COTS SECURITY GUIDANCE (CSG) VOICE OVER INTERNET PROTOCOL (VoIP)
|
|
- Jonas Bennett
- 8 years ago
- Views:
Transcription
1 COTS SECURITY GUIDANCE (CSG) VOICE OVER INTERNET PROTOCOL (VoIP) CSG-04\G August
2 This page intentionally left blank.
3 Foreword The Voiceover Internet Protocol (CSG-04\G) is an unclassified publication, issued under the authority of the Chief, Communications Security Establishment Canada (CSEC). Suggestions for amendments should be forwarded through departmental communications security channels to your Client Services Representative at CSEC. For further information, please contact CSEC s ITS Client Services area by at itsclientservices@cse-cst.gc.ca or call (613) Effective Date This publication takes effect on 08/28/. Carey Frey Director, IT Security Industry Program Government of Canada, Communications Security Establishment Canada It is not permissible to make copies or extracts from this publication without the written consent of CSEC. i
4 This page intentionally left blank. ii
5 Table of Contents Foreword... i Effective Date... i Table of Contents... iii List of Tables... iv List of Figures... iv 1 Introduction VoIP Overview Components End Unit Call Server PSTN gateway Networking infrastructure Call Placement Analogue to Digital Coding and Decoding Speech CODEC standards Facsimile Transmission using VoIP Protocols Security Concerns Confidentiality Opportunistic Encryption Availability Integrity Authentication Architecture Policy Periodic Review of Emergency Services Location Information Glossary and Acronyms Glossary Acronyms Technical References... 9 iii
6 List of Tables Table 1: Security Features Checklist: Voice over Internet Protocol List of Figures Figure 1: VoIP Components and Architecture... 2 iv
7 1 Introduction VoIP refers to a technology used to carry voice traffic over packet-switched Internet Protocol (IP) networks, ideally allowing for cost savings and consolidation of infrastructure elements. 2 VoIP Overview VoIP systems use a range of protocols to manage calls and to carry the voice traffic between users. There are a wide variety of telephones, conferencing units, and software applications that run on users personal computers (PCs) that provide VoIP functionality. A VoIP system can interface with the Public Switched Telephone Network (PSTN) in several different ways, and there are a number of security concerns when voice traffic is added to a data network. 2.1 Components Although component names vary depending on the vendor and the protocols in use, there are several common features that all VoIP networks have. Figure 1 shows a sample corporate VoIP implementation demonstrating these components End Unit There must be an end unit, or equivalent to the telephone, for each user. This may resemble a conventional phone, or it may be a software application on a user s PC, a mobile unit, or a conferencing unit. This will be referred to as the handset. There are three types of handset that can be used to connect Conventional Telephone A conventional analog telephone can be connected to a VoIP network using an Analog Telephone Adapter (ATA). The ATA has at least two ports a Foreign Exchange Station (FXS) port with an RJ-11 jack for connecting an analog telephone and a network port, usually an RJ-45 jack for connecting to an Ethernet Local Area Network (LAN) IP Telephone An IP telephone looks like a conventional telephone, but instead of an RJ-11 telephone jack, it has a network port, usually an RJ-45 Ethernet LAN jack to connect to a VoIP network Wireless IP Telephone A wireless IP telephone has a Wireless Local Area Network (WLAN) interface to connect via a Wireless Access Point (WAP) to a VoIP network Software VoIP calls can be made from a computer equipped with a microphone, headset and sound card, if the appropriate software is installed. 1
8 Figure 1: VoIP Components and Architecture Call Server To place the call and manage user locations, there must be one or more call managers or call servers. The functionality may be split between two or more servers, but these servers need to send and receive management traffic to and from the end units and between each other PSTN gateway A gateway to the PSTN is required. This may be located on the customer premises, or it may be at the vendor s location or some other location Networking infrastructure Networking infrastructure such as cabling and switches is required. If this infrastructure is shared anywhere along the path with traffic from other sources, then one or more firewalls are required. This infrastructure is similar to that required for conventional data networks, but because of the high traffic volume and Quality of Service (QoS) requirements of VoIP networks, the equipment in place for the data network may not suffice. 2
9 2.2 Call Placement To place a call, there are several steps that take place: a. A user dials the other party s number using a handset, just as they would when using a conventional telephone. Here, however, the similarity ends. b. The handset contacts the call manager, which translates the phone number into an IP address that the handset can contact. This IP address may be that of the other party, or it may be the address of a gateway to the PSTN. This takes place using a call management protocol such as H.323, the Session Initiation Protocol (SIP), or a proprietary vendorspecific protocol. c. The handset attempts to contact the other party; this may pass through several layers of network infrastructure. If successful, the call begins, and the voice data and call management data flow between the callers. The voice data is often compressed for greater efficiency, and typically uses the Real-time Transport Protocol (RTP). Call management traffic between the two endpoints is typically transmitted using the Realtime Transport Control Protocol (RTCP). d. When the users hang up, the handsets signal each other via a call management protocol such as RTCP, and the call is terminated. 2.3 Analogue to Digital Coding and Decoding VoIP uses Coder/Decoder software (CODEC) that is optimized for converting analogue voice to digital. Tones which are outside the normal range of human hearing, or which are otherwise not required for rendering the conversation intelligible, may be filtered out to improve QoS Speech CODEC standards Speech CODEC standards include: G (5.3k/6.3k) G.729A/B G.726 G.711(A-law/u-law) Detailed description of these CODEC standards is outside the scope of this guidance Facsimile Transmission using VoIP Because VoIP CODECs are normally optimized for voice transmission, some implementations may have difficulty in sending or receiving facsimile (fax) transmissions. Fax over IP (FoIP) can be implemented using the T38 protocol (defined in Request for Comments (RFC) 3362) and requires a T38 capable VOIP gateway as well as a T38 capable fax machine, fax card or fax software. Most modern multi function fax machines support T38. 3
10 Connecting a conventional fax machine directly to a VoIP line may work, but fax transmissions are likely to encounter problems. The best CODEC for this implementation is the G 711 codec, which has a minimum of compression. 2.4 Protocols Detailed descriptions of VoIP protocols are outside the scope of this document. 4
11 3 Security Concerns VoIP systems raise a number of security concerns that exist neither in the conventional PSTN nor in purely data networks, as well as some more general concerns. 3.1 Confidentiality Confidentiality can be divided into two domains: call traffic (the actual content of the conversations), and call management (knowledge of who called whom). Obtaining both kinds of information is considerably easier than it is for calls made using the PSTN. Because they are designed to mimic conventional data networks, VoIP networks are susceptible to the same packet-sniffing attacks as other networks. Packet sniffers are widely available for free and are easily installed onto any PC. The use of switches does raise the bar to a certain extent, but attacks such as Address Resolution Protocol (ARP) spoofing can negate this. End-toend encryption can be implemented using certain secure protocols such as Secure Real-time Transport Protocol (SRTP) or by implementing a virtual private network (VPN), but these measures are not in widespread use at the time of writing. A compromised management server or PSTN gateway would provide access to all the traffic that passes through that server; these servers are much more accessible to attackers than the switches and PBXs of the telephone companies. Similarly, the use of PC-based clients adds the risk of access to the VoIP traffic from other, potentially malicious, applications. For these reasons and others, VoIP traffic should be segregated from data traffic. This can be done physically (which negates some of the reasons for adopting VoIP in the first place) or logically, such as with IP subnets (layer 3) or Virtual LANs (VLANs) (layer 2). Physical controls are essential in VoIP systems. The expertise required to intercept data traffic is much more widely available than the expertise to intercept a regular telephone call, and traffic analysis (who is calling whom) can be performed even if encryption is in use. VoIP installations located in the U.S. are required to support Communications Assistance for Law Enforcement Act (CALEA) wiretap capability, and may fall under the umbrella of any domestic surveillance programs. This potentially affects Canadian installations that use a PSTN gateway located at a vendor s site in the U.S Opportunistic Encryption Opportunistic Encryption (OE) refers to any system that attempts to encrypt the communications channel, but falls back to weaker encryption or unencrypted communications if no encryption method can be agreed on, or in order to maintain data rates necessary for QoS levels if line conditions degrade. This is sometimes described as "Better Than Nothing Security", as it does not guarantee any security Although opportunistic encryption makes the encryption easy to implement, it should not be relied on. When using a VoIP implementation that provides opportunistic encryption, users need to assume that the conversation is unencrypted and govern themselves accordingly. 5
12 3.2 Availability Availability is one of the prime concerns regarding user acceptance of a VoIP system. The calls must go through reliably, the system must be available even during a power outage, and the quality of the calls must be similar to those placed over the PSTN. Unfortunately, measures implemented to improve other aspects of security, such as firewalls and encryption, tend to have an adverse effect on availability because they add to the initial call setup time and/or the time required to process voice-data during the conversation. Redundant servers and a redundant Internet connection (where applicable) can help to ensure availability. 3.3 Integrity Like confidentiality, call integrity and call management integrity are vulnerable to data network attacks. An attacker could set up a falsified call management server to launch man-in-the-middle attacks, or could redirect and modify traffic using ARP spoofing, among others. The comments relating to confidentiality are generally applicable to integrity as well, since packets that can be intercepted can be modified. 3.4 Authentication The PSTN relies largely on the physical layout of the landlines to determine caller identity. However, this cannot be used reliably for VoIP systems, since packets can originate anywhere and packet headers are easy to forge. Authentication is a concern primarily during call set-up; the situation of an attacker being able to mimic one of the parties midway through a conversation is unlikely but possible. Callers will usually recognise each other s voices if they know each other, but a VoIP handset should have a way to validate the identity of the call management server to prevent man-in-the-middle attacks. Conversely, the call management server should know that the handset is authorised to make the call it is making, and is not, say, someone engaging in long-distance toll fraud. This not only affects the caller ID display. Emergency 911 services need to know the exact location of the caller; not all VoIP systems can provide this data with accuracy. Password management is a key area of security. Many incidents take place because of the presence of default passwords and/or accounts. Default passwords should be able to be changed on all components, including handsets, call management servers, PSTN gateways, and other network components. 3.5 Architecture Because of the complexity of a VoIP network, it is important to have well-documented network architecture in place. In addition to the more obvious components such as end-user handsets, call management servers, PSTN gateways and firewalls, this also should address systems that require a reliable telephone connection such as alarm systems. Firewalls and Network Address Translation (NAT) gateways should be used to protect handsets, call management servers, PSTN gateways, and other components from potentially hostile traffic 6
13 such as that encountered on the Internet. These firewalls and NAT gateways need to understand the protocols used by the VoIP system to avoid having to open large holes in the firewall and/or NAT, because most of the VoIP protocols do not use fixed Transmission Control Protocol (TCP) / User Datagram Protocol (UDP) ports. There are other protocol-related issues; H.323, in particular, carries TCP / UDP port and IP address information in the application-layer section of the packet, making NAT traversal problematic. Both SIP and H.323 require that the handset sends its IP address to the call management server during initialization; if this handset is located behind NAT, the address provided is most likely unreachable. The means by which the various architecture elements are managed remotely also should be taken into consideration, since it is often impractical to manage all components strictly locally. Protocols such as Telnet, Simple Network Management Protocol (SNMP), Hypertext Transfer Protocol (HTTP), and Trivial File Transfer Protocol (TFTP) are commonly used but not secure; better alternatives include Secure Shell (SSH) and Secure Sockets Layer (SSL) / Transport Layer Security (TLS). 3.6 Policy Periodic Review of Emergency Services Location Information Many VoIP providers use a default location, provided by the user or administrator when registering the service, to display to Emergency Services operators when a 911 emergency call is placed. Where applicable, there should be a policy to periodically review the registrant s location information for Emergency Services. Failure to ensure this information is up-to-date may result in emergency services being misdirected and will delay help in a possible life-threatening emergency. 7
14 4 Glossary and Acronyms 4.1 Glossary Packet sniffer Spoof Spoofing 4.2 Acronyms 3DES AES AH ARP CMVP CODEC CRL CSEC DES EAL ESP FIPS FoIP HTTP HTTPS IDS IKE IP IPS IPSec IT ITU Software that observes and records network traffic (National Institute of Science and Technology (NIST) Special Publication (SP) ) Attempt by an unauthorized entity to gain access to a system by posing as an authorized user (SANS: IP spoofing refers to sending a network packet that appears to come from a source other than its actual source. (NIST SP ) It involves 1) the ability to receive a message by masquerading as the legitimate receiving destination, or 2) masquerading as the sending machine and sending a message to a destination (Federal Information Processing Standard (FIPS) 191) Triple-Data Encryption Standard (Triple-DES) Advanced Encryption Standard Authentication Header Address Resolution Protocol Cryptographic Module Validation Program Coder/Decoder Certificate Revocation List Communication Security Establishment Canada Data Encryption Standard Evaluation Assurance Level Encapsulating Security Payload Federal Information Processing Standard Fax over IP Hypertext Transfer Protocol Hypertext Transfer Protocol Secure Intrusion Detection System Internet Key Exchange Internet Protocol Intrusion Prevention System Internet Protocol Security Information Technology International Telecommunication Union 8
15 LAN Local Area Network NAT Network Address Translation NIST National Institute of Science and Technology OCSP Online Certificate Status Protocol PC Personal Computer PKI Public Key Infrastructure PSTN Public Switched Telephone Network QoS Quality of Service RTCP Real-time Transport Control Protocol RTP Real-time Transport Protocol SIP Session Initiation Protocol SNMP Simple Network Management Protocol SP Special Publication SSH Secure Shell SRTP Secure Real-time Transport Protocol SSL Secure Sockets Layer TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol TLS Transport Layer Security UDP User Datagram Protocol VoIP Voice over IP VPN Virtual Private Network WAP Wireless Access Point WEP Wired Equivalent Privacy WPA2 Wi-Fi Protected Access Technical References ITSA-11E CMVP CSE Approved Cryptographic Algorithms for the Protection of Protected Information and for Electronic Authentication and Authorization Applications within the Government of Canada; Cryptographic Module Validation Program ( 9
16 Table 1: Security Features Checklist: Voice over Internet Protocol Product Name: Item Security Features Checklist for VOIP Products 1.0 Recommended Security Features 1.1 Encryption The product should be capable of encrypting all voice traffic passing through it according to the cryptographic standards specified at Item 5.0below Wireless Encryption Wireless handsets should implement IEEE i security enhancements. Wi-Fi Protected Access 2 (WPA2) is a Wi-Fi Alliance certified interoperable implementation of the mandatory subset of IEEE i security enhancements Opportunistic Encryption 1.2 Caller ID The product should not rely solely on opportunistic encryption The product should fully support Caller ID services. 1.3 Emergency Services (911) Caller Location The product should provide full caller location data for emergency services (911) Emergency Services (911) Caller Location Registrant-provided The product should advise emergency services if the caller location provided is a default location provided by the user upon registration Emergency Services (911) Caller Location for Mobile VoIP 1.4 Availability Latency CODEC The product should advise emergency services if the caller is calling from a mobile or wireless VoIP handset. The product should be available for use at all times, including during a power outage. Backup power will need to be provided to end-user handsets and to network elements such as call management servers. The product should provide a maximum latency of 150ms for one-way traffic to provide equivalent service to a conventional telephone system For VoIP traffic, the product should use a CODEC that is optimized for analogue voice to digital conversion. For FoIP traffic, the product should use a CODEC that is suitable for facsimile traffic Redundant Internet / PSTN Connection The product should support a redundant connection to the Internet and/or to the PSTN. 10
17 Product Name: Item Security Features Checklist for VOIP Products 1.5 Network elements Other Network elements such as NAT gateways, firewalls, routers, switches, intrusion detection systems, and other devices that are required for, but not exclusive to, VoIP services, should be compatible with the VoIP installation VoIP protocols The following network elements should be compatible with VoIP protocols: NAT Gateways Firewalls and other packet filters Intrusion Detection Systems NAT Gateways NAT gateways should support VoIP protocols such as H.323, SIP, and others as applicable. This is because VoIP ports are often dynamically allocated, and because the end-user handsets need to communicate as directly as possible with one another Firewalls and other packet filters Firewalls and other packet filters should support VoIP protocols such as H.323, SIP, and others as applicable. This is because VoIP ports are often dynamically allocated, which can cause difficulties for traffic inspection Intrusion detection systems Intrusion detection systems should support VoIP protocols such as H.323, SIP, and others as applicable. This is because VoIP ports are often dynamically allocated, which can cause difficulties for packet inspection Quality of Service Indicators The following network elements should be compatible with QoS Indicators: Firewalls and other packet filters Intrusion Detection Systems Routers and Switches This will ensure that the Firewalls, Intrusion Detection Systems, routers and switches can prioritize traffic based on QoS feedback in order to maintain acceptable levels of voice quality and robustness of service Firewalls and other packet filters Firewalls and other packet filters should support QoS indicators within VoIP traffic and should prioritize traffic accordingly Routers and Switches Routers, switches and other similar devices that only perform traffic forwarding should support QoS indicators within VoIP traffic and should prioritize traffic accordingly Intrusion Detection Systems In-line intrusion detection systems should support QoS indicators within VoIP traffic and should prioritize traffic accordingly Remote Management of Network Elements All network elements should support a secure means of remote management, such as SSH and/or HyperText Transfer Protocol Secure (HTTPS); un-encrypted management should not be permitted. This is to ensure that management traffic is protected from unauthorized viewing and/or modification in transit. 11
18 Product Name: Item Security Features Checklist for VOIP Products 1.6 Segregation of Traffic The product should segregate VoIP and general-purpose data traffic on distinct physical and/or logical partitions, and should include packet filtering capabilities to prevent traffic from one entering the other. This is to prevent disruption of services by unexpected traffic, and to prevent call spoofing from the data network. 1.7 Location of VoIP to PSTN Gateway The VoIP to PSTN gateway should be located on-site, or if not it should be located at a secure location in Canada and the connection between the gateways should be via VPN. 1.8 Use of Hardware End-User Handsets The product should only include hardware-based end-user handsets, i.e. no software-based PC clients. The decision should be based on risk vs. benefits vs. threat 2.0 Conformance to Protocol Standards 2.1 Internet Protocol Security The product should support the Internet Protocol Security (IPSec) standard for encryption and authentication. This standard should support Authentication Header (AH) for authentication and Encapsulating Security Payload (ESP) for authentication and encryption. 2.2 Transport Layer Security The product should support TLS. 2.3 Secure Real-time Transport Protocol The product should support the SRTP. 2.4 MIKEY Protocol The product should support the Multimedia Internet Keying (MIKey) Protocol. This will provide a key management scheme that can be used for real-time applications and, in particular, that supports the SRTP Key Exchange If the Multimedia Internet Keying (MIKEY) protocol is used, key exchange should be implemented using the algorithms supported in section 5.0 below Key Transport Encryption If the Multimedia Internet Keying (MIKEY) protocol is used, the algorithms supported in section 5.0below should be used for key transport encryption. 2.5 Internet Key Exchange 3.0 Authentication The product should support the Internet Key Exchange (IKE) standard for key exchange. This will ensure that the shared symmetric session encryption key is established in a secure manner. 12
19 Product Name: Item Security Features Checklist for VOIP Products 3.1 Passwords The product should support the departmental / agency security policy or guideline Long Passwords on End-User Handsets The product should support the use of long passwords or Personal Identification Numbers (PINs), at least 6 numbers in length, on end-user handsets that only have a telephone keypad Password Compatibility Where passwords are used, the product should support a choice of password length and format that is compliant with the corporate password policy Password Lockout The product should be configurable to allow locking out a user after a number of failed attempts to log in Password Lockout - Number of Failed Attempts The product should be configurable to allow an administrator to set the number of failed attempts allowed by a user before the user is logged out Password Lockout Length of Lockout Period The product should be configurable to allow an administrator to set the length of time a user is locked out after repeated failed login attempts. 3.2 Public Key Infrastructure Based Authentication The product should support integration with a Public Key Infrastructure (PKI) that conforms to the PKI standards at Item 4.0 below or to relevant departmental standards. his will provide strong authentication through public key cryptography, and if conformant to Government of Canada (GC) PKI standards, will likely support interoperability with other GC departments. 3.3 Multi-factor Authentication The product should support 2-factor or 3-factor authentication of the user. 4.0 Public Key Infrastructure Standards 4.1 X.509 The product should support the International Telecommunication Union (ITU) X.509 standard for public key certificates, and should support an appropriate X.509 compliant repository for those certificates. This will help ensure that the product will integrate well into the networking infrastructure and ensures the PKI is scalable and based upon industry standards. 4.2 LDAP Repository The product should support integrations with a Lightweight Directory Access Protocol (LDAP) database. This will help ensure that the product will integrate well into a PKI infrastructure. 4.3 Certificate Revocation The product should support the revocation of certificates either through the posting of Certificate Revocation Lists (CRLs) (RFC 3280) in a public repository, or the on-line access to revocation information using Online Certificate Status Protocol (OCSP) (RFC 2560). 13
20 Product Name: Item Security Features Checklist for VOIP Products 4.4 Cryptographic Algorithms The product should support the algorithms specified at Item 5.0below. This will ensure compliance with GC policy for the encryption of sensitive information and the digital signature of committal information. 5.0 Cryptographic Standards 5.1 Encryption Algorithms The product should use one of the following encryption algorithms approved by CSEC for the use of the Government of Canada for encrypting protected information: Advanced Encryption Standard (AES) with key length of 128, 192, or 256 bits Triple- Data Encryption Standard (3DES) with 2- or 3-key option 5.2 Key Establishment Algorithms The product should use one of the following algorithms approved by CSEC for the use of the Government of Canada for the establishment of encryption keys: Rivest, Shamir, Adleman (RSA) Other algorithms based on exponentiation of finite fields (e.g., Diffie-Hellman) Key Exchange Algorithm (KEA) Elliptic Curve algorithms For the first two, the modulus should be a minimum of 1024 bits in length; this should increase to 2048 bits by the end of For Elliptic Curve algorithms over a prime field, the elliptic curve size should be a minimum of 192 bits in length. For EC algorithms over a binary field, the degree of the field should be a minimum of 163 bits in length. These numbers should increase to 256 bits and 283 bits respectively by the end of Digital Signature Algorithms The product should use one of the following algorithms approved by CSEC for the use of the Government of Canada for digital signature applications: RSA Digital Signature Algorithm (DSA) Other algorithms based on exponentiation of finite fields (e.g., El-Gamal) Elliptic Curve (EC) Digital Signature Algorithm (ECDSA) For EC algorithms over a prime field, the elliptic curve size should be a minimum of 192 bits in length. For EC algorithms over a binary field, the degree of the field should be a minimum of 163 bits in length. These numbers should increase to 256 bits and 283 bits respectively by the end of Hashing Algorithms If applicable, the product should use one of the following hash algorithms approved by CSEC for the use of the Government of Canada: Secure Hash Algorithm 1 (SHA-1) SHA-224 SHA-256 SHA-384 SHA
21 Product Name: Item Security Features Checklist for VOIP Products 5.5 Cryptoperiod If applicable, the product should allow cryptographic keys used by the product to be changed at intervals no greater than the specified interval approved by CSEC for each cryptographic algorithm. 6.0 Assurance Standards 6.1 Federal Information Processing Standards The product should implement cryptographic module validated by the Cryptographic Module Validation Program to one of the following standards: FIPS FIPS Cryptographic Algorithm Validation Program The cryptographic module should implement cryptographic algorithms validated by the Cryptographic Algorithm Validation Program to the specified standard. 6.3 Common Criteria Evaluation Assurance Level For products evaluated under the Common Criteria, the product should meet Evaluation Assurance Level (EAL) 3 or higher Protection Profile or Security Target For products evaluated under the Common Criteria, the product should be evaluated to a Protection Profile or Security Target that addresses security features that are relevant to the organization. 7.0 Configurability 7.1 Changeable Default Values Where default security settings exist, the product should be configurable to change default values, and the default values should be changed upon installation. This will prevent unauthorized users connecting to or using the product by logging in or connecting using the factory default values. 7.2 Allow or Disallow Encryption The product should be configurable to ensure that encryption can be enabled when required, and this capability should be enabled upon installation. This will ensure that only authorized users and administrators have access to the information processed by the product. 7.3 Allow or Disallow Authentication The product should be configurable to ensure that authentication can be enabled when required, and this capability should be enabled upon installation. This will ensure that only authorized users and administrators have access to the functionality of the product. 7.4 Logging The product should be configurable to log transactions in accordance with the organization s security policies. This capability should be enabled in accordance with the organization s security policies upon installation. 15
VOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationHow To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack
DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationCPNI VIEWPOINT 01/2007 INTERNET VOICE OVER IP
INTERNET VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationFDIC Division of Supervision and Consumer Protection
FDIC Division of Supervision and Consumer Protection Voice over Internet Protocol (VoIP) Informational Supplement June 2005 1 Summary In an attempt to control expenses, consumers and businesses are considering
More informationCOTS SECURITY GUIDANCE (CSG) FIREWALLS
COTS SECURITY GUIDANCE (CSG) FIREWALLS CSG-06\G August 2009 2009 This page intentionally left blank. 2009 Foreword The is an unclassified publication, issued under the authority of the Chief, Communications
More informationBasic Vulnerability Issues for SIP Security
Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationAn Introduction to VoIP Protocols
An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this
More informationVoIP Security regarding the Open Source Software Asterisk
Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de
More informationRelease Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues
NCP Secure Entry Mac Client Service Release 2.05 Build 14711 December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this release:
More informationCPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP
ENTERPRISE VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationVoice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005
Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationCPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP
HOSTED VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
More information(d-5273) CCIE Security v3.0 Written Exam Topics
(d-5273) CCIE Security v3.0 Written Exam Topics CCIE Security v3.0 Written Exam Topics The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please
More informationInformation Technology Security Guideline. Network Security Zoning
Information Technology Security Guideline Network Security Zoning Design Considerations for Placement of s within Zones ITSG-38 This page intentionally left blank. Foreword The Network Security Zoning
More informationSite to Site Virtual Private Networks (VPNs):
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationSecure SCADA Network Technology and Methods
Secure SCADA Network Technology and Methods FARKHOD ALSIHEROV, TAIHOON KIM Dept. Multimedia Engineering Hannam University Daejeon, South Korea sntdvl@yahoo.com, taihoonn@paran.com Abstract: The overall
More informationVOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com
VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP
More informationHigh Performance VPN Solutions Over Satellite Networks
High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have
More informationVoice over IP Basics for IT Technicians
Voice over IP Basics for IT Technicians White Paper Executive summary The IP phone is coming or has arrived on desk near you. The IP phone is not a PC, but does have a number of hardware and software elements
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationAsymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt)
Encryption keys Symmetrical keys Same key used for encryption and decryption Exchange of symmetrical keys between parties difficult without risk of interception Asymmetrical keys One key for encryption
More informationTECHNICAL CHALLENGES OF VoIP BYPASS
TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish
More informationNetwork Connection Considerations for Microsoft Response Point 1.0 Service Pack 2
Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2 Updated: February 2009 Microsoft Response Point is a small-business phone solution that is designed to be easy to use and
More informationSecure Use of the New NHS Network (N3): Good Practice Guidelines
Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationSIP and VoIP 1 / 44. SIP and VoIP
What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationnexvortex SIP Trunking Implementation & Planning Guide V1.5
nexvortex SIP Trunking Implementation & Planning Guide V1.5 510 S PRING S TREET H ERNDON VA 20170 +1 855.639.8888 Introduction Welcome to nexvortex! This document is intended for nexvortex Customers and
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationExecutive Summary and Purpose
ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationAsheville-Buncombe Technical Community College Department of Networking Technology. Course Outline
Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network
More informationRelease Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day
NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationCisco Virtual Office Express
. Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside
More informationSSVP SIP School VoIP Professional Certification
SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationDistrict of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification
1.1 Multipoint Control Unit (MCU) A. The MCU shall be capable of supporting (20) continuous presence HD Video Ports at 720P/30Hz resolution and (40) continuous presence ports at 480P/30Hz resolution. B.
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationVoice over IP (VoIP) Basics for IT Technicians
Voice over IP (VoIP) Basics for IT Technicians VoIP brings a new environment to the network technician that requires expanded knowledge and tools to deploy and troubleshoot IP phones. This paper provides
More informationIPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationVoice over IP (VoIP) Vulnerabilities
Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT diane.davidowicz@noaa.gov "Security problems in state of the art IP-Telephony
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationCisco ATA 187 Analog Telephone Adaptor
Cisco ATA 187 Analog Telephone Adaptor Product Overview The Cisco ATA 187 Analog Telephone Adaptor is a handset-to-ethernet adaptor that turns traditional telephone devices into IP devices. Customers can
More informationTraceSim 3.0: Advanced Measurement Functionality. of Video over IP Traffic
TraceSim 3.0: Advanced Measurement Functionality for Secure VoIP Networks and Simulation of Video over IP No part of this brochure may be copied or published by means of printing, photocopying, microfilm
More informationRegion 10 Videoconference Network (R10VN)
Region 10 Videoconference Network (R10VN) Network Considerations & Guidelines 1 What Causes A Poor Video Call? There are several factors that can affect a videoconference call. The two biggest culprits
More informationMethods for Lawful Interception in IP Telephony Networks Based on H.323
Methods for Lawful Interception in IP Telephony Networks Based on H.323 Andro Milanović, Siniša Srbljić, Ivo Ražnjević*, Darryl Sladden*, Ivan Matošević, and Daniel Skrobo School of Electrical Engineering
More informationSecure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity
Secure Remote Monitoring of the Critical System Infrastructure An Application Note from the Experts in Business-Critical Continuity TABLE OF CONTENTS Introduction................................................2
More information1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4
Coral IP Solutions TABLE OF CONTENTS 1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 2.1 UGW 4 2.2 IPG 4 2.3 FLEXSET IP 5 2.4 FLEXIP SOFTPHONE 6 2.5 TELEPORT FXS/FXO GATEWAYS 7 2.6 CORAL SENTINEL 7 3 CORAL IP
More informationIngate Firewall/SIParator SIP Security for the Enterprise
Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...
More informationCisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationCISCO SPA3102 PHONE ADAPTER WITH ROUTER
CISCO SMALL BUSINESS VOICE GATEWAYS AND ATAS Intelligent Call-Routing Gateway for VoIP HIGHLIGHTS Enables high-quality, feature-rich voice-over-ip service through your broadband Internet connection Two
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More informationLifeSize Video Communications Systems Administrator Guide
LifeSize Video Communications Systems Administrator Guide November 2009 Copyright Notice 2005-2009 LifeSize Communications Inc, and its licensors. All rights reserved. LifeSize Communications has made
More informationCisco SPA901 1-Line IP Phone Cisco Small Business IP Phone
Cisco SPA901 1-Line IP Phone Cisco Small Business IP Phone Durable, Affordable, Feature-Rich IP Telephone for the Home Office and Business Small, affordable, single line business class IP Phone Connect
More informationCconducted at the Cisco facility and Miercom lab. Specific areas examined
Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security
More informationBest Practices for Securing IP Telephony
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
More informationState of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture
State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description
More informationVoice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology
Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style
More informationSecurity issues in Voice over IP: A Review
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu
More informationHosted Voice. Best Practice Recommendations for VoIP Deployments
Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband
More informationCombining Voice over IP with Policy-Based Quality of Service
TechBrief Extreme Networks Introduction Combining Voice over IP with Policy-Based Quality of Service Businesses have traditionally maintained separate voice and data networks. A key reason for this is
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationSSVVP SIP School VVoIP Professional Certification
SSVVP SIP School VVoIP Professional Certification Exam Objectives The SSVVP exam is designed to test your skills and knowledge on the basics of Networking, Voice over IP and Video over IP. Everything that
More informationEdgeMarc 4508T4/4508T4W Converged Networking Router
Introduction The EdgeMarc 4508T4W combines multiple voice and data features into a single, easy to use converged networking router. It includes models that have up to 4 T1 WAN interfaces or a single Ethernet
More informationHOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide
HOSTED VOICE Bring Your Own Bandwidth & Remote Worker Install and Best Practices Guide 2 Thank you for choosing EarthLink! EarthLinks' best in class Hosted Voice phone service allows you to deploy phones
More informationVoice Over IP and Firewalls
Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationChapter 4 Virtual Private Networking
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
More informationVOIP SECURITY ISSUES AND RECOMMENDATIONS
VOIP SECURITY ISSUES AND RECOMMENDATIONS Sathasivam Mathiyalakan MSIS Department, College of Management, University of Massachusetts Boston Phone: (617) 287 7881; Email: Satha.Mathiyalakan@umb.edu ABSTRACT
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More informationVoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan
VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationCisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X
Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module
More information