment of Voice over Internet Protocol (VoIP) instead of traditional communication system has helped in huge reduction in operating costs, as well as enabled adoption of next generation communication services using IP infrastructure. There exist many vendors which provide VoIP services. But a comprehensive monitoring/assessment mechanism is required to verify the claims made by vendor company to client organization. Considering the above requirements we propose a VoIP Monitoring and Security Assessment Tool (VmSat). This tool monitors, analyzes and tests the VoIP infrastructure and services provided. The first part of this tool monitors and performs the analysis of the real time VoIP traffic for troubleshooting the infrastructure. It provides various quality metrics for voice traffic in terms of bandwidth utilized, delay, jitter, packet loss, R-Factor and MOS. It provides comprehensive remedial reasoning for quality deterioration. The second part of the tool assesses the VoIP infrastructure against security threats. VmSat provides several most generic attack templates and launches attacks (flood attacks, message attacks etc) within the system to identify the vulnerabilities present in the system. Robustness of SIP protocol implementation is assessed through rigorous checks.vmsat also provides most comprehensive and generic Meta language to assist in generating any custom attacks. It consists of a plaintext format like an English sentence which provides great flexibility to the user. Once vulnerabilities are identified it provides remedial information that enables security professionals to perform appropriate actions. Following are the application of VmSat: To aid owners/users of VoIP infrastructure to test, audit, and uncover security vulnerabilities in their deployments. To aid third parties to test, audit, and uncover security vulnerabilities in the VoIP infrastructure of owners of said infrastructure who contract with or otherwise expressly approve said third parties to assess said VoIP infrastructure. To aid producers of VoIP infrastructure to test, audit, and uncover security vulnerabilities in the VoIP hardware/software/systems they produce. For use in collective educational endeavors or use by individuals for their own intellectual curiosity or aggrandizement. Thus user can rely on this tool to penetrate the VoIP deployment for finding vulnerabilities in the network
3 II] Salient Features: 1. Real Time Monitoring: Proactive monitoring of Bandwidth utilization and QoS metrics such as Jitter, Latency, Packet loss. ITU standard E-Model based MOS calculation. Pictorial representation of the call flow, plotting all the SIP requests/response that took place from start to end of call. This comes in handy for debugging error calls. Call categorization such as complete, incomplete, unanswered, error, good and poor quality calls. Flexible filtering of data based on IP address and caller name. Alarm generation on vital parameters viz., Too many consecutive incomplete calls, SIP Errors, High Average Delay, Jitter and Packet-Loss. Web Based User Interface for platform independence. 2. Power-Off and System-Crash situations: Power-Off and System-Crash situations for both Server& Clients are handled. It helps the administrator to identify the reason of the Failed or Incomplete calls. 3. Infrastructure Discovery: Discovery of the SIP components viz, SIP Server, SIP Client. 4. Attacks: Three categories of attacks for Vulnerabilities detection: Protocol Checks SIP Message attacks (Bye,ReInvite,Replay) Flooding attacks ( DoS attacks) 5. Attack Templates & Meta language: VmSat provides several generic attack templates which are used to perform attacks. It intakes customized datasets from the administrator. A Meta language is constructed using LEX and YACC which provides the mechanism to the user for generating various attacks, through user mindset. 6. Configurable SIP Packet Generator: 7. Comprehensive Reports: The reports give the administrator a quick and most probable reason for quality deterioration and the vulnerabilities present in the VoIP infrastructure.
5 Vulnerability Assessment [Diagram 5] Implementation of security assessment involves performing various checks and attacks against the deployed infrastructure. These attacks are performed by user using a predefined template on a web based interface. In addition, a facility is provided that enables user to write custom attacks using a Meta language, implemented using LEX and YACC. Working of phase: 1. SIP components (SIP servers, clients soft phones etc) in the system are discovered and information is stored in config.db. 2. User provides the attack details through input system. 3. Attack system initializes attack parameters by using config.db. 4. Attack is launched. 5. System identifies status of attack by consulting with symptoms.db, which contains predefined parameters about attack for recognition. 6. Attack is stopped by using stopping condition for respective attack. 7. Based on status of system after attack, reports are generated which provides complete description of vulnerabilities found along with recommendation. VI] Commercial viability: Need in the market: Cost-based analysis of industry usage of VoIP services shows the growth of VoIP market. Most of VoIP providers have adopted SIP implementation; however, corporations have not been deploying the technology because of its inherent security weaknesses. Our project helps the VoIP providers as well as users to overcome these security hurdles. Thus the contribution of the project towards VoIP market can be estimated on the basis of huge market value of the VoIP services, which is growing fast every year. This proves the importance of project in terms of market value and usage. Hence, the need of product is justified. Alternatives: Though different alternatives exist for VmSat, VmSat is one of its kinds which provide both Traffic Monitoring and Vulnerability Assessment. Existing products don t provide language or customized attack, so it is difficult for the user to find out various other vulnerabilities present in the network. The Meta Language (plain English language format) feature of VmSat provides greater flexibility to the user for performing attacks, thus helping him to find out any new vulnerability in the network or protocol implementation which he can think of.
6 Diagram 1: VoIP Infrastructure Overview Diagram 2: Architecture of VmSat
7 Diagram 3: Design of Traffic Monitor
8 Diagram 4: Snapshots of Traffic monitor
9 Diagram 5: Design of Vulnerability Assessment
10 VII] References: Books: 1. VoIP Hacking Exposed by David Endler and Mark Collier 2. VoIP Practical Security by Thomas Porter 3. VoIP Security by James Ransome and John Rittinghouse 4. SIP Demystified by Gonzallo Camarillo URL:
Assessing the security of VoIP Services Humberto Abdelnur, Radu State, Isabelle Chrisment, Christian Popi To cite this version: Humberto Abdelnur, Radu State, Isabelle Chrisment, Christian Popi. Assessing
Cloud Service Level Agreement Standardisation Guidelines Brussels 24/06/2014 1 Table of Contents Preamble... 4 1. Principles for the development of Service Level Agreement Standards for Cloud Computing...
AUTOMATED MONITORING AND EVENT RECOVERY OF VBLOCK INFRASTRUCTURE PLATFORMS WITH IPSOFT MANAGED SERVICE May 2011 2011 VCE Company, LLC. All rights reserved. 1 Table of Contents Executive Summary... 3 The
An Oracle White Paper July 2013 Oracle Enterprise Operations Monitor: Real-Time Voice over Internet Protocol Monitoring and Troubleshooting Introduction... 1 Overview... 2 Key Functions and Features...
Acta Electrotechnica et Informatica, Vol. 9, No. 4, 2009, 61-65 61 QUALITATIVE FACTORS THAT IMPACT REAL IMPLEMENTING VOIP IN PRIVATE NETWORKS Peter CHOCHOL Section of IT Development, Division of Information
Evaluating DoS Attacks Against SIP-Based VoIP Systems M. Zubair Rafique, M. Ali Akbar and Muddassar Farooq Next Generation Intelligent Networks Research Center (nexgin RC) FAST National University of Computer
Toward a lightweight framework for monitoring public clouds Kun Ma, Runyuan Sun, Ajith Abraham Shandong Provincial Key Laboratory of Network Based Intelligent Computing University of Jinan, Jinan, China
WHITE PAPER 1ntroduction... 2 Zenoss Enterprise: Functional Overview... 3 Zenoss Architecture: Four Tiers, Model-Driven... 6 Issues in Today s Dynamic Datacenters... 12 Summary: Five Ways Zenoss Enterprise
Application-level simulation for network security Stephan Schmidt, Rainer Bye, Joël Chinnow Karsten Bsufka, Ahmet Camtepe and Sahin Albayrak email@example.com DAI-Labor, Berlin Institute of Technology,
View Point Performance Monitoring in Cloud - Vineetha V Abstract Performance Monitoring is an integral part of maintenance. Requirements for a monitoring solution for Cloud are totally different from a
Monitoring and Diagnosing Applications with 4.0 Mark W. Johnson IBM Corporation The (Application Response Measurement) standard provides a way to manage business transactions. By embedding simple calls
The Definitive Guide tm To Cloud Computing Ch apter 10: Key Steps in Establishing Enterprise Cloud Computing Services... 185 Ali gning Business Drivers with Cloud Services... 187 Un derstanding Business
Master of Science Thesis [in the Programme Software Engineering & Technology] Haseeb Zulfiqar Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering Göteborg,
Expedition: An Open Source Network Monitoring Tool for Software Defined Networks Capstone Research Project April 24, 2015 Ashwin Joshi Darshan Maiya Gaurav Chheda Vamsikrishna Nethi Interdisciplinary Telecommunications
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
HP Performance Engineering Best Practices Series for Performance Engineers and Managers Performance Monitoring Best Practices Document Release Date: May 2009 Software Release Date: May 2009 Legal Notices
Best Practices for Securing Privileged Accounts 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Risk management 2 2.1 Baseline risks............................................
Outsourcing Workbook Page 1 Copyright 2008 Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording,
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
HP Performance Engineering Best Practices Series for Performance Engineers and Managers Performance Monitoring Best Practices Document Release Date: 201 Software Release Date: 2014 Legal Notices Warranty
Securing Your Big Data Environment Ajit Gaddam firstname.lastname@example.org Abstract Security and privacy issues are magnified by the volume, variety, and velocity of Big Data. The diversity of data sources, formats,
Amazon Web Services: Overview of Security Processes May 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 Amazon Web Services (AWS) delivers a scalable cloud computing
Windows Firewall with Advanced Security Design Guide and Deployment Guide Microsoft Corporation Published: October 2008 Author: Dave Bishop Editor: Allyson Adley Reviewers: Bilal Aijazi, Boyd Benson, Shalaka
Arbeitsberichte der Hochschule für Wirtschaft FHNW Nr. 28 Enterprise Architectures for Cloud Computing Laura Aureli, Arianna Pierfranceschi, Holger Wache ISSN Nr. 1662-3266 (Print) Nr. 1662-3274 (Online)
D5.1 Version: 0.7 Date: 2008-07-30 Author: UNITN Dissemination status: PU Document reference: D5.1 State of art in the field of Adaptive Service Composition Monitoring and Management Project acronym: COMPAS
Your new VoIP Network is working great Right? How to Know April 2012 Executive Summary This paper discusses the importance of measuring and monitoring the voice quality of VoIP calls traversing the data