Models of Secure VoIP Systems. VoIP Security Best Practice. Vol. II. Models of Secure VoIP Systems (Version: 1.2) NEC Corporation

Size: px
Start display at page:

Download "Models of Secure VoIP Systems. VoIP Security Best Practice. Vol. II. Models of Secure VoIP Systems (Version: 1.2) NEC Corporation"

Transcription

1 VoIP Security Best Practice (Version: 1.2) NEC Corporation

2 Liability Disclaimer NEC Corporation reserves the right to change the specifications, functions, or features, at any time, without notice. NEC Corporation has prepared this document for the exclusive use of its employees and customers. The information contained herein is the property of NEC Corporation and shall not be reproduced without prior written approval from NEC Corporation. UNIVERGE is a registered trademark of NEC Corporation. Some of the NEC products identified in this document may not be available in certain regional markets. Please contact your NEC representative for availability NEC Corporation MS-DOS, Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation. All other brand or product names are or may be trademarks or registered trademarks of, and are used to identify products or services of, their respective owners.

3 Contents 1. Introduction Abstract Audience Authors Acknowledgments General Model of Secure VoIP Systems VoIP Infrastructure Key Components Common Threats Design Guidelines Threat Mitigation Network Infrastructure Key Components Common Threats Design Guidelines Threat Mitigation User Access Infrastructure Key Components Common Threats Design Guidelines Threat Mitigation Secure Management Infrastructure Key Components Common Threats Design Guidelines Threat Mitigation Small Office System Model Internet Edge Key Components Threats Design Guidelines Threat Mitigation Intranet Key Components Threats Design Guidelines Threat Mitigation Large Enterprise Office System Model...21

4 4.1 Centralized IP-PBX Model Internet Edge Key Components Threats Design Guidelines Threat Mitigation Enterprise Server Farm Key Components Threats Design Guidelines Threat Mitigation Main Office Key Components Threats Design Guidelines Threat Mitigation Branch Office Key Components Threats Design Guidelines Threat Mitigation Distributed IP-PBX Model Branch Office Key Components Threats Design Guidelines Threat Mitigation... 31

5 1. Introduction 1.1 Abstract Network security represents an apex of concern for every organization these days. Regulations are both vastly increasing and coming to pass in most regions. Security breaches may damage reputations and loss of business opportunities; and, while the IP telephony solutions can produce a new style of office communication and reduce network costs, it adds complexity onto development and maintenance. Corporate networks are vastly impacted due to the unique network nature of IP telephony systems and the coexistence of data traffic and voice traffic. The purpose of the UNIVERGE VoIP Security Best Practices series is to illustrate basic guidance for secure deployment and maintenance of the UNIVERGE telephony systems. This document is Volume II of a series of Security Best Practice for designing and implementing secure IP telephony systems. Volume II provides general examples for designing secure IP telephony systems in accordance with the principles provided in the Volume I. Volume II also presents an overview of the secure IP telephony architecture, and then details the specific modules that make up the actual network design. This document begins with an overview of secure VoIP system architecture. The VoIP system is composed of four infrastructures, VoIP, network, user access and secure management infrastructures. Key components and security threats of each infrastructure are explained in section 2. After explaining every infrastructure, sections 3 and 4 provide two network examples for a small office and large enterprise network. These examples are useful for system integrators to design and implement secure VoIP system. 1

6 1.2 Audience The UNIVERGE VoIP Security Best Practices series is intended for network and system managers. Although this document is essentially technical, it can be read without understanding network and system details. This document is composed of volumes intended to provide proper information in proportion to your purpose. If you would like to understand the security overview, please refer to both Volume I and Volume II. If you are interested in integrating secure VoIP systems, refer to both Volume II and Volume III. Since comprehensive security for a corporate network includes too many aspects to cover, in this series, we focus on basic issues tailored to IP telephony systems. For example, we presume that your organization already has a security policy. NEC does not recommend deploying any security technology and device without first establishing the security policy. 1.3 Authors Mr. Teruharu Serada and Mr. Toshio Miyachi are the primary authors of this white paper. Mr. Miyachi studied network and VoIP security, providing technological expertise to the NEC Broadband Solutions Planning Division. He is responsible for assisting in the establishment of NEC s corporate strategy for product security within the NEC Corporate IT Division. Mr. Serada works within UNIVERGE product and solution planning as a network security technology expert within the UNIVERGE Solutions Promotion Division. 1.4 Acknowledgments Special thanks to Mr. Sam Safa and Ms. Laura Hammett for their technical and grammatical refinement of our manuscript. 2

7 2. General Model of Secure VoIP Systems VoIP systems enable the transfer of voice data over an IP network. VoIP systems also enable new applications that integrate voice and data services. VoIP system users can, for example, retrieve a phone number from a web-based directory service and make a call using a click of a mouse. VoIP systems consist of the following subsystems/infrastructures as shown in Figure 2-1 and Figure 2-2: (1) VoIP infrastructure The VoIP infrastructure provides VoIP-based telephony service to users. According to data and voice integration, the users are provided not only legacy telephony service but access to new IP telephony applications, such as a web-based telephone directory. (2) IP Network infrastructure The IP network infrastructure enables IP communication between entities. It is also deployed widely for IP communication. Since traffic for IP telephony systems is real-time in nature, QoS requirements should be taken into account. (3) User Access infrastructure The User Access network infrastructure provides the access methods to the VoIP users. Users may access the VoIP system from the Internet and/or the Intranet. Within the office, they can access the VoIP infrastructure via wired or wireless LAN. In the internet, they can access the VoIP infrastructure via remote access system. (4) Management System infrastructure The management system infrastructure provides the VoIP management functions. This enables the system administrators to configure, customize and maintain every entity of VoIP system. 3

8 VoIP User Access User Data Access IP Network Infrastructure VoIP Data Service Management System Infrastructure Figure 2-1 A Network Model including a VoIP System Remote access from the Internet User access network IP infrastructure (including Router, Switch and DNS servers) Other VoIP system VoIP Infrastructure IP-PBX Terminals PSTN Public VoIP Network Media/Signal gateways Application Servers Figure 2-2 A Typical VoIP System 4

9 2.1 VoIP Infrastructure The VoIP infrastructure provides VoIP-based telephony service to users. Compared with traditional PBXs, VoIP infrastructure provides the integration with other network applications Key Components The key components in the VoIP infrastructure are the following: (1) IP-PBXs IP-PBXs provide basic telephony features for users. The IP-PBXs set up and monitor calls, maintain the dial plan, perform phone number translation, authorize users, and coordinate the call signaling. (2) VoIP Gateways VoIP Gateways are responsible for call origination, detection, analog-to-digital voice conversion, and creation of voice packets. In addition, media gateways may provide optional features, such as voice compression, echo cancellation, silence suppression, and statistic gathering. (3) Application Servers Compared with traditional PBXs, VoIP systems allow for much tighter integration with other applications on an enterprise network. For example, voice mail service, telephone directory service and Unified Messaging Service (UMS) are implemented as VoIP network applications. These services will be offered to users through an application server. An IP-PBX provides IP-based telephony service for users. The IP-PBX can be divided into two functions: one to process the signals and one to set up calls. The IP-PBX is treated as a single entity, since almost all IP-PBXs are implemented on a single device. The UNIVERGE SV7000 and APEXi series (in Japanese market) are classified as the IP-PBXs within NEC s product portfolio. The IP-PBX provides the communication interface between the application servers, as it provides integrated telephony service to users applications. In addition to providing an interface between the users terminal, an IP-PBX also provides and interface between multiple VoIP gateways that allow communications with other organizations IP-PBXs. 5

10 A VoIP gateway is responsible for the connecting an IP-PBX to an external telephony network (ISDN network, Japanese 050 public VoIP network and so on). A VoIP gateway can include signal and/or media gateway functions. The signal gateway function is responsible for the translation of the VoIP call control protocol (SIP and H.323) into the legacy PSTN signal protocol (ISUP, SS7 and so on). The media gateway function mediates the media signals between the IP network and the circuit switched or traditional telephone network. While many vendors may have separate devices used to perform the media and signal gateway functions, NEC s products, such as MG(BRI), MG(PRI), MG(SIP) and MC-MG can perform both functions in a single device; therefore, this paper treats the VoIP gateway as a single entity. An Application server is responsible for providing service to VoIP applications such as Web telephone directories service, Unified Messaging Service (integrates , FAX and voice mail) and Presence Service (collects and distributes users presence information) Common Threats The following represent considerable threats: General attacks from the Internet and intranet Exploits of the systems vulnerability Thefts of the equipment and information from all entities Threats specific to the IP-PBX: Unauthorized users access Call interception by a malicious user impersonating an authorized user Toll fraud attempts from the intranet users System failure caused by power failure or network down Unveiling sensitive information Person In-The Middle (PITM) attacks (A malicious user can behave as the IP-PBX or the users terminal.) Replay attacks Threats specific to the VoIP gateway: Toll fraud attempts from the Internet users DoS and various other malicious attacks from outside the LAN DoS and various other malicious attacks from within the LAN to a public network (Not assuming the position of attacker is as important as not positioning oneself as a victim, as either can cause many severe monetary or brand image losses.) Threats specific to the Application Server: Unauthorized access to the application server 6

11 2.1.3 Design Guidelines The traffic within a subsystem and across subsystems should be controlled adequately by the access controls. Only critical VoIP service and maintenance should be accepted, while unnecessary traffic should be dropped. IP-PBX authenticates the user to protect from the malicious user s access. Authentication ensures that services are only provided to appropriate users, protecting them from abuse and toll fraud. For traffic encryption, an encryption key agreement should be performed during the authentication process. Traffic encryption prevents the attackers from capturing the signal and media traffic, which prevent attackers from attempting to gain unauthorized access or request call termination. To mitigate the possibilities of call interception and confidential information disclosure, both signaling and media protocol communication must be encrypted. When an encryption mechanism is adopted, key parameters for encryption must be set on both the IP-PBX and the terminal. Deploying such encryption can also provide security from a malicious user trying to gain access. When an IP-PBX service stops, a user cannot utilize any VoIP services. This may result in the immediate loss of revenue or business. An IP-PBX must continue providing service despite any failures such as power failure or disaster. In order to maintain the availability of the IP-PBX during any failures, fault tolerance should be considered in the initial network design. User authentication and authorization must not only take place on an IP-PBX but also on network application servers. Such access methods can greatly reduce and deny malicious users attempting to impersonate another authorized user Threat Mitigation In general, traffic across subsystems should be controlled by access control functions within a firewall to protect from network resource consumption and attacks from malicious users. In order to maintain the confidentiality of all traffic, both signal and media streams should be encrypted. Encryption allows mitigation from information leakage threats. Each VoIP infrastructure entity should also be physically protected, preventing attackers trying to steal users confidential information. Furthermore, since VoIP gateways are typically exposed to the DoS attack threats by the nature of having a connection to external public networks, a firewall device should be considered to mitigate the possibility of such DoS attacks (i.e. UDP flood attack). A firewall can not only be used to mitigate such attacks, but also prevent the other attacks by enabling additional features, like traffic shaping and protocol anomaly detection functions. An Intrusion Detection/Prevention System (IDS or IPS) can also be adequately deployed and used to mitigate from DoS attacks and unauthorized access threats. 7

12 When an IP-PBX authenticates a user, malicious attacks targeted to impersonate a user are prevented and greatly reduced. Authentication must be mutual to prevent the Person In-The Middle (PITM) attacks. While the IP-PBX authenticates the user, the user can also verify whether the IP-PBX which (s)he is communicating with is the right server or not. To mitigate the possibilities of call interception and unveiling of confidential information, signaling and media protocol communication need to be encrypted. A key agreement is needed when VoIP communication is encrypted. As shown in Figure 2-3, two encryption keys must be agreed upon. One key is for call signaling encryption key shared by both IP-PBX and each terminal, and the other key is for a media stream encryption key shared by the two communicating terminals. Mutual authentication and call signaling key agreements between the user and the IP-PBX is done at the same time. A media encryption key is provided by IP-PBX or is securely exchanged between terminals. These keys should not be unveiled to anyone, including the administrators, for security reasons. IP-PBX Signal (encrypted) Signal (encrypted) Media Stream (encrypted) Signal Encryption Key Media Encryption Key Terminal Figure 2-3 Two Types of Encryption Keys Since the VoIP system software is complex (see Volume I for more information), it may include many vulnerabilities. All entities in a VoIP system must have software updating mechanism. When a vulnerability is reported by the vendor and the patch is provided, it should be applied as soon as possible. In order to maintain the availability of the IP-PBX during any failures, fault tolerance should be considered in the initial network design. The IP-PBX and application servers should have redundancy, allowing for provisioning when an accident, breakdown and/or the maintenance of equipment take place. Adopting UPS (uninterruptible power supplies) enables power failover redundancy to the VoIP system. 8

13 2.2 Network Infrastructure The network infrastructure is responsible for connecting each node in the VoIP system Key Components The following represent key components in the network infrastructure: Switch (layer 2, layer 3) Router Firewall These are the same components in an IP network infrastructure without the VoIP system. It is important for the VoIP network infrastructure to divide logically the whole network into voice and data network. So, a Layer 2/3 (L2/L3) switch is required with support for Virtual LANs (VLAN). The firewall has the responsibility for keeping the network secure from other networks as it is normally deployed at the point where the networks connect. The firewall applies security policy rules to control traffic that flows in and out of the protected network by utilizing packet filtering and traffic shaping features. For that reason, a firewall function should be carefully deployed. A firewall can be implemented in various ways. It can be implemented as an application level gateway, termination point for all TCP and UDP connection, and/or as a traffic filtering device which inspects and routes all incoming and outgoing packets. When an organization deploys a VoIP system on existing IP network, the firewall function required by the VoIP system can coexist with an existing firewall without violating the organizations security policy. The firewall devices that have stateful packet inspection function are now very widely deployed. If the stateful inspection technologies are used with VoIP, it has the responsibility for the following to: Protect irregular flow packets. This prevents replay and UDP flood attacks. Open and close the necessary UDP ports used by an RTP stream. These ports are usually closed and are opened when the firewall need to pass RTP traffic stream. Not all firewall devices can support NEC s SIP implementation. firewall products is listed in Volume III. A list of supported 9

14 2.2.2 Common Threats The following represent considerable threats within the network infrastructure: Unauthorized access and toll fraud from malicious users in the Internet or intranet users DoS attacks from malicious users in the Internet and intranet users Design Guidelines It is highly recommended to physically or logically separate Voice from Data networks. VoIP system is implemented over an existing IP network; however the traffic requirements for VoIP applications are different from data. As described in Volume I, VoIP traffic, unlike data, is real-time and delay-sensitive in nature. Firewalls are used to control and filter the inappropriate traffic in the same way as they are used to secure the data network. The VoIP system consists of many subsystems that have many key components. Inter-subsystem communication and inter-components communication can be transmitted via firewalls. A firewall mitigates the possibility of DoS and unauthorized access. Some firewall products inspect the signal packets and, when needed by a media stream can open or close required UDP ports. When the VoIP communication is encrypted, the firewall cannot analyze the SDP (Session Description Protocol) payload. As a result, it may be unable to adequately open or close ports. Whether VoIP communication (or SIP signal communication) should be encrypted or not, may be dependent on the existence of a firewall in an IP network. In addition, it is also important to consider that when Network Address Translation (NAT) is used in the communication route, VoIP and/or SIP communications may not work. Since the sender s IP address is included in the SIP/SDP packets like FTP PORT mode, SIP/SDP address translation is needed. Without such a function NAT with VoIP communication may not work. Hence an alternative solution should be considered Threat Mitigation VLAN technology makes logical separation of the network easier. All entities in the network infrastructure should support VLAN. The separation of collision domains mitigates the risk from DoS attacks or packet sniffing. If the VoIP system administrator wants to improve the quality of the telephony service, QoS-enabled switches and routers are recommended to be deployed. Since VoIP system is implemented over a common IP network infrastructure, an internal malicious user can easily cause a DoS attack by sending bogus packets or replay packets. 10

15 To mitigate from DoS attack possibilities, it is recommended to segment the whole network into smaller sub-networks and deploy access controls within the sub-networks. Voice and data networks should be separated, moreover clients and server networks should also be separated (Figure 2-4). The communications across the sub-networks should be controlled with a Layer 3 switch (L3SW) or firewall, and only legitimate communication can be passed by that device. For an IP phone, the following represent legitimate communications: Call signal communication between the IP phone and the IP-PBX Media stream communication between terminals Illegitimate communication must be filtered. Deciding what to filter out is dependent on the type of communication system being deployed. The system integrator must confirm that the port-numbers and protocols to be used and confirm that the unnecessary communications will be filtered. RFC2827-based ingress filtering should also be carried out using such device xbased authentication VoIP terminal sub-network VoIP server sub-network Physical protection WLAN IP phone IP phone MAC addressbased control Wireless LAN controllers L2SW IP-PBX VoIP application Servers Access Control (by Firewall or L3SW) Intranet servers PC with Softphone PCs Directory servers Data client sub-network Data server sub-network Figure 2-4 Countermeasures Against DoS Attacks In order to make DoS countermeasures more effective, it is recommended that a malicious device is unable to connect to the network. For example, a Layer 2 switch (L2SW) should perform a MAC address check before allowing a newly deployed IP phone to connect. When a wireless IP phone (ex. NEC MH210 series) is deployed, the phone should be authenticated using 802.1X protocols. In the server network, the equipment must be physically protected in order to prevent the attackers connecting the network and attacking the nodes. 11

16 2.3 User Access Infrastructure Key Components User access infrastructure includes terminal devices and access paths as shown in Figure 2-5, through which users make use of IP telephone system service. User Terminal Device Access Path Network Infrastructure Soft-phone Hard-phone LAN Wireless LAN Remote access Figure 2-5 User Access Infrastructure A terminal device is either an IP phone or a PC-based IP phone, which is a PC with special application software and a hand-set or a head-set. In most cases, an access path is either a wired LAN or a wireless LAN. A wired LAN includes hubs and switches. A wireless LAN includes access points and authentication servers. Both LANs may include a DHCP server and a DNS server. A remote access system, which implements a secure virtual path with IPsec technology, SSL and any other, may be deployed to access an in-house IP telephone system from a remote site. Its main component is a remote access gateway such as IPSec and SSL-VPN gateway products Common Threats There are many potential threats to VoIP systems from within user access infrastructures. This includes: Eavesdropping and gathering of calling history through interception of LAN or wireless LAN False terminal devices by spoofing another terminal device Virus and mal-ware attacks from PCs connected to the same LAN or wireless LAN Design Guidelines When possible, separate LAN segments into LANs for data traffic and those for voice, 12

17 physically or logically with virtual LAN (VLAN) capability. The WLAN is more exposed to the threat than wired LAN, since physical access to the WLAN is far easier than to the wired LAN. A radio wave from WLAN access point can be transmitted through a wall, a wooden door, a window and so on. To mitigate the possibility of un-authorized access via WLAN, perform a communication encryption (layer 2 data) and terminal or mutual authentication. This action also causes the mitigation of the possibility of DoS attack to the VoIP systems, for preventing the malicious terminals from connecting the in-house network. When choosing a remote access gateway product, it is highly recommended to check for compatibility with VoIP systems Threat Mitigation It is highly recommended that whole network is separated into data and voice networks. When IP-phone has multiple network interfaces (for PC and network), PCs may be connected to the network via IP-phone (so called daisy chaining) as shown in Figure 2-6. In such cases, IP phone can insert a VLAN tag into the packets generated by the IP phone and pass the packets from PC without inserting VLAN tag thus allowing the network layer 2 switches to separate voice from data traffic. Packet from PC (untagged) Packet from IP phone (with VLAN-tag) L2SW PC and IP phone is connected to single port. Figure 2-6 PC and IP Phone Connection 13

18 The following encryption and authentication features and algorithms can be used in based WLAN system. Terminal authentication SSID authentication Shared key authentication (used together with WEP encryption) MAC address-based access control 802.1X and EAP authentication (EAP-MD5, EAP-LEAP, EAP-TLS, EAP-TTLS, PEAP) Communication encryption WEP (Wired Equivalent Privacy) 64bits key length encryption 128bits key length encryption WPA / TKIP encryption (with integrity check) WPA2 / AES CBC-MAC Protocol (CCMP) In case of WLAN usage within a corporate network, 802.1X authentication and dynamic key management mechanism (dynamic WEP, WPA and WPA2) should be used to keep the same security level as wired LAN. The SSID authentication and shared key authentication does not provide any reliable authentication. WEP does not provide enough confidentiality, because its key management is too poor for the attacker to decrypt encrypted packets. SSL-based remote access system (so called SSL-VPN) and IPSec-based remote access system (so called IPSec-VPN) is widely deployed. Both systems have their pros and cons. In general, SSL-VPN is easy to use. However SSL-VPN does not support all IP applications. The products themselves determine if the application is supported. On the other hand, all IP applications are accessible through the IPSec-VPN connections, but it requires client software installation. If the remote access system is already deployed, the system integrator must confirm whether the VoIP application is available or not through VPN connection. In order to prevent virus and mal-ware attacks from client PC, both anti-virus and personal firewall software are installed to every PC. 14

19 2.4 Secure Management Infrastructure In general, there are two VoIP system management security concerns: 1. How to make the VoIP system management secure 2. How to manage the security of the network including VoIP system Key Components A management system consists of a manager and sensors. A manager is deployed in a network operation center (NOC). It analyzes information gathered by sensors, provides monitoring and operation interface for operators, and issues alerts when necessary. A sensor is embedded in a host system or deployed in LAN and gathers information such as system event logs and captured packets. There are several types of management systems. System management focuses on keeping the system working without abnormal interruption. Security information management system, which includes a centralized log database server, handles security-related event information and accuracy. Monitoring using sensors can include IP-PBXs, application servers, various gateways including firewalls and media gateways, and security devices like IDS and IPS Common Threats Since most systems take granted that access from a NOC is reliable, whole system becomes vulnerable once the NOC is compromised. Threats that result from spoofing as a NOC node must also be considered Design Guidelines The security level of a NOC area must be maintained high enough both physically and logically. You should protect the control path between a NOC and remotely operated nodes against spoofing Threat Mitigation Remote access to a NOC should be authenticated using strong authentication techniques such as two factor scheme. Also consider a VPN technology to protect sensitive control path between remotely operated system and a NOC. 15

20 3. Small Office System Model The small office system model design is represented below (Figure 3-1). system is divided into two sections. The entire Internet Edge Intranet In the Internet Edge section, the interface with PSTN and public VoIP network are added to the common small office network without VoIP. In the Intranet section, IP phones, PC-based IP Phones, and VLANs are supported. PSTN Public VoIP network Internet Edge Media/Signal Gateways IP-PBX Intranet Users * Desktop/Laptop PC * Multifunctional IP terminals Internet Router L2SW L2SW Internet Servers (mail, DNS, etc) VoIP Application Servers Intranet Servers (groupware, etc) Figure 3-1 Small Office System Model 16

VoIP Security Best Practice Vol. III Configuration Guide for Secure VoIP Systems. VoIP Security Best Practice. Vol. III. (Version: 1.

VoIP Security Best Practice Vol. III Configuration Guide for Secure VoIP Systems. VoIP Security Best Practice. Vol. III. (Version: 1. VoIP Security Best Practice Vol. III (Version: 1.3) NEC Corporation Contents 1. Introduction... 1 1.1 Abstract...1 1.2 Audience...1 1.3 Author...2 1.4 Acknowledgements...2 2. Guideline and Configuration

More information

FDIC Division of Supervision and Consumer Protection

FDIC Division of Supervision and Consumer Protection FDIC Division of Supervision and Consumer Protection Voice over Internet Protocol (VoIP) Informational Supplement June 2005 1 Summary In an attempt to control expenses, consumers and businesses are considering

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Solution Brief. Secure and Assured Networking for Financial Services

Solution Brief. Secure and Assured Networking for Financial Services Solution Brief Secure and Assured Networking for Financial Services Financial Services Solutions Page Introduction To increase competitiveness, financial institutions rely heavily on their networks to

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Voice over IP Basics for IT Technicians

Voice over IP Basics for IT Technicians Voice over IP Basics for IT Technicians White Paper Executive summary The IP phone is coming or has arrived on desk near you. The IP phone is not a PC, but does have a number of hardware and software elements

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

Security and Risk Analysis of VoIP Networks

Security and Risk Analysis of VoIP Networks Security and Risk Analysis of VoIP Networks S.Feroz and P.S.Dowland Network Research Group, University of Plymouth, United Kingdom e-mail: info@network-research-group.org Abstract This paper address all

More information

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice

More information

Attachment Q5. Voice over Internet Protocol (VoIP)

Attachment Q5. Voice over Internet Protocol (VoIP) DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the

More information

Securing VoIP Networks using graded Protection Levels

Securing VoIP Networks using graded Protection Levels Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Voice over IP (VoIP) Basics for IT Technicians

Voice over IP (VoIP) Basics for IT Technicians Voice over IP (VoIP) Basics for IT Technicians VoIP brings a new environment to the network technician that requires expanded knowledge and tools to deploy and troubleshoot IP phones. This paper provides

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Table of Contents Introduction 3 Deployment approaches 3 Overlay monitoring 3 Integrated monitoring 4 Hybrid

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

VoIP Security: How Secure is Your IP Phone?

VoIP Security: How Secure is Your IP Phone? VoIP Security: How Secure is Your IP Phone? Dan York, CISSP Director of IP Technology, Office of the CTO Chair, Mitel Product Security Team Member, Board of Directors, VoIP Security Alliance (VOIPSA) ICT

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer:

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer: DSL Access Guide DSL Access Routers ZyXEL is a leading manufacturer and supplier of DSL and Voice over IP routers. ZyXEL offer a complete portfolio of routers suited for Telecoms providers, Internet Service

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information

Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers

Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer

More information

Ingate Firewall/SIParator SIP Security for the Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...

More information

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that

More information

Mitigating the Security Risks of Unified Communications

Mitigating the Security Risks of Unified Communications 2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Mitigating the Security Risks of Unified Communications Fernando Almeida 1 +, Jose

More information

Application Note Secure Enterprise Guest Access August 2004

Application Note Secure Enterprise Guest Access August 2004 Application Note Secure Enterprise Guest Access August 2004 Introduction More and more enterprises recognize the need to provide easy, hassle-free high speed internet access to people visiting their offices,

More information

Lucent VPN Firewall Security in 802.11x Wireless Networks

Lucent VPN Firewall Security in 802.11x Wireless Networks Lucent VPN Firewall Security in 802.11x Wireless Networks Corporate Wireless Deployment is Increasing, But Security is a Major Concern The Lucent Security Products can Secure Your Networks This white paper

More information

Security Guidance for Deploying IP Telephony Systems

Security Guidance for Deploying IP Telephony Systems Report Number: I332-016R-2005 Security Guidance for Deploying IP Telephony Systems Systems and Network Attack Center (SNAC) Released: 14 February 2006 Version 1.01 SNAC.Guides@nsa.gov ii This Page Intentionally

More information

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer

More information

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios An Oracle White Paper June 2013 Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios Introduction Voice

More information

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009 Systems Development Proposal Scott Klarman March 15, 2009 Systems Development Proposal Page 2 Planning Objective: RAS Associates will be working to acquire a second location in Detroit to add to their

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

Villains and Voice Over IP

Villains and Voice Over IP Villains and Voice Over IP Heather Bonin ECE 578 March 7, 2004 Table of Contents Introduction... 3 How VOIP Works... 3 Ma Bell and her Babies... 3 VoIP: The New Baby on the Block... 3 Security Issues...

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

ehealth Ontario EMR Connectivity Guidelines

ehealth Ontario EMR Connectivity Guidelines ehealth Ontario EMR Connectivity Guidelines Version 1.3 Revised March 3, 2010 Introduction Ontario s new ehealth strategy includes the use of commercially-available high-speed Internet to meet Electronic

More information

VOIP Security Essentials. Jeff Waldron

VOIP Security Essentials. Jeff Waldron VOIP Security Essentials Jeff Waldron Traditional PSTN PSTN (Public Switched Telephone Network) has been maintained as a closed network, where access is limited to carriers and service providers. Entry

More information

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000 Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

More information

Enterprise A Closer Look at Wireless Intrusion Detection:

Enterprise A Closer Look at Wireless Intrusion Detection: White Paper Enterprise A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Josh Wright Senior Security Researcher Introduction As wireless enterprise networks become

More information

SIP Trunking with Microsoft Office Communication Server 2007 R2

SIP Trunking with Microsoft Office Communication Server 2007 R2 SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY

More information

VoIP Survivor s s Guide

VoIP Survivor s s Guide VoIP Survivor s s Guide Can you really save $, improve operations, AND achieve greater security and availability? Presented by Peggy Gritt, Founder and CEO of the VoIP A non-biased organization for the

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Security and the Mitel Teleworker Solution

Security and the Mitel Teleworker Solution Security and the Mitel Teleworker Solution White Paper July 2007 Copyright Copyright 2007 Mitel Networks Corporation. This document is unpublished and the following notice is affixed to protect Mitel Networks

More information

Secure Networks for Process Control

Secure Networks for Process Control Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

Best Practices for Outdoor Wireless Security

Best Practices for Outdoor Wireless Security Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged

More information

Session Border Controllers in Enterprise

Session Border Controllers in Enterprise A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing

More information

Hosted Voice. Best Practice Recommendations for VoIP Deployments

Hosted Voice. Best Practice Recommendations for VoIP Deployments Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

Voice over IP (VoIP) for Telephony. Advantages of VoIP Migration for SMBs BLACK BOX. 724-746-5500 blackbox.com

Voice over IP (VoIP) for Telephony. Advantages of VoIP Migration for SMBs BLACK BOX. 724-746-5500 blackbox.com Voice over IP (VoIP) for Telephony Advantages of VoIP Migration for SMBs BLACK BOX Hybrid PBX VoIP Gateways SIP Phones Headsets 724-746-5500 blackbox.com Table of Contents Introduction...3 About Voice

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

VOIP SECURITY ISSUES AND RECOMMENDATIONS

VOIP SECURITY ISSUES AND RECOMMENDATIONS VOIP SECURITY ISSUES AND RECOMMENDATIONS Sathasivam Mathiyalakan MSIS Department, College of Management, University of Massachusetts Boston Phone: (617) 287 7881; Email: Satha.Mathiyalakan@umb.edu ABSTRACT

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

IP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract

IP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private

More information

Principles of VoIP Security. VoIP Security Best Practice. Vol. I. Principles of VoIP Security (Version: 1.3) NEC Corporation

Principles of VoIP Security. VoIP Security Best Practice. Vol. I. Principles of VoIP Security (Version: 1.3) NEC Corporation VoIP Security Best Practice (Version: 1.3) NEC Corporation Liability Disclaimer NEC Corporation reserves the right to change the specifications, functions, or features, at any time, without notice. NEC

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Proprietary 2011 Media5 Corporation Table of Contents Introduction... 3 Solution Overview... 3 Network Topology... 4 Network Configuration...

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion

More information

NETWORK SECURITY (W/LAB) Course Syllabus

NETWORK SECURITY (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

Threat Mitigation for VoIP

Threat Mitigation for VoIP Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities

More information

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Load Balancing for Microsoft Office Communication Server 2007 Release 2 Load Balancing for Microsoft Office Communication Server 2007 Release 2 A Dell and F5 Networks Technical White Paper End-to-End Solutions Team Dell Product Group Enterprise Dell/F5 Partner Team F5 Networks

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

E-Guide. Sponsored By:

E-Guide. Sponsored By: E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

More information

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com

VOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

Design and Implementation Guide. Apple iphone Compatibility

Design and Implementation Guide. Apple iphone Compatibility Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection

More information

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge

More information

ICANWK406A Install, configure and test network security

ICANWK406A Install, configure and test network security ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with

More information

Data Security in a Converged Network

Data Security in a Converged Network Data Security in a Converged Network A Siemens White Paper Author: Contributors: Joel A. Pogar National Practice Manager Secure Network Services Joel.Pogar@icn.siemens.com Jeff Corcoran Solutions Architect,

More information

Secure VoIP for optimal business communication

Secure VoIP for optimal business communication White Paper Secure VoIP for optimal business communication Learn how to create a secure environment for real-time audio, video and data communication over IP based networks. Andreas Åsander Manager, Product

More information

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport

More information

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business. www.megapath.com

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business. www.megapath.com Wireless Services The Top Questions to Help You Choose the Right Wireless Solution for Your Business Get Started Now: 877.611.6342 to learn more. www.megapath.com Why Go Wireless? Today, it seems that

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

Wireless Security with Cyberoam

Wireless Security with Cyberoam White paper Cyberoam UTM Wireless Security with Cyberoam Robust, Fault-tolerant security is a must for companies sporting wireless networks. Cyberoam UTM strengthens the existing Wireless Security Architecture

More information

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP (VoIP) Denial of Service (DoS) Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based

More information

Multi-layered Security Solutions for VoIP Protection

Multi-layered Security Solutions for VoIP Protection Multi-layered Security Solutions for VoIP Protection Copyright 2005 internet Security Systems, Inc. All rights reserved worldwide Multi-layered Security Solutions for VoIP Protection An ISS Whitepaper

More information

ZyXEL V100 Support Notes. ZyXEL V100. (V100 Softphone 1 Runtime License) Support Notes

ZyXEL V100 Support Notes. ZyXEL V100. (V100 Softphone 1 Runtime License) Support Notes ZyXEL V100 (V100 Softphone 1 Runtime License) Support Notes Version 1.00 April 2009 1 Contents Overview 1. Overview of V100 Softphone...3 2. Setting up the V100 Softphone.....4 3. V100 Basic Phone Usage.....7

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Security Awareness. Wireless Network Security

Security Awareness. Wireless Network Security Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition

More information