COTS SECURITY GUIDANCE (CSG) VOICE OVER INTERNET PROTOCOL (VoIP)

Size: px
Start display at page:

Download "COTS SECURITY GUIDANCE (CSG) VOICE OVER INTERNET PROTOCOL (VoIP)"

Transcription

1 COTS SECURITY GUIDANCE (CSG) VOICE OVER INTERNET PROTOCOL (VoIP) CSG-04\G August

2 This page intentionally left blank.

3 Foreword The Voiceover Internet Protocol (CSG-04\G) is an unclassified publication, issued under the authority of the Chief, Communications Security Establishment Canada (CSEC). Suggestions for amendments should be forwarded through departmental communications security channels to your Client Services Representative at CSEC. For further information, please contact CSEC s ITS Client Services area by at or call (613) Effective Date This publication takes effect on 08/28/. Carey Frey Director, IT Security Industry Program Government of Canada, Communications Security Establishment Canada It is not permissible to make copies or extracts from this publication without the written consent of CSEC. i

4 This page intentionally left blank. ii

5 Table of Contents Foreword... i Effective Date... i Table of Contents... iii List of Tables... iv List of Figures... iv 1 Introduction VoIP Overview Components End Unit Call Server PSTN gateway Networking infrastructure Call Placement Analogue to Digital Coding and Decoding Speech CODEC standards Facsimile Transmission using VoIP Protocols Security Concerns Confidentiality Opportunistic Encryption Availability Integrity Authentication Architecture Policy Periodic Review of Emergency Services Location Information Glossary and Acronyms Glossary Acronyms Technical References... 9 iii

6 List of Tables Table 1: Security Features Checklist: Voice over Internet Protocol List of Figures Figure 1: VoIP Components and Architecture... 2 iv

7 1 Introduction VoIP refers to a technology used to carry voice traffic over packet-switched Internet Protocol (IP) networks, ideally allowing for cost savings and consolidation of infrastructure elements. 2 VoIP Overview VoIP systems use a range of protocols to manage calls and to carry the voice traffic between users. There are a wide variety of telephones, conferencing units, and software applications that run on users personal computers (PCs) that provide VoIP functionality. A VoIP system can interface with the Public Switched Telephone Network (PSTN) in several different ways, and there are a number of security concerns when voice traffic is added to a data network. 2.1 Components Although component names vary depending on the vendor and the protocols in use, there are several common features that all VoIP networks have. Figure 1 shows a sample corporate VoIP implementation demonstrating these components End Unit There must be an end unit, or equivalent to the telephone, for each user. This may resemble a conventional phone, or it may be a software application on a user s PC, a mobile unit, or a conferencing unit. This will be referred to as the handset. There are three types of handset that can be used to connect Conventional Telephone A conventional analog telephone can be connected to a VoIP network using an Analog Telephone Adapter (ATA). The ATA has at least two ports a Foreign Exchange Station (FXS) port with an RJ-11 jack for connecting an analog telephone and a network port, usually an RJ-45 jack for connecting to an Ethernet Local Area Network (LAN) IP Telephone An IP telephone looks like a conventional telephone, but instead of an RJ-11 telephone jack, it has a network port, usually an RJ-45 Ethernet LAN jack to connect to a VoIP network Wireless IP Telephone A wireless IP telephone has a Wireless Local Area Network (WLAN) interface to connect via a Wireless Access Point (WAP) to a VoIP network Software VoIP calls can be made from a computer equipped with a microphone, headset and sound card, if the appropriate software is installed. 1

8 Figure 1: VoIP Components and Architecture Call Server To place the call and manage user locations, there must be one or more call managers or call servers. The functionality may be split between two or more servers, but these servers need to send and receive management traffic to and from the end units and between each other PSTN gateway A gateway to the PSTN is required. This may be located on the customer premises, or it may be at the vendor s location or some other location Networking infrastructure Networking infrastructure such as cabling and switches is required. If this infrastructure is shared anywhere along the path with traffic from other sources, then one or more firewalls are required. This infrastructure is similar to that required for conventional data networks, but because of the high traffic volume and Quality of Service (QoS) requirements of VoIP networks, the equipment in place for the data network may not suffice. 2

9 2.2 Call Placement To place a call, there are several steps that take place: a. A user dials the other party s number using a handset, just as they would when using a conventional telephone. Here, however, the similarity ends. b. The handset contacts the call manager, which translates the phone number into an IP address that the handset can contact. This IP address may be that of the other party, or it may be the address of a gateway to the PSTN. This takes place using a call management protocol such as H.323, the Session Initiation Protocol (SIP), or a proprietary vendorspecific protocol. c. The handset attempts to contact the other party; this may pass through several layers of network infrastructure. If successful, the call begins, and the voice data and call management data flow between the callers. The voice data is often compressed for greater efficiency, and typically uses the Real-time Transport Protocol (RTP). Call management traffic between the two endpoints is typically transmitted using the Realtime Transport Control Protocol (RTCP). d. When the users hang up, the handsets signal each other via a call management protocol such as RTCP, and the call is terminated. 2.3 Analogue to Digital Coding and Decoding VoIP uses Coder/Decoder software (CODEC) that is optimized for converting analogue voice to digital. Tones which are outside the normal range of human hearing, or which are otherwise not required for rendering the conversation intelligible, may be filtered out to improve QoS Speech CODEC standards Speech CODEC standards include: G (5.3k/6.3k) G.729A/B G.726 G.711(A-law/u-law) Detailed description of these CODEC standards is outside the scope of this guidance Facsimile Transmission using VoIP Because VoIP CODECs are normally optimized for voice transmission, some implementations may have difficulty in sending or receiving facsimile (fax) transmissions. Fax over IP (FoIP) can be implemented using the T38 protocol (defined in Request for Comments (RFC) 3362) and requires a T38 capable VOIP gateway as well as a T38 capable fax machine, fax card or fax software. Most modern multi function fax machines support T38. 3

10 Connecting a conventional fax machine directly to a VoIP line may work, but fax transmissions are likely to encounter problems. The best CODEC for this implementation is the G 711 codec, which has a minimum of compression. 2.4 Protocols Detailed descriptions of VoIP protocols are outside the scope of this document. 4

11 3 Security Concerns VoIP systems raise a number of security concerns that exist neither in the conventional PSTN nor in purely data networks, as well as some more general concerns. 3.1 Confidentiality Confidentiality can be divided into two domains: call traffic (the actual content of the conversations), and call management (knowledge of who called whom). Obtaining both kinds of information is considerably easier than it is for calls made using the PSTN. Because they are designed to mimic conventional data networks, VoIP networks are susceptible to the same packet-sniffing attacks as other networks. Packet sniffers are widely available for free and are easily installed onto any PC. The use of switches does raise the bar to a certain extent, but attacks such as Address Resolution Protocol (ARP) spoofing can negate this. End-toend encryption can be implemented using certain secure protocols such as Secure Real-time Transport Protocol (SRTP) or by implementing a virtual private network (VPN), but these measures are not in widespread use at the time of writing. A compromised management server or PSTN gateway would provide access to all the traffic that passes through that server; these servers are much more accessible to attackers than the switches and PBXs of the telephone companies. Similarly, the use of PC-based clients adds the risk of access to the VoIP traffic from other, potentially malicious, applications. For these reasons and others, VoIP traffic should be segregated from data traffic. This can be done physically (which negates some of the reasons for adopting VoIP in the first place) or logically, such as with IP subnets (layer 3) or Virtual LANs (VLANs) (layer 2). Physical controls are essential in VoIP systems. The expertise required to intercept data traffic is much more widely available than the expertise to intercept a regular telephone call, and traffic analysis (who is calling whom) can be performed even if encryption is in use. VoIP installations located in the U.S. are required to support Communications Assistance for Law Enforcement Act (CALEA) wiretap capability, and may fall under the umbrella of any domestic surveillance programs. This potentially affects Canadian installations that use a PSTN gateway located at a vendor s site in the U.S Opportunistic Encryption Opportunistic Encryption (OE) refers to any system that attempts to encrypt the communications channel, but falls back to weaker encryption or unencrypted communications if no encryption method can be agreed on, or in order to maintain data rates necessary for QoS levels if line conditions degrade. This is sometimes described as "Better Than Nothing Security", as it does not guarantee any security Although opportunistic encryption makes the encryption easy to implement, it should not be relied on. When using a VoIP implementation that provides opportunistic encryption, users need to assume that the conversation is unencrypted and govern themselves accordingly. 5

12 3.2 Availability Availability is one of the prime concerns regarding user acceptance of a VoIP system. The calls must go through reliably, the system must be available even during a power outage, and the quality of the calls must be similar to those placed over the PSTN. Unfortunately, measures implemented to improve other aspects of security, such as firewalls and encryption, tend to have an adverse effect on availability because they add to the initial call setup time and/or the time required to process voice-data during the conversation. Redundant servers and a redundant Internet connection (where applicable) can help to ensure availability. 3.3 Integrity Like confidentiality, call integrity and call management integrity are vulnerable to data network attacks. An attacker could set up a falsified call management server to launch man-in-the-middle attacks, or could redirect and modify traffic using ARP spoofing, among others. The comments relating to confidentiality are generally applicable to integrity as well, since packets that can be intercepted can be modified. 3.4 Authentication The PSTN relies largely on the physical layout of the landlines to determine caller identity. However, this cannot be used reliably for VoIP systems, since packets can originate anywhere and packet headers are easy to forge. Authentication is a concern primarily during call set-up; the situation of an attacker being able to mimic one of the parties midway through a conversation is unlikely but possible. Callers will usually recognise each other s voices if they know each other, but a VoIP handset should have a way to validate the identity of the call management server to prevent man-in-the-middle attacks. Conversely, the call management server should know that the handset is authorised to make the call it is making, and is not, say, someone engaging in long-distance toll fraud. This not only affects the caller ID display. Emergency 911 services need to know the exact location of the caller; not all VoIP systems can provide this data with accuracy. Password management is a key area of security. Many incidents take place because of the presence of default passwords and/or accounts. Default passwords should be able to be changed on all components, including handsets, call management servers, PSTN gateways, and other network components. 3.5 Architecture Because of the complexity of a VoIP network, it is important to have well-documented network architecture in place. In addition to the more obvious components such as end-user handsets, call management servers, PSTN gateways and firewalls, this also should address systems that require a reliable telephone connection such as alarm systems. Firewalls and Network Address Translation (NAT) gateways should be used to protect handsets, call management servers, PSTN gateways, and other components from potentially hostile traffic 6

13 such as that encountered on the Internet. These firewalls and NAT gateways need to understand the protocols used by the VoIP system to avoid having to open large holes in the firewall and/or NAT, because most of the VoIP protocols do not use fixed Transmission Control Protocol (TCP) / User Datagram Protocol (UDP) ports. There are other protocol-related issues; H.323, in particular, carries TCP / UDP port and IP address information in the application-layer section of the packet, making NAT traversal problematic. Both SIP and H.323 require that the handset sends its IP address to the call management server during initialization; if this handset is located behind NAT, the address provided is most likely unreachable. The means by which the various architecture elements are managed remotely also should be taken into consideration, since it is often impractical to manage all components strictly locally. Protocols such as Telnet, Simple Network Management Protocol (SNMP), Hypertext Transfer Protocol (HTTP), and Trivial File Transfer Protocol (TFTP) are commonly used but not secure; better alternatives include Secure Shell (SSH) and Secure Sockets Layer (SSL) / Transport Layer Security (TLS). 3.6 Policy Periodic Review of Emergency Services Location Information Many VoIP providers use a default location, provided by the user or administrator when registering the service, to display to Emergency Services operators when a 911 emergency call is placed. Where applicable, there should be a policy to periodically review the registrant s location information for Emergency Services. Failure to ensure this information is up-to-date may result in emergency services being misdirected and will delay help in a possible life-threatening emergency. 7

14 4 Glossary and Acronyms 4.1 Glossary Packet sniffer Spoof Spoofing 4.2 Acronyms 3DES AES AH ARP CMVP CODEC CRL CSEC DES EAL ESP FIPS FoIP HTTP HTTPS IDS IKE IP IPS IPSec IT ITU Software that observes and records network traffic (National Institute of Science and Technology (NIST) Special Publication (SP) ) Attempt by an unauthorized entity to gain access to a system by posing as an authorized user (SANS: IP spoofing refers to sending a network packet that appears to come from a source other than its actual source. (NIST SP ) It involves 1) the ability to receive a message by masquerading as the legitimate receiving destination, or 2) masquerading as the sending machine and sending a message to a destination (Federal Information Processing Standard (FIPS) 191) Triple-Data Encryption Standard (Triple-DES) Advanced Encryption Standard Authentication Header Address Resolution Protocol Cryptographic Module Validation Program Coder/Decoder Certificate Revocation List Communication Security Establishment Canada Data Encryption Standard Evaluation Assurance Level Encapsulating Security Payload Federal Information Processing Standard Fax over IP Hypertext Transfer Protocol Hypertext Transfer Protocol Secure Intrusion Detection System Internet Key Exchange Internet Protocol Intrusion Prevention System Internet Protocol Security Information Technology International Telecommunication Union 8

15 LAN Local Area Network NAT Network Address Translation NIST National Institute of Science and Technology OCSP Online Certificate Status Protocol PC Personal Computer PKI Public Key Infrastructure PSTN Public Switched Telephone Network QoS Quality of Service RTCP Real-time Transport Control Protocol RTP Real-time Transport Protocol SIP Session Initiation Protocol SNMP Simple Network Management Protocol SP Special Publication SSH Secure Shell SRTP Secure Real-time Transport Protocol SSL Secure Sockets Layer TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol TLS Transport Layer Security UDP User Datagram Protocol VoIP Voice over IP VPN Virtual Private Network WAP Wireless Access Point WEP Wired Equivalent Privacy WPA2 Wi-Fi Protected Access Technical References ITSA-11E CMVP CSE Approved Cryptographic Algorithms for the Protection of Protected Information and for Electronic Authentication and Authorization Applications within the Government of Canada; Cryptographic Module Validation Program (http://www.cse-cst.gc.ca/itssti/services/industry-prog-industrie/cmvp-pvmc-eng.html) 9

16 Table 1: Security Features Checklist: Voice over Internet Protocol Product Name: Item Security Features Checklist for VOIP Products 1.0 Recommended Security Features 1.1 Encryption The product should be capable of encrypting all voice traffic passing through it according to the cryptographic standards specified at Item 5.0below Wireless Encryption Wireless handsets should implement IEEE i security enhancements. Wi-Fi Protected Access 2 (WPA2) is a Wi-Fi Alliance certified interoperable implementation of the mandatory subset of IEEE i security enhancements Opportunistic Encryption 1.2 Caller ID The product should not rely solely on opportunistic encryption The product should fully support Caller ID services. 1.3 Emergency Services (911) Caller Location The product should provide full caller location data for emergency services (911) Emergency Services (911) Caller Location Registrant-provided The product should advise emergency services if the caller location provided is a default location provided by the user upon registration Emergency Services (911) Caller Location for Mobile VoIP 1.4 Availability Latency CODEC The product should advise emergency services if the caller is calling from a mobile or wireless VoIP handset. The product should be available for use at all times, including during a power outage. Backup power will need to be provided to end-user handsets and to network elements such as call management servers. The product should provide a maximum latency of 150ms for one-way traffic to provide equivalent service to a conventional telephone system For VoIP traffic, the product should use a CODEC that is optimized for analogue voice to digital conversion. For FoIP traffic, the product should use a CODEC that is suitable for facsimile traffic Redundant Internet / PSTN Connection The product should support a redundant connection to the Internet and/or to the PSTN. 10

17 Product Name: Item Security Features Checklist for VOIP Products 1.5 Network elements Other Network elements such as NAT gateways, firewalls, routers, switches, intrusion detection systems, and other devices that are required for, but not exclusive to, VoIP services, should be compatible with the VoIP installation VoIP protocols The following network elements should be compatible with VoIP protocols: NAT Gateways Firewalls and other packet filters Intrusion Detection Systems NAT Gateways NAT gateways should support VoIP protocols such as H.323, SIP, and others as applicable. This is because VoIP ports are often dynamically allocated, and because the end-user handsets need to communicate as directly as possible with one another Firewalls and other packet filters Firewalls and other packet filters should support VoIP protocols such as H.323, SIP, and others as applicable. This is because VoIP ports are often dynamically allocated, which can cause difficulties for traffic inspection Intrusion detection systems Intrusion detection systems should support VoIP protocols such as H.323, SIP, and others as applicable. This is because VoIP ports are often dynamically allocated, which can cause difficulties for packet inspection Quality of Service Indicators The following network elements should be compatible with QoS Indicators: Firewalls and other packet filters Intrusion Detection Systems Routers and Switches This will ensure that the Firewalls, Intrusion Detection Systems, routers and switches can prioritize traffic based on QoS feedback in order to maintain acceptable levels of voice quality and robustness of service Firewalls and other packet filters Firewalls and other packet filters should support QoS indicators within VoIP traffic and should prioritize traffic accordingly Routers and Switches Routers, switches and other similar devices that only perform traffic forwarding should support QoS indicators within VoIP traffic and should prioritize traffic accordingly Intrusion Detection Systems In-line intrusion detection systems should support QoS indicators within VoIP traffic and should prioritize traffic accordingly Remote Management of Network Elements All network elements should support a secure means of remote management, such as SSH and/or HyperText Transfer Protocol Secure (HTTPS); un-encrypted management should not be permitted. This is to ensure that management traffic is protected from unauthorized viewing and/or modification in transit. 11

18 Product Name: Item Security Features Checklist for VOIP Products 1.6 Segregation of Traffic The product should segregate VoIP and general-purpose data traffic on distinct physical and/or logical partitions, and should include packet filtering capabilities to prevent traffic from one entering the other. This is to prevent disruption of services by unexpected traffic, and to prevent call spoofing from the data network. 1.7 Location of VoIP to PSTN Gateway The VoIP to PSTN gateway should be located on-site, or if not it should be located at a secure location in Canada and the connection between the gateways should be via VPN. 1.8 Use of Hardware End-User Handsets The product should only include hardware-based end-user handsets, i.e. no software-based PC clients. The decision should be based on risk vs. benefits vs. threat 2.0 Conformance to Protocol Standards 2.1 Internet Protocol Security The product should support the Internet Protocol Security (IPSec) standard for encryption and authentication. This standard should support Authentication Header (AH) for authentication and Encapsulating Security Payload (ESP) for authentication and encryption. 2.2 Transport Layer Security The product should support TLS. 2.3 Secure Real-time Transport Protocol The product should support the SRTP. 2.4 MIKEY Protocol The product should support the Multimedia Internet Keying (MIKey) Protocol. This will provide a key management scheme that can be used for real-time applications and, in particular, that supports the SRTP Key Exchange If the Multimedia Internet Keying (MIKEY) protocol is used, key exchange should be implemented using the algorithms supported in section 5.0 below Key Transport Encryption If the Multimedia Internet Keying (MIKEY) protocol is used, the algorithms supported in section 5.0below should be used for key transport encryption. 2.5 Internet Key Exchange 3.0 Authentication The product should support the Internet Key Exchange (IKE) standard for key exchange. This will ensure that the shared symmetric session encryption key is established in a secure manner. 12

19 Product Name: Item Security Features Checklist for VOIP Products 3.1 Passwords The product should support the departmental / agency security policy or guideline Long Passwords on End-User Handsets The product should support the use of long passwords or Personal Identification Numbers (PINs), at least 6 numbers in length, on end-user handsets that only have a telephone keypad Password Compatibility Where passwords are used, the product should support a choice of password length and format that is compliant with the corporate password policy Password Lockout The product should be configurable to allow locking out a user after a number of failed attempts to log in Password Lockout - Number of Failed Attempts The product should be configurable to allow an administrator to set the number of failed attempts allowed by a user before the user is logged out Password Lockout Length of Lockout Period The product should be configurable to allow an administrator to set the length of time a user is locked out after repeated failed login attempts. 3.2 Public Key Infrastructure Based Authentication The product should support integration with a Public Key Infrastructure (PKI) that conforms to the PKI standards at Item 4.0 below or to relevant departmental standards. his will provide strong authentication through public key cryptography, and if conformant to Government of Canada (GC) PKI standards, will likely support interoperability with other GC departments. 3.3 Multi-factor Authentication The product should support 2-factor or 3-factor authentication of the user. 4.0 Public Key Infrastructure Standards 4.1 X.509 The product should support the International Telecommunication Union (ITU) X.509 standard for public key certificates, and should support an appropriate X.509 compliant repository for those certificates. This will help ensure that the product will integrate well into the networking infrastructure and ensures the PKI is scalable and based upon industry standards. 4.2 LDAP Repository The product should support integrations with a Lightweight Directory Access Protocol (LDAP) database. This will help ensure that the product will integrate well into a PKI infrastructure. 4.3 Certificate Revocation The product should support the revocation of certificates either through the posting of Certificate Revocation Lists (CRLs) (RFC 3280) in a public repository, or the on-line access to revocation information using Online Certificate Status Protocol (OCSP) (RFC 2560). 13

20 Product Name: Item Security Features Checklist for VOIP Products 4.4 Cryptographic Algorithms The product should support the algorithms specified at Item 5.0below. This will ensure compliance with GC policy for the encryption of sensitive information and the digital signature of committal information. 5.0 Cryptographic Standards 5.1 Encryption Algorithms The product should use one of the following encryption algorithms approved by CSEC for the use of the Government of Canada for encrypting protected information: Advanced Encryption Standard (AES) with key length of 128, 192, or 256 bits Triple- Data Encryption Standard (3DES) with 2- or 3-key option 5.2 Key Establishment Algorithms The product should use one of the following algorithms approved by CSEC for the use of the Government of Canada for the establishment of encryption keys: Rivest, Shamir, Adleman (RSA) Other algorithms based on exponentiation of finite fields (e.g., Diffie-Hellman) Key Exchange Algorithm (KEA) Elliptic Curve algorithms For the first two, the modulus should be a minimum of 1024 bits in length; this should increase to 2048 bits by the end of For Elliptic Curve algorithms over a prime field, the elliptic curve size should be a minimum of 192 bits in length. For EC algorithms over a binary field, the degree of the field should be a minimum of 163 bits in length. These numbers should increase to 256 bits and 283 bits respectively by the end of Digital Signature Algorithms The product should use one of the following algorithms approved by CSEC for the use of the Government of Canada for digital signature applications: RSA Digital Signature Algorithm (DSA) Other algorithms based on exponentiation of finite fields (e.g., El-Gamal) Elliptic Curve (EC) Digital Signature Algorithm (ECDSA) For EC algorithms over a prime field, the elliptic curve size should be a minimum of 192 bits in length. For EC algorithms over a binary field, the degree of the field should be a minimum of 163 bits in length. These numbers should increase to 256 bits and 283 bits respectively by the end of Hashing Algorithms If applicable, the product should use one of the following hash algorithms approved by CSEC for the use of the Government of Canada: Secure Hash Algorithm 1 (SHA-1) SHA-224 SHA-256 SHA-384 SHA

21 Product Name: Item Security Features Checklist for VOIP Products 5.5 Cryptoperiod If applicable, the product should allow cryptographic keys used by the product to be changed at intervals no greater than the specified interval approved by CSEC for each cryptographic algorithm. 6.0 Assurance Standards 6.1 Federal Information Processing Standards The product should implement cryptographic module validated by the Cryptographic Module Validation Program to one of the following standards: FIPS FIPS Cryptographic Algorithm Validation Program The cryptographic module should implement cryptographic algorithms validated by the Cryptographic Algorithm Validation Program to the specified standard. 6.3 Common Criteria Evaluation Assurance Level For products evaluated under the Common Criteria, the product should meet Evaluation Assurance Level (EAL) 3 or higher Protection Profile or Security Target For products evaluated under the Common Criteria, the product should be evaluated to a Protection Profile or Security Target that addresses security features that are relevant to the organization. 7.0 Configurability 7.1 Changeable Default Values Where default security settings exist, the product should be configurable to change default values, and the default values should be changed upon installation. This will prevent unauthorized users connecting to or using the product by logging in or connecting using the factory default values. 7.2 Allow or Disallow Encryption The product should be configurable to ensure that encryption can be enabled when required, and this capability should be enabled upon installation. This will ensure that only authorized users and administrators have access to the information processed by the product. 7.3 Allow or Disallow Authentication The product should be configurable to ensure that authentication can be enabled when required, and this capability should be enabled upon installation. This will ensure that only authorized users and administrators have access to the functionality of the product. 7.4 Logging The product should be configurable to log transactions in accordance with the organization s security policies. This capability should be enabled in accordance with the organization s security policies upon installation. 15

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Attachment Q5. Voice over Internet Protocol (VoIP)

Attachment Q5. Voice over Internet Protocol (VoIP) DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

CPNI VIEWPOINT 01/2007 INTERNET VOICE OVER IP

CPNI VIEWPOINT 01/2007 INTERNET VOICE OVER IP INTERNET VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

DRAFT Standard Statement Encryption

DRAFT Standard Statement Encryption DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held

More information

FDIC Division of Supervision and Consumer Protection

FDIC Division of Supervision and Consumer Protection FDIC Division of Supervision and Consumer Protection Voice over Internet Protocol (VoIP) Informational Supplement June 2005 1 Summary In an attempt to control expenses, consumers and businesses are considering

More information

COTS SECURITY GUIDANCE (CSG) FIREWALLS

COTS SECURITY GUIDANCE (CSG) FIREWALLS COTS SECURITY GUIDANCE (CSG) FIREWALLS CSG-06\G August 2009 2009 This page intentionally left blank. 2009 Foreword The is an unclassified publication, issued under the authority of the Chief, Communications

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

Computer Networks. Secure Systems

Computer Networks. Secure Systems Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

More information

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues NCP Secure Entry Mac Client Service Release 2.05 Build 14711 December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this release:

More information

An Introduction to VoIP Protocols

An Introduction to VoIP Protocols An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this

More information

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP ENTERPRISE VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

Recommended 802.11 Wireless Local Area Network Architecture

Recommended 802.11 Wireless Local Area Network Architecture NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless

More information

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP HOSTED VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

Site to Site Virtual Private Networks (VPNs):

Site to Site Virtual Private Networks (VPNs): Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0

More information

Voice over IP Basics for IT Technicians

Voice over IP Basics for IT Technicians Voice over IP Basics for IT Technicians White Paper Executive summary The IP phone is coming or has arrived on desk near you. The IP phone is not a PC, but does have a number of hardware and software elements

More information

(d-5273) CCIE Security v3.0 Written Exam Topics

(d-5273) CCIE Security v3.0 Written Exam Topics (d-5273) CCIE Security v3.0 Written Exam Topics CCIE Security v3.0 Written Exam Topics The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please

More information

Information Technology Security Guideline. Network Security Zoning

Information Technology Security Guideline. Network Security Zoning Information Technology Security Guideline Network Security Zoning Design Considerations for Placement of s within Zones ITSG-38 This page intentionally left blank. Foreword The Network Security Zoning

More information

High Performance VPN Solutions Over Satellite Networks

High Performance VPN Solutions Over Satellite Networks High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have

More information

Executive Summary and Purpose

Executive Summary and Purpose ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2

Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2 Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2 Updated: February 2009 Microsoft Response Point is a small-business phone solution that is designed to be easy to use and

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Secure SCADA Network Technology and Methods

Secure SCADA Network Technology and Methods Secure SCADA Network Technology and Methods FARKHOD ALSIHEROV, TAIHOON KIM Dept. Multimedia Engineering Hannam University Daejeon, South Korea sntdvl@yahoo.com, taihoonn@paran.com Abstract: The overall

More information

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP

More information

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt)

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt) Encryption keys Symmetrical keys Same key used for encryption and decryption Exchange of symmetrical keys between parties difficult without risk of interception Asymmetrical keys One key for encryption

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification 1.1 Multipoint Control Unit (MCU) A. The MCU shall be capable of supporting (20) continuous presence HD Video Ports at 720P/30Hz resolution and (40) continuous presence ports at 480P/30Hz resolution. B.

More information

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in

More information

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more

More information

TECHNICAL CHALLENGES OF VoIP BYPASS

TECHNICAL CHALLENGES OF VoIP BYPASS TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

SIP and VoIP 1 / 44. SIP and VoIP

SIP and VoIP 1 / 44. SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies

More information

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Secure Use of the New NHS Network (N3): Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version

More information

Voice over IP (VoIP) Basics for IT Technicians

Voice over IP (VoIP) Basics for IT Technicians Voice over IP (VoIP) Basics for IT Technicians VoIP brings a new environment to the network technician that requires expanded knowledge and tools to deploy and troubleshoot IP phones. This paper provides

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

nexvortex SIP Trunking Implementation & Planning Guide V1.5

nexvortex SIP Trunking Implementation & Planning Guide V1.5 nexvortex SIP Trunking Implementation & Planning Guide V1.5 510 S PRING S TREET H ERNDON VA 20170 +1 855.639.8888 Introduction Welcome to nexvortex! This document is intended for nexvortex Customers and

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

Cisco Virtual Office Express

Cisco Virtual Office Express . Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

Voice over IP (VoIP) Vulnerabilities

Voice over IP (VoIP) Vulnerabilities Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT diane.davidowicz@noaa.gov "Security problems in state of the art IP-Telephony

More information

HANDBOOK 8 NETWORK SECURITY Version 1.0

HANDBOOK 8 NETWORK SECURITY Version 1.0 Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives

More information

SSVP SIP School VoIP Professional Certification

SSVP SIP School VoIP Professional Certification SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover

More information

Avaya TM G700 Media Gateway Security. White Paper

Avaya TM G700 Media Gateway Security. White Paper Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional

More information

Avaya G700 Media Gateway Security - Issue 1.0

Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

LifeSize Video Communications Systems Administrator Guide

LifeSize Video Communications Systems Administrator Guide LifeSize Video Communications Systems Administrator Guide November 2009 Copyright Notice 2005-2009 LifeSize Communications Inc, and its licensors. All rights reserved. LifeSize Communications has made

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Chapter 4 Virtual Private Networking

Chapter 4 Virtual Private Networking Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 Coral IP Solutions TABLE OF CONTENTS 1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 2.1 UGW 4 2.2 IPG 4 2.3 FLEXSET IP 5 2.4 FLEXIP SOFTPHONE 6 2.5 TELEPORT FXS/FXO GATEWAYS 7 2.6 CORAL SENTINEL 7 3 CORAL IP

More information

TraceSim 3.0: Advanced Measurement Functionality. of Video over IP Traffic

TraceSim 3.0: Advanced Measurement Functionality. of Video over IP Traffic TraceSim 3.0: Advanced Measurement Functionality for Secure VoIP Networks and Simulation of Video over IP No part of this brochure may be copied or published by means of printing, photocopying, microfilm

More information

Ingate Firewall/SIParator SIP Security for the Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Cisco Integrated Services Routers Performance Overview

Cisco Integrated Services Routers Performance Overview Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,

More information

CISCO SPA3102 PHONE ADAPTER WITH ROUTER

CISCO SPA3102 PHONE ADAPTER WITH ROUTER CISCO SMALL BUSINESS VOICE GATEWAYS AND ATAS Intelligent Call-Routing Gateway for VoIP HIGHLIGHTS Enables high-quality, feature-rich voice-over-ip service through your broadband Internet connection Two

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

Security issues in Voice over IP: A Review

Security issues in Voice over IP: A Review www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu

More information

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style

More information

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9 NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document

More information

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description

More information

Security and the Mitel Teleworker Solution

Security and the Mitel Teleworker Solution Security and the Mitel Teleworker Solution White Paper July 2007 Copyright Copyright 2007 Mitel Networks Corporation. This document is unpublished and the following notice is affixed to protect Mitel Networks

More information

Connect your Control Desk to the SIP world

Connect your Control Desk to the SIP world Connect your Control Desk to the SIP world Systems in

More information

Cisco ATA 187 Analog Telephone Adaptor

Cisco ATA 187 Analog Telephone Adaptor Cisco ATA 187 Analog Telephone Adaptor Product Overview The Cisco ATA 187 Analog Telephone Adaptor is a handset-to-ethernet adaptor that turns traditional telephone devices into IP devices. Customers can

More information

Ranch Networks for Hosted Data Centers

Ranch Networks for Hosted Data Centers Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch

More information

Methods for Lawful Interception in IP Telephony Networks Based on H.323

Methods for Lawful Interception in IP Telephony Networks Based on H.323 Methods for Lawful Interception in IP Telephony Networks Based on H.323 Andro Milanović, Siniša Srbljić, Ivo Ražnjević*, Darryl Sladden*, Ivan Matošević, and Daniel Skrobo School of Electrical Engineering

More information

Chapter 5. Data Communication And Internet Technology

Chapter 5. Data Communication And Internet Technology Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN

More information

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity Secure Remote Monitoring of the Critical System Infrastructure An Application Note from the Experts in Business-Critical Continuity TABLE OF CONTENTS Introduction................................................2

More information

Skype Connect Requirements Guide

Skype Connect Requirements Guide Skype Connect Requirements Guide Version 4.0 Copyright Skype Limited 2011 Thinking about implementing Skype Connect? Read this guide first. Skype Connect provides connectivity between your business and

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Region 10 Videoconference Network (R10VN)

Region 10 Videoconference Network (R10VN) Region 10 Videoconference Network (R10VN) Network Considerations & Guidelines 1 What Causes A Poor Video Call? There are several factors that can affect a videoconference call. The two biggest culprits

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan

VoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s

More information

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Overview... 3 Installing Bridgit Software... 4 Installing Bridgit Software Services... 4 Creating a Server Cluster... 4 Using

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Hosted Voice. Best Practice Recommendations for VoIP Deployments

Hosted Voice. Best Practice Recommendations for VoIP Deployments Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband

More information

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1 Table of Contents 1. REQUIREMENTS SUMMARY... 1 2. REQUIREMENTS DETAIL... 2 2.1 DHCP SERVER... 2 2.2 DNS SERVER... 2 2.3 FIREWALLS... 3 2.4 NETWORK ADDRESS TRANSLATION... 4 2.5 APPLICATION LAYER GATEWAY...

More information