1 Proceedings of the International Multiconference on ISSN Computer Science and Information Technology, pp PIPS Securing Voice over Internet Protocol Ahmad Ghafarian, Randolph Draughorne, Steven Grainger, Shelly Hargraves, Stacy High, and Crystal Jackson North Georgia College & State University Dahlonega, GA Abstract. In recent years, there has been significant increase in VoIP and internet telephony usage. The users, whether corporate or individuals are subject to the same security risks that have affected data networks for many years. This is mainly because voice networks are IP-based and all IP protocols for sending voice traffic contain flaws. In this paper, we study the security risks associated with the VoIP including vulnerabilities, man-in-the-middle attack, and denial-of-service. We will also review the protection measure that can be taken to make VoIP more secure, such as authorization, authentication, transport layer security, and media encryption. Keywords: VoIP, Security, IPSec, Security Levels, Media Gateway Control Protocol 1 Introduction Voice over Internet Protocol (VoIP) is a technology that has reached a level of maturity and reliability such that it can now be applied to the enterprise environment. VoIP has the potential to reduce communications costs considerably and opens a new path in the development of new devices. However, like all technologies VoIP comes with a number of inherent risks that while serious can be managed provided the enterprise takes the appropriate precautions. This paper will examine the risks faced by the VoIP service provider and describe methods to reduce the risk for both the service provider and the enterprise. In addition, we examine the security risks associated with VoIP and has organized these risks in several categories from a layered perspective: weaknesses related to IP, the combined use of legacy and new technology, gateway considerations, security levels associated with VoIP, service provider challenges. 629
2 630 Ahmad Ghafarian, Randolph Draughorne et al. 2 Internet Protocol Weaknesses 2.1 Resource Exhaustion (Denial of Service) Resource Exhaustion, carried out via DoS (Denial of Service) attacks which reduces the number of available IP addresses, bandwidth, processor memory, and other router/server functions. A VoIP based DoS attack bombards a call processing/managing application with large amounts of simultaneous requests that it cannot process, causing the application to shut down, thereby denying service to authorized or intended users. Before describing how to safely secure a VoIP network, its weaknesses must first be understood. VoIP is carried across the backbone of the Internet using Internet Protocol (IP) addresses to locate customers operating on the voice communications network . However, IP has its own flaws, which are then inherited by all VoIP networks. 2.2 Network Sniffing Network Sniffing attacks occur when an individual is observing network traffic. Typically, any system on a network sharing a transmission medium has the ability to view other system traffic (Univ. of London Information Security Group, 1998, pp.6-7). 2.3 Message Replay Attacks According to the University of London Information Security Group , this type of attack occurs when network sniffing is done between two systems. Recording of the conversation is done during the sniffing which may be replayed to other parties in an altered state. 3 VoIP Security Levels As illustrated in Figure 1 (see Appendix A), VoIP security can be divided into four levels: configuration security, signaling packet security, voice packet security, and data packet security . The details of each level are described in the following subsections. 3.1 VoIP Configuration Security Level The goals of VoIP security include authorization, authentication, integrity, privacy, and non-repudiation. Authorization is achieved through proper configuration, which is established during set-up of a new subscriber  by authorizing the device in the network system. Authentication can also be done either during configuration or at a later stage. Once the device is authorized to the network, the customer premise
3 Securing Voice over Internet Protocol 631 equipment (CPE) must provide a secure identification number to the network server. An authentication key is then exchanged between CPE and the network server. The CPE gateway is authenticated, and then the server provides an encryption key. The encryption key is used for secure communication between CPE and the network server. Popular protocols that are used for this handshake and secure communication include: Session Security Layer (SSL), Transport Layer Security (TLS), File Transfer Protocol (FTP), Trivial FTP (TFTP), and Secure Hyper Text Transport Protocol (SHTTP). Configuration security protocols and methods of implementation are usually provided by individual service providers. During the configuration of VoIP, separation of voice and data traffic is placed into different LAN segments. This process involves the creation of a separate VLAN for Voice and another VLAN for Data. The advantage of the separate VLANs is the isolation of the voice signals from data signals as they travel across the network. Another security measure that must be taken into consideration during configuration is the creation of Security Association (SA). SA is a virtual secure connection between two or more devices. The SA process involves authentication and exchange of tokens, or certificate, to produce encryption keys. Once the SA is established, a security mechanism will perform key exchange. In addition to the establishment of a SA between a CPE and a configuration server, each pair of CPE also needs a SA. The reason SA establishment is recommended during the configuration stage is because it is a time consuming process to be established during the signal packet transmission. Since pre-establishment of SA between all CPEs is difficult to manage in terms of CPU usage, they are generally established as needed. It is also possible to reuse a previously established SA between two CPEs. Establishing a SA with IPSec requires between 2 to 10 seconds. However establishing SA with TLS requires 1.5 seconds . 3.2 VoIP Signal Packet Security Level In VoIP, after the call is set, a complex series of packet exchanges must take place depending on a signaling protocol. The problem is that the computer systems are addressed by their IP addresses, but users enter an ordinary telephone number using the Universal Resource Indicator (ULI) to place a call. The first step in this process is converting analog voice signals to digital, using an analog-digital converter. Since digitized voice requires a large number of bits, a compression algorithm can be used to reduce the volume of data to be transmitted. This process is called signal pocketing. Next, the voice signals are inserted into data packets and hence voice packets are constructed . The signal packet security set-up is engaged in the authentication process, which identifies one or more parties in a SA. The SA is not established on a per-call basis. This is because setting up signal security for each call would cause unwanted delays and latencies in the placing of VoIP calls. At the signal layer, the authorization/encryption process begins with an exchange of the keys generated at the configuration level or a new signal security key can be generated and exchanged independently. During earlier security implementation of VoIP, IP Security (IPSec) and Internet Key Exchange (IKE) protocols were used at the transport layer. Once the transport layer is secured, the signal layer and voice layer can run on top of the transport layer. Due to performance considerations, this approach has been changed
4 632 Ahmad Ghafarian, Randolph Draughorne et al. and currently the Transport Layer Security (TLS) protocol largely is deployed on top of TCP for signal security. TLS is an advanced version of SSL and is used for privacy of the communications for VoIP users. TLS is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. The TLS Record Protocol provides connection security with some encryption methods, such as the Data Encryption Standard (DES). The TLS Handshake Protocol allows the server and CPE to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. It is also more efficient, reducing the computational and consequent processing burden that other protocols generate. Recently, Internet Engineering Task Force (IETF) proposed the use of TLS over Stream Control Transmission Protocol (SCTP) or User Datagram Protocol (UDP). Although SCTP has open stream sockets at the transport layer and provides a rich set of features, such as good reliability and multiplexing, it may be too ponderous and code-intensive for VoIP applications that require greater agility. TLS over UDP is not gaining market attention since SIP clients only need to support SIP over TCP; support for UDP is optional Voice Packet Security Level The latest standard voice encryption standard is the Secure Real-Time Transport Protocol (SRTP) with advanced encryption standard (AES). SRTP provides message confidentiality, authentication, integrity checking, and replay protection for voice packets on a per-packet basis. Initially, the data, minus the header information, is encrypted using AES and then a hash of the header and encrypted data is created using Keyed-Hashing for Message Authentication Secure Hash Algorithm-1 ( HMAC-SHA1) . SRTP+  is presented as an approach to overcome the overhead problem and reduce an attacker s ability to exploit this vulnerability. The first two techniques center on mapping a pseudorandom number generator (PRNG) number with an authentication tag, creating a mapping pattern that must be known by both terminal nodes at the time the authentication tag for the outgoing packet is generated and also for verifying the tag of an incoming packet. Packets that are not authenticated are assumed to be malicious and are discarded. A third technique eliminates the need for either a PRNG or a hashing function. In this technique the sender calculates in advance a series of random numbers and uses one of these numbers as the authentication tag for each packet. The receiver stores the N random numbers after decrypting the payload. These random numbers correspond to the sequence numbers for the next N expected packets and are compared to the authentication tags for succeeding packets for authentication. Before the first packet can be authenticated, the first N random numbers must be sent to the receiver, possibly during the SRTP key exchange. Figure 4 illustrates this technique (see Appendix A) .
5 Securing Voice over Internet Protocol Data Packet Security Level Data packets in a VoIP implementation may be protected at the IP level using the Internet Protocol Security (IPSec). IPSec uses two protocols, the a uthentication header (AH) protocol and the e ncapsulating security payload ( ESP), to provide integrity, confidentiality and authentication of data communications over IP networks . In conjunction with an arbitrary 32-bit security parameter index (SPI) and the destination IP address, the protocol uniquely identifies the SA for the specified header field of each data packet or the entire data packet depending on the operational mode. Although these mechanisms validate the authenticity and integrity of the packet, the data itself is not encrypted so the data can still be viewed by unintended parties. The sequence number field of the header in used to prevent replay attacks and is required to be sent by the origin host but not necessarily processed by the destination host. The sender s counter and the receiver's counter are initialized to 0 at SA and incremented with the first packet sent using a particular SA, i.e. a sequence number (SN) of 1. The transmitted SN must never be allowed to replay ; hence, antireplay must always be enabled by the origin host. The header fields associated with security are not significantly different between AH and ESP but since ESP supports encryption, an initialization vector (IV)  field is included to account for encryption algorithms that require cryptographic synchronization data. I PSec supports two encryption modes : Transport and Tunnel. Transport mode encrypts only the data portion of each packet while the tunnel mode encrypts both the header and the payload by encapsulating the original packet in a new packet masking of the source and destination IP addresses. Key management is critical and IPSec supports both the Internet Security Association and Key Management Protocol (ISAKMP)/Oakley protocols . These protocols use two phases of negotiations to establish an SA prior to data transmission. 4 VoIP Solutions IP weaknesses are not the only security issues to consider. Since VoIP is a relatively new technology, companies are currently in the process of implementing it. One common method is by using a hybrid approach combining older circuit-switched technology with new VoIP technology. 4.1 Circuit-switched Technology Vulnerabilities Toll Fraud is a classic IP attack where the attacker impersonates an employee or performs Console Cracking (asking the operator for an outside trunk) to make long distance calls. However, the attacker impersonates a valid user and IP address by plugging in their phone or spoofing the MAC Ethernet address. Eavesdropping occurs when an attacker intercept voice messages. This allows the attacker to listen to voice conversation at ease without the target knowing. Easily available programs such as VOMIT (Voice over Misconfigured Internet Telephony) perform this function.
6 634 Ahmad Ghafarian, Randolph Draughorne et al. Call Hijacking is when an attacker a SIP Response and redirects a caller to a rogue SIP address. This allows the attacker to intercept the call. 4.2 VoIP Technology Vulnerabilities IP Phone The IP Phone is a new desktop phone configured and equipped specifically for IP-based phone calls (ISS, 2004, p.4). Working much like a regular landline phone, the IP Phone s Operating System (OS) may support a web browser; the user can access the phone s webpage and attempt to modify phone features and options . PC-Based Phone According to  (ISS), PC-based phones utilize a software application that provides the phone with IP capabilities when using a PC. However, since the phone can only be used in conjunction with a PC, it is as vulnerable as the OS and applications installed on the computer. 5 VoIP Gateway Vulnerabilities VoIP gateway technologies are also a potential weak point. When VoIP is used externally, gateway technologies convert data packets from the IP network into voice before sending them over a public switched telephone network. When VoIP is used internally, the gateways route packetized voice data between the source and the destination. The concern here is that such gateways can be hacked into by malicious attackers in order to make free telephone calls. The trick to protecting against this lies in having strict access-control lists. As with traditional telephony, eavesdropping is a concern for organizations using VoIP; and the consequences can be greater. Because voice travels in packets over the data network, hackers can use data-sniffing and other hacking tools to identify, modify, store and play back voice traffic traversing the network. A hacker breaking into a VoIP data stream has access to a lot more calls than he would with traditional telephone tapping. As a result, one of the big differences is that a hacker has a much higher probability of getting intelligent information from tapping a VoIP data stream than from monitoring traditional phone systems . 6 VoIP Security Challenges for Service Providers According to Verizon Business  the issues repeatedly seen by their security services assessment group falls into a number of categories they see repeatedly when assesses existing enterprise VoIP systems: The enterprise is not using a VPN to gain access to a VoIP environment There is poor support for access controls and passwords There is widespread use of unauthorized devices such as personal soft phones in enterprise networks and thereby thwart firewall rules. The major security challenge for service providers can be viewed in terms of creating a way to transport VoIP packets safely across the provider s infrastructure.
7 Securing Voice over Internet Protocol 635 Service provides need to insure a secure solution to transit the VoIP data across their network and deliver it to the customer interface. The CPE is often an enterprise border firewall, whose configuration rule set is a sensitive issue because it is the first line of defense in a corporate security system. Making this issue even more complex is the large number of competing VoIP protocols both standards based and proprietary. Mandating specific IP phones is not practical because it limits choices available to the customer community and IP phone technology is moving rapidly. Another problem with IP phones is the ability to support a direct connection to the customer s site reveals a matter of IP destination address exposure. Therefore, it can be seen that the principle issue that service providers need to address is the ability to securely transit VoIP traffic across their network, deliver it to the CPE, and insure that the VoIP traffic is not compromised as it transits the service provider s network. Service providers need a solution set that solves the fundamental problems associated with VoIP. Service provider must also insure they have the proper network infrastructure to accommodate these advances and deliver VoIP traffic safely across their infrastructure. 6 Mechanisms for Securing VoIP Because of the time-critical nature of VoIP, and its low tolerance for disruption and packet loss, many security measures implemented in traditional data networks are simply not applicable to VoIP in their current form; firewalls, intrusion detection systems, and other components must be specialized for VoIP. Firewalls, gateways, and other such devices help keep intruders from compromising a network. However, another layer of defense is necessary at the protocol level to protect the voice traffic. In VoIP, as in data networks, this can be accomplished by encrypting the packets at the IP level using IPSec, or at the application level with SRTP. This way if anyone on the network, authorized or not, intercepts VoIP traffic not intended for them (for instance via a packet sniffer), the packets will be unintelligible. To implement VoIP securely, start with the following general guidelines, recognizing that practical considerations might require modification and adjustment: Put voice and data on logically separate networks. At the voice gateway, which interfaces with the PSTN, deny access to H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connection s state, denying packets that aren t part of a properly originated call. Use IPSec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system.
8 636 Ahmad Ghafarian, Randolph Draughorne et al. Use IPSec in tunnel mode when available instead of in transport mode because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis. 7 Conclusion This paper has addressed VoIP security in terms of its configuration, risks, and potential usage by service providers who need to manage those risks. While VoIP is certainly a viable technology great care must be taken in its use and configuration. A number of VoIP specific recommendations conclude the paper. However, beyond these specific recommendations, an enterprise must use a layered security architecture, which provides the most effective defense against VoIP attacks. Defensive layering must start beyond the enterprise border and originate in the service providers network to insure the secure transport of VoIP to the enterprise. Enterprises must continue to review their security posture in terms of risk mitigation, not risk avoidance because new technology and vulnerabilities will always arise alongside the new technology, like VoIP. References 1. Barbieri R., Bruschi D., Rosti E. (2002). Voice over IPsec: Analysis and solutions. 8 th Annual Computer Security Applications Conference. pp Berger T. (2006). Analysis of current VPN technologies. First International Conference on Availability, Reliability, and Security. Pp Bednarz P. (2002). How VoIP is changing the network security equation. Retrieved October 16, 2006 from articleid= Casteel J. (2005). Sound Choices for VoIP Security. Retrieved October 20, 2006 from 5. Garg S., Singh N., Tsai T. (2005). SRTP+: An efficient scheme for RTP packet authentication. Retrieved Nov. 2, 2006 from paper.pdf 6. Greenstreet D., Scoggins S. (2005). Building Residential VoIP Gateways: A Tutorial Part IV: VoIP Security Implementation. Retrieved Oct. 23, 2006 from: 7. Internet Security Systems (2004). Retrieved October 16, 2006 from 8. Kuhn R., Walsh T. J. and Fries Stephen, (January 2005). Security Considerations for Voice over IP Systems. National Institute and Standards and Technology Publications. Retrieved, Oct. 21, 2006 from: 58 final.pdf 9. Marsan C. (2006). VoIP Security Services Taking Hold. Network World, Vol. 23, Iss. 26, pg. 25, July 2006.
9 Securing Voice over Internet Protocol Scoggins S, Implement Maximum Security for VoIP. Reprieved October 25, 2006 from D_NETD_SECD_TA.pdf 11. The Internet Society. (2004). Request for comments: 3711 The secure realtime transport protocol (SRTP). Retrieved October 31, 2006 from: 12. University of London Information Security Group (1998). Internet Protocol Security Flaws. 13. Vijayan, J. (2002) VOIP: Don t Overlook Security. Computerworld, Security. Appendix A: Figures Fig. 1. VoIP Security Area
10 638 Ahmad Ghafarian, Randolph Draughorne et al. Fig. 2. SRTP+ Exchange for Technique 1 Fig. 3. SRTP+ Exchange for Technique 2
11 Securing Voice over Internet Protocol 639 Fig. 4. SRTP+ Exchange for Technique 3
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist firstname.lastname@example.org Specialties: Routing &
FDIC Division of Supervision and Consumer Protection Voice over Internet Protocol (VoIP) Informational Supplement June 2005 1 Summary In an attempt to control expenses, consumers and businesses are considering
Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT email@example.com "Security problems in state of the art IP-Telephony
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group firstname.lastname@example.org http://www.sys-security.com September 2002
HOSTED VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
White Paper Solutions to VoIP (Voice over IP) Recording Deployment Revision 2.1 September 2008 Author: Robert Wright (email@example.com), BSc (Hons) Ultra Electronics AudioSoft, October
TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice
1152 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS PART C: APPLICATIONS AND REVIEWS, VOL. 37, NO. 6, NOVEMBER 2007 Security Challenge and Defense in VoIP Infrastructures David Butcher, Member, IEEE,
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: firstname.lastname@example.org Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport
Network Security by David G. Messerschmitt Supplementary section for Understanding Networked Applications: A First Course, Morgan Kaufmann, 1999. Copyright notice: Permission is granted to copy and distribute
SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...
W H I T E P A P E R By Atul Verma Engineering Manager, IP Phone Solutions Communications Infrastructure and Voice Group email@example.com Introduction The advantages of a converged voice and data network are
VoIP Time to Make the Call? By Steve Sullivan Abstract Is it time to make the call and join the growing numbers of companies that are embracing Voice over IP technologies? Even though VoIP is a relatively
Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract
March 2005 PGP White Paper Transport Layer Security (TLS) & Encryption: Complementary Security Tools PGP White Paper TLS & Encryption 1 Table of Contents INTRODUCTION... 2 HISTORY OF TRANSPORT LAYER SECURITY...
Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation firstname.lastname@example.org Use of Voice Over IP (VoIP) in enterprises is becoming more and more
Secure VoIP Transmission through VPN Utilization Prashant Khobragade Department of Computer Science & Engineering RGCER Nagpur, India email@example.com Disha Gupta Department of Computer Science
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
Business Phone Security Threats to VoIP and What to do about Them VoIP and Security: What You Need to Know to Keep Your Business Communications Safe Like other Internet-based applications, VoIP services
W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)
TRAVERSING FIREWALLS AND NATS WITH VOICE AND VIDEO OVER IP An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons Traversing Firewalls and NATs With Voice and Video Over
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
Article VoIP Introduction Internet telephony refers to communications services voice, fax, SMS, and/or voice-messaging applications that are transported via the internet, rather than the public switched
INF3510 Information Security Lecture 10: Communications Security Audun Jøsang University of Oslo Spring 2015 Outline Network security concepts Communication security Perimeter security Protocol architecture
What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
Securing Unified Communications for Healthcare Table of Contents Securing UC A Unique Process... 2 Fundamental Components of a Healthcare UC Security Architecture... 3 Making Unified Communications Secure
Abstract An Investigation into the Effect of Security on Performance in a VoIP Network Muhammad Tayyab Ashraf, John N. Davies and Vic Grout Centre for Applied Internet Research (CAIR) Glyndŵr University,
VoIP Resilience and Security Jim Credland About THUS plc Provider and user of VoIP and Soft Switch technologies Developing Enterprise Security Standards NISCC VoIP Working Group Security Considerations
Network Security Securing communications (SSL/TLS and IPSec) Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network communication Who are you
TraceSim 3.0: Advanced Measurement Functionality for Secure VoIP Networks and Simulation of Video over IP No part of this brochure may be copied or published by means of printing, photocopying, microfilm
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
Secure Voice over IP (VoIP) Networks How to deploy a robust, secure VoIP solution that counters both external and internal threats and, at the same time, provides top quality of service. This White Paper:
Fax over IP Contents Introduction Why Fax over IP? How Real-time Fax over IP works Implementation with MessagePlus/Open Summary About this document This document describes how Fax over IP works in general
By: Kevin Finnan and Philippe Willems Introduction New security capabilities at the remote terminal unit (RTU) level are substantially easing implementation of cyber security measures in SCADA systems.
SIP SECURITY JULY 2014 Executive Overview As with any data or communication service, it s important that all enterprises understand potential security issues related to SIP Trunking. This paper provides
SIP Trunking and Voice over IP Agenda What is SIP Trunking? SIP Signaling How is Voice encoded and transported? What are the Voice over IP Impairments? How is Voice Quality measured? VoIP Technology Confidential
Broadvox SIP Trunking Frequently Asked Questions (FAQs) Table of Contents Can a Call Center with an automated dialer use Broadvox services? 3 Can I connect to Broadvox services if I have a dynamic IP address?
Course 4: IP Telephony and VoIP Telecommunications Technical Curriculum Program 3: Voice Knowledge 6/9/2009 1 Telecommunications Technical Curriculum Program 1: General Industry Knowledge Course 1: General
Five Steps to Ensuring a Successful VoIP Migration By Mike Perry, incontact Vice President, Network Operations Voice over IP (VoIP) has arrived and is here to stay. Many contact centers are realizing the
10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity
TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,
Securing VoIP Networks GENBAND s multi-layer security architecture and threat mitigation solution White Paper February 2011 Executive Summary The introduction of VoIP solutions for fixed and mobile networks
Privacy and Encryption in egovernment Dewey Landrum Technical Architect CSO SLED West Sector CISSP August 11, 2008 Privacy Regulations Health Insurance Portability and Accountability Act (HIPPA) Gramm-Leach-Bliley
2010 White Paper Series Top Ten Security Issues Voice over IP (VoIP) Top Ten Security Issues with Voice over IP (VoIP) Voice over IP (VoIP), the use of the packet switched internet for telephony, has grown
Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version
Load Balancing for Microsoft Office Communication Server 2007 Release 2 A Dell and F5 Networks Technical White Paper End-to-End Solutions Team Dell Product Group Enterprise Dell/F5 Partner Team F5 Networks
7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER 2002 1 Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security
University of Haifa Winter Semester 11/1/12 Computer and Network Security Exercise no. 4 Submit in Pairs/Single to mailbox 19 by 25/1/12, 2:00 p.m. 1. Following the sensitivity of the information in its
Qfiniti Enterprise and VoIP for Avaya Qfiniti Enterprise and VoIP An etalk Technical White Paper Table of Contents etalk Product Briefing...3 Integration Overview...3 VoIP Connection...4 Layer 2 Connectivity...4
Report Number: I332-016R-2005 Security Guidance for Deploying IP Telephony Systems Systems and Network Attack Center (SNAC) Released: 14 February 2006 Version 1.01 SNAC.Guides@nsa.gov ii This Page Intentionally
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Exercise: Chapters 13, 15-18 18 1. [Kaufman] 13.1
ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network Release: 1 ICTTEN5168A Design and implement an enterprise voice over internet protocol and
Communication System Security, Chapter 3, Draft, L.D. Chen and G. Gong, 2008 1 Chapter 3. Network Domain Security A network can be considered as the physical resource for a communication system. This chapter
ISPE Automation Forum Cyber Security Where Do I Begin? Don Dickinson Project Engineer Phoenix Contact ..50% more infected Web pages Click in the on one last and three you months won t of notice 2008 than
TESTING & INTEGRATION GROUP SOLUTION GUIDE AppDirector Load balancing IBM Websphere and AppXcel INTRODUCTION...2 RADWARE APPDIRECTOR...3 RADWARE APPXCEL...3 IBM WEBSPHERE...4 SOLUTION DETAILS...4 HOW IT
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
CHAPTER 9 Firewalls and Virtual Private Networks Introduction In Chapter 8, we discussed the issue of security in remote access networks. In this chapter we will consider how security is applied in remote
Security Overview Introduction ShowMyPC provides real-time communication services to organizations and a large number of corporations. These corporations use ShowMyPC services for diverse purposes ranging
End to End Security in a Hosted Collaboration Environment 2 Agenda Hosted Collaboration Solution What Does Security Mean for HCS Customer Network Isolation Storage Isolation Securing Inter-Cluster Communication
accepted for publication in Computer Networks and ISDN Systems Journal Internet Security Architecture Refik Molva Institut Eurécom 2229, route des Crêtes F-06904 Sophia-Antipolis firstname.lastname@example.org Abstract
SIP and VoIP Skype an example VoIP client 1 SIP / VoIP: what are these? Voice over IP (VoIP) Session Initiation Protocol (SIP) Control channel Known in telephone world as signaling channel Does call setup:
SBC WHITE PAPER The Critical Component Table of Contents of your VoIP Infrastructure... 3 Enter the SBC... 4 Functions... 5 Security... 5 Denial of Service... 5 Toll Fraud... 6 Encryption... 6 Policy...