Models of Secure VoIP Systems. VoIP Security Best Practice. Vol. II. Models of Secure VoIP Systems (Version: 1.2) NEC Corporation
|
|
- Erik Fowler
- 8 years ago
- Views:
Transcription
1 VoIP Security Best Practice (Version: 1.2) NEC Corporation
2 Liability Disclaimer NEC Corporation reserves the right to change the specifications, functions, or features, at any time, without notice. NEC Corporation has prepared this document for the exclusive use of its employees and customers. The information contained herein is the property of NEC Corporation and shall not be reproduced without prior written approval from NEC Corporation. UNIVERGE is a registered trademark of NEC Corporation. Some of the NEC products identified in this document may not be available in certain regional markets. Please contact your NEC representative for availability NEC Corporation MS-DOS, Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation. All other brand or product names are or may be trademarks or registered trademarks of, and are used to identify products or services of, their respective owners.
3 Contents 1. Introduction Abstract Audience Authors Acknowledgments General Model of Secure VoIP Systems VoIP Infrastructure Key Components Common Threats Design Guidelines Threat Mitigation Network Infrastructure Key Components Common Threats Design Guidelines Threat Mitigation User Access Infrastructure Key Components Common Threats Design Guidelines Threat Mitigation Secure Management Infrastructure Key Components Common Threats Design Guidelines Threat Mitigation Small Office System Model Internet Edge Key Components Threats Design Guidelines Threat Mitigation Intranet Key Components Threats Design Guidelines Threat Mitigation Large Enterprise Office System Model...21
4 4.1 Centralized IP-PBX Model Internet Edge Key Components Threats Design Guidelines Threat Mitigation Enterprise Server Farm Key Components Threats Design Guidelines Threat Mitigation Main Office Key Components Threats Design Guidelines Threat Mitigation Branch Office Key Components Threats Design Guidelines Threat Mitigation Distributed IP-PBX Model Branch Office Key Components Threats Design Guidelines Threat Mitigation... 31
5 1. Introduction 1.1 Abstract Network security represents an apex of concern for every organization these days. Regulations are both vastly increasing and coming to pass in most regions. Security breaches may damage reputations and loss of business opportunities; and, while the IP telephony solutions can produce a new style of office communication and reduce network costs, it adds complexity onto development and maintenance. Corporate networks are vastly impacted due to the unique network nature of IP telephony systems and the coexistence of data traffic and voice traffic. The purpose of the UNIVERGE VoIP Security Best Practices series is to illustrate basic guidance for secure deployment and maintenance of the UNIVERGE telephony systems. This document is Volume II of a series of Security Best Practice for designing and implementing secure IP telephony systems. Volume II provides general examples for designing secure IP telephony systems in accordance with the principles provided in the Volume I. Volume II also presents an overview of the secure IP telephony architecture, and then details the specific modules that make up the actual network design. This document begins with an overview of secure VoIP system architecture. The VoIP system is composed of four infrastructures, VoIP, network, user access and secure management infrastructures. Key components and security threats of each infrastructure are explained in section 2. After explaining every infrastructure, sections 3 and 4 provide two network examples for a small office and large enterprise network. These examples are useful for system integrators to design and implement secure VoIP system. 1
6 1.2 Audience The UNIVERGE VoIP Security Best Practices series is intended for network and system managers. Although this document is essentially technical, it can be read without understanding network and system details. This document is composed of volumes intended to provide proper information in proportion to your purpose. If you would like to understand the security overview, please refer to both Volume I and Volume II. If you are interested in integrating secure VoIP systems, refer to both Volume II and Volume III. Since comprehensive security for a corporate network includes too many aspects to cover, in this series, we focus on basic issues tailored to IP telephony systems. For example, we presume that your organization already has a security policy. NEC does not recommend deploying any security technology and device without first establishing the security policy. 1.3 Authors Mr. Teruharu Serada and Mr. Toshio Miyachi are the primary authors of this white paper. Mr. Miyachi studied network and VoIP security, providing technological expertise to the NEC Broadband Solutions Planning Division. He is responsible for assisting in the establishment of NEC s corporate strategy for product security within the NEC Corporate IT Division. Mr. Serada works within UNIVERGE product and solution planning as a network security technology expert within the UNIVERGE Solutions Promotion Division. 1.4 Acknowledgments Special thanks to Mr. Sam Safa and Ms. Laura Hammett for their technical and grammatical refinement of our manuscript. 2
7 2. General Model of Secure VoIP Systems VoIP systems enable the transfer of voice data over an IP network. VoIP systems also enable new applications that integrate voice and data services. VoIP system users can, for example, retrieve a phone number from a web-based directory service and make a call using a click of a mouse. VoIP systems consist of the following subsystems/infrastructures as shown in Figure 2-1 and Figure 2-2: (1) VoIP infrastructure The VoIP infrastructure provides VoIP-based telephony service to users. According to data and voice integration, the users are provided not only legacy telephony service but access to new IP telephony applications, such as a web-based telephone directory. (2) IP Network infrastructure The IP network infrastructure enables IP communication between entities. It is also deployed widely for IP communication. Since traffic for IP telephony systems is real-time in nature, QoS requirements should be taken into account. (3) User Access infrastructure The User Access network infrastructure provides the access methods to the VoIP users. Users may access the VoIP system from the Internet and/or the Intranet. Within the office, they can access the VoIP infrastructure via wired or wireless LAN. In the internet, they can access the VoIP infrastructure via remote access system. (4) Management System infrastructure The management system infrastructure provides the VoIP management functions. This enables the system administrators to configure, customize and maintain every entity of VoIP system. 3
8 VoIP User Access User Data Access IP Network Infrastructure VoIP Data Service Management System Infrastructure Figure 2-1 A Network Model including a VoIP System Remote access from the Internet User access network IP infrastructure (including Router, Switch and DNS servers) Other VoIP system VoIP Infrastructure IP-PBX Terminals PSTN Public VoIP Network Media/Signal gateways Application Servers Figure 2-2 A Typical VoIP System 4
9 2.1 VoIP Infrastructure The VoIP infrastructure provides VoIP-based telephony service to users. Compared with traditional PBXs, VoIP infrastructure provides the integration with other network applications Key Components The key components in the VoIP infrastructure are the following: (1) IP-PBXs IP-PBXs provide basic telephony features for users. The IP-PBXs set up and monitor calls, maintain the dial plan, perform phone number translation, authorize users, and coordinate the call signaling. (2) VoIP Gateways VoIP Gateways are responsible for call origination, detection, analog-to-digital voice conversion, and creation of voice packets. In addition, media gateways may provide optional features, such as voice compression, echo cancellation, silence suppression, and statistic gathering. (3) Application Servers Compared with traditional PBXs, VoIP systems allow for much tighter integration with other applications on an enterprise network. For example, voice mail service, telephone directory service and Unified Messaging Service (UMS) are implemented as VoIP network applications. These services will be offered to users through an application server. An IP-PBX provides IP-based telephony service for users. The IP-PBX can be divided into two functions: one to process the signals and one to set up calls. The IP-PBX is treated as a single entity, since almost all IP-PBXs are implemented on a single device. The UNIVERGE SV7000 and APEXi series (in Japanese market) are classified as the IP-PBXs within NEC s product portfolio. The IP-PBX provides the communication interface between the application servers, as it provides integrated telephony service to users applications. In addition to providing an interface between the users terminal, an IP-PBX also provides and interface between multiple VoIP gateways that allow communications with other organizations IP-PBXs. 5
10 A VoIP gateway is responsible for the connecting an IP-PBX to an external telephony network (ISDN network, Japanese 050 public VoIP network and so on). A VoIP gateway can include signal and/or media gateway functions. The signal gateway function is responsible for the translation of the VoIP call control protocol (SIP and H.323) into the legacy PSTN signal protocol (ISUP, SS7 and so on). The media gateway function mediates the media signals between the IP network and the circuit switched or traditional telephone network. While many vendors may have separate devices used to perform the media and signal gateway functions, NEC s products, such as MG(BRI), MG(PRI), MG(SIP) and MC-MG can perform both functions in a single device; therefore, this paper treats the VoIP gateway as a single entity. An Application server is responsible for providing service to VoIP applications such as Web telephone directories service, Unified Messaging Service (integrates , FAX and voice mail) and Presence Service (collects and distributes users presence information) Common Threats The following represent considerable threats: General attacks from the Internet and intranet Exploits of the systems vulnerability Thefts of the equipment and information from all entities Threats specific to the IP-PBX: Unauthorized users access Call interception by a malicious user impersonating an authorized user Toll fraud attempts from the intranet users System failure caused by power failure or network down Unveiling sensitive information Person In-The Middle (PITM) attacks (A malicious user can behave as the IP-PBX or the users terminal.) Replay attacks Threats specific to the VoIP gateway: Toll fraud attempts from the Internet users DoS and various other malicious attacks from outside the LAN DoS and various other malicious attacks from within the LAN to a public network (Not assuming the position of attacker is as important as not positioning oneself as a victim, as either can cause many severe monetary or brand image losses.) Threats specific to the Application Server: Unauthorized access to the application server 6
11 2.1.3 Design Guidelines The traffic within a subsystem and across subsystems should be controlled adequately by the access controls. Only critical VoIP service and maintenance should be accepted, while unnecessary traffic should be dropped. IP-PBX authenticates the user to protect from the malicious user s access. Authentication ensures that services are only provided to appropriate users, protecting them from abuse and toll fraud. For traffic encryption, an encryption key agreement should be performed during the authentication process. Traffic encryption prevents the attackers from capturing the signal and media traffic, which prevent attackers from attempting to gain unauthorized access or request call termination. To mitigate the possibilities of call interception and confidential information disclosure, both signaling and media protocol communication must be encrypted. When an encryption mechanism is adopted, key parameters for encryption must be set on both the IP-PBX and the terminal. Deploying such encryption can also provide security from a malicious user trying to gain access. When an IP-PBX service stops, a user cannot utilize any VoIP services. This may result in the immediate loss of revenue or business. An IP-PBX must continue providing service despite any failures such as power failure or disaster. In order to maintain the availability of the IP-PBX during any failures, fault tolerance should be considered in the initial network design. User authentication and authorization must not only take place on an IP-PBX but also on network application servers. Such access methods can greatly reduce and deny malicious users attempting to impersonate another authorized user Threat Mitigation In general, traffic across subsystems should be controlled by access control functions within a firewall to protect from network resource consumption and attacks from malicious users. In order to maintain the confidentiality of all traffic, both signal and media streams should be encrypted. Encryption allows mitigation from information leakage threats. Each VoIP infrastructure entity should also be physically protected, preventing attackers trying to steal users confidential information. Furthermore, since VoIP gateways are typically exposed to the DoS attack threats by the nature of having a connection to external public networks, a firewall device should be considered to mitigate the possibility of such DoS attacks (i.e. UDP flood attack). A firewall can not only be used to mitigate such attacks, but also prevent the other attacks by enabling additional features, like traffic shaping and protocol anomaly detection functions. An Intrusion Detection/Prevention System (IDS or IPS) can also be adequately deployed and used to mitigate from DoS attacks and unauthorized access threats. 7
12 When an IP-PBX authenticates a user, malicious attacks targeted to impersonate a user are prevented and greatly reduced. Authentication must be mutual to prevent the Person In-The Middle (PITM) attacks. While the IP-PBX authenticates the user, the user can also verify whether the IP-PBX which (s)he is communicating with is the right server or not. To mitigate the possibilities of call interception and unveiling of confidential information, signaling and media protocol communication need to be encrypted. A key agreement is needed when VoIP communication is encrypted. As shown in Figure 2-3, two encryption keys must be agreed upon. One key is for call signaling encryption key shared by both IP-PBX and each terminal, and the other key is for a media stream encryption key shared by the two communicating terminals. Mutual authentication and call signaling key agreements between the user and the IP-PBX is done at the same time. A media encryption key is provided by IP-PBX or is securely exchanged between terminals. These keys should not be unveiled to anyone, including the administrators, for security reasons. IP-PBX Signal (encrypted) Signal (encrypted) Media Stream (encrypted) Signal Encryption Key Media Encryption Key Terminal Figure 2-3 Two Types of Encryption Keys Since the VoIP system software is complex (see Volume I for more information), it may include many vulnerabilities. All entities in a VoIP system must have software updating mechanism. When a vulnerability is reported by the vendor and the patch is provided, it should be applied as soon as possible. In order to maintain the availability of the IP-PBX during any failures, fault tolerance should be considered in the initial network design. The IP-PBX and application servers should have redundancy, allowing for provisioning when an accident, breakdown and/or the maintenance of equipment take place. Adopting UPS (uninterruptible power supplies) enables power failover redundancy to the VoIP system. 8
13 2.2 Network Infrastructure The network infrastructure is responsible for connecting each node in the VoIP system Key Components The following represent key components in the network infrastructure: Switch (layer 2, layer 3) Router Firewall These are the same components in an IP network infrastructure without the VoIP system. It is important for the VoIP network infrastructure to divide logically the whole network into voice and data network. So, a Layer 2/3 (L2/L3) switch is required with support for Virtual LANs (VLAN). The firewall has the responsibility for keeping the network secure from other networks as it is normally deployed at the point where the networks connect. The firewall applies security policy rules to control traffic that flows in and out of the protected network by utilizing packet filtering and traffic shaping features. For that reason, a firewall function should be carefully deployed. A firewall can be implemented in various ways. It can be implemented as an application level gateway, termination point for all TCP and UDP connection, and/or as a traffic filtering device which inspects and routes all incoming and outgoing packets. When an organization deploys a VoIP system on existing IP network, the firewall function required by the VoIP system can coexist with an existing firewall without violating the organizations security policy. The firewall devices that have stateful packet inspection function are now very widely deployed. If the stateful inspection technologies are used with VoIP, it has the responsibility for the following to: Protect irregular flow packets. This prevents replay and UDP flood attacks. Open and close the necessary UDP ports used by an RTP stream. These ports are usually closed and are opened when the firewall need to pass RTP traffic stream. Not all firewall devices can support NEC s SIP implementation. firewall products is listed in Volume III. A list of supported 9
14 2.2.2 Common Threats The following represent considerable threats within the network infrastructure: Unauthorized access and toll fraud from malicious users in the Internet or intranet users DoS attacks from malicious users in the Internet and intranet users Design Guidelines It is highly recommended to physically or logically separate Voice from Data networks. VoIP system is implemented over an existing IP network; however the traffic requirements for VoIP applications are different from data. As described in Volume I, VoIP traffic, unlike data, is real-time and delay-sensitive in nature. Firewalls are used to control and filter the inappropriate traffic in the same way as they are used to secure the data network. The VoIP system consists of many subsystems that have many key components. Inter-subsystem communication and inter-components communication can be transmitted via firewalls. A firewall mitigates the possibility of DoS and unauthorized access. Some firewall products inspect the signal packets and, when needed by a media stream can open or close required UDP ports. When the VoIP communication is encrypted, the firewall cannot analyze the SDP (Session Description Protocol) payload. As a result, it may be unable to adequately open or close ports. Whether VoIP communication (or SIP signal communication) should be encrypted or not, may be dependent on the existence of a firewall in an IP network. In addition, it is also important to consider that when Network Address Translation (NAT) is used in the communication route, VoIP and/or SIP communications may not work. Since the sender s IP address is included in the SIP/SDP packets like FTP PORT mode, SIP/SDP address translation is needed. Without such a function NAT with VoIP communication may not work. Hence an alternative solution should be considered Threat Mitigation VLAN technology makes logical separation of the network easier. All entities in the network infrastructure should support VLAN. The separation of collision domains mitigates the risk from DoS attacks or packet sniffing. If the VoIP system administrator wants to improve the quality of the telephony service, QoS-enabled switches and routers are recommended to be deployed. Since VoIP system is implemented over a common IP network infrastructure, an internal malicious user can easily cause a DoS attack by sending bogus packets or replay packets. 10
15 To mitigate from DoS attack possibilities, it is recommended to segment the whole network into smaller sub-networks and deploy access controls within the sub-networks. Voice and data networks should be separated, moreover clients and server networks should also be separated (Figure 2-4). The communications across the sub-networks should be controlled with a Layer 3 switch (L3SW) or firewall, and only legitimate communication can be passed by that device. For an IP phone, the following represent legitimate communications: Call signal communication between the IP phone and the IP-PBX Media stream communication between terminals Illegitimate communication must be filtered. Deciding what to filter out is dependent on the type of communication system being deployed. The system integrator must confirm that the port-numbers and protocols to be used and confirm that the unnecessary communications will be filtered. RFC2827-based ingress filtering should also be carried out using such device xbased authentication VoIP terminal sub-network VoIP server sub-network Physical protection WLAN IP phone IP phone MAC addressbased control Wireless LAN controllers L2SW IP-PBX VoIP application Servers Access Control (by Firewall or L3SW) Intranet servers PC with Softphone PCs Directory servers Data client sub-network Data server sub-network Figure 2-4 Countermeasures Against DoS Attacks In order to make DoS countermeasures more effective, it is recommended that a malicious device is unable to connect to the network. For example, a Layer 2 switch (L2SW) should perform a MAC address check before allowing a newly deployed IP phone to connect. When a wireless IP phone (ex. NEC MH210 series) is deployed, the phone should be authenticated using 802.1X protocols. In the server network, the equipment must be physically protected in order to prevent the attackers connecting the network and attacking the nodes. 11
16 2.3 User Access Infrastructure Key Components User access infrastructure includes terminal devices and access paths as shown in Figure 2-5, through which users make use of IP telephone system service. User Terminal Device Access Path Network Infrastructure Soft-phone Hard-phone LAN Wireless LAN Remote access Figure 2-5 User Access Infrastructure A terminal device is either an IP phone or a PC-based IP phone, which is a PC with special application software and a hand-set or a head-set. In most cases, an access path is either a wired LAN or a wireless LAN. A wired LAN includes hubs and switches. A wireless LAN includes access points and authentication servers. Both LANs may include a DHCP server and a DNS server. A remote access system, which implements a secure virtual path with IPsec technology, SSL and any other, may be deployed to access an in-house IP telephone system from a remote site. Its main component is a remote access gateway such as IPSec and SSL-VPN gateway products Common Threats There are many potential threats to VoIP systems from within user access infrastructures. This includes: Eavesdropping and gathering of calling history through interception of LAN or wireless LAN False terminal devices by spoofing another terminal device Virus and mal-ware attacks from PCs connected to the same LAN or wireless LAN Design Guidelines When possible, separate LAN segments into LANs for data traffic and those for voice, 12
17 physically or logically with virtual LAN (VLAN) capability. The WLAN is more exposed to the threat than wired LAN, since physical access to the WLAN is far easier than to the wired LAN. A radio wave from WLAN access point can be transmitted through a wall, a wooden door, a window and so on. To mitigate the possibility of un-authorized access via WLAN, perform a communication encryption (layer 2 data) and terminal or mutual authentication. This action also causes the mitigation of the possibility of DoS attack to the VoIP systems, for preventing the malicious terminals from connecting the in-house network. When choosing a remote access gateway product, it is highly recommended to check for compatibility with VoIP systems Threat Mitigation It is highly recommended that whole network is separated into data and voice networks. When IP-phone has multiple network interfaces (for PC and network), PCs may be connected to the network via IP-phone (so called daisy chaining) as shown in Figure 2-6. In such cases, IP phone can insert a VLAN tag into the packets generated by the IP phone and pass the packets from PC without inserting VLAN tag thus allowing the network layer 2 switches to separate voice from data traffic. Packet from PC (untagged) Packet from IP phone (with VLAN-tag) L2SW PC and IP phone is connected to single port. Figure 2-6 PC and IP Phone Connection 13
18 The following encryption and authentication features and algorithms can be used in based WLAN system. Terminal authentication SSID authentication Shared key authentication (used together with WEP encryption) MAC address-based access control 802.1X and EAP authentication (EAP-MD5, EAP-LEAP, EAP-TLS, EAP-TTLS, PEAP) Communication encryption WEP (Wired Equivalent Privacy) 64bits key length encryption 128bits key length encryption WPA / TKIP encryption (with integrity check) WPA2 / AES CBC-MAC Protocol (CCMP) In case of WLAN usage within a corporate network, 802.1X authentication and dynamic key management mechanism (dynamic WEP, WPA and WPA2) should be used to keep the same security level as wired LAN. The SSID authentication and shared key authentication does not provide any reliable authentication. WEP does not provide enough confidentiality, because its key management is too poor for the attacker to decrypt encrypted packets. SSL-based remote access system (so called SSL-VPN) and IPSec-based remote access system (so called IPSec-VPN) is widely deployed. Both systems have their pros and cons. In general, SSL-VPN is easy to use. However SSL-VPN does not support all IP applications. The products themselves determine if the application is supported. On the other hand, all IP applications are accessible through the IPSec-VPN connections, but it requires client software installation. If the remote access system is already deployed, the system integrator must confirm whether the VoIP application is available or not through VPN connection. In order to prevent virus and mal-ware attacks from client PC, both anti-virus and personal firewall software are installed to every PC. 14
19 2.4 Secure Management Infrastructure In general, there are two VoIP system management security concerns: 1. How to make the VoIP system management secure 2. How to manage the security of the network including VoIP system Key Components A management system consists of a manager and sensors. A manager is deployed in a network operation center (NOC). It analyzes information gathered by sensors, provides monitoring and operation interface for operators, and issues alerts when necessary. A sensor is embedded in a host system or deployed in LAN and gathers information such as system event logs and captured packets. There are several types of management systems. System management focuses on keeping the system working without abnormal interruption. Security information management system, which includes a centralized log database server, handles security-related event information and accuracy. Monitoring using sensors can include IP-PBXs, application servers, various gateways including firewalls and media gateways, and security devices like IDS and IPS Common Threats Since most systems take granted that access from a NOC is reliable, whole system becomes vulnerable once the NOC is compromised. Threats that result from spoofing as a NOC node must also be considered Design Guidelines The security level of a NOC area must be maintained high enough both physically and logically. You should protect the control path between a NOC and remotely operated nodes against spoofing Threat Mitigation Remote access to a NOC should be authenticated using strong authentication techniques such as two factor scheme. Also consider a VPN technology to protect sensitive control path between remotely operated system and a NOC. 15
20 3. Small Office System Model The small office system model design is represented below (Figure 3-1). system is divided into two sections. The entire Internet Edge Intranet In the Internet Edge section, the interface with PSTN and public VoIP network are added to the common small office network without VoIP. In the Intranet section, IP phones, PC-based IP Phones, and VLANs are supported. PSTN Public VoIP network Internet Edge Media/Signal Gateways IP-PBX Intranet Users * Desktop/Laptop PC * Multifunctional IP terminals Internet Router L2SW L2SW Internet Servers (mail, DNS, etc) VoIP Application Servers Intranet Servers (groupware, etc) Figure 3-1 Small Office System Model 16
VoIP Security Best Practice Vol. III Configuration Guide for Secure VoIP Systems. VoIP Security Best Practice. Vol. III. (Version: 1.
VoIP Security Best Practice Vol. III (Version: 1.3) NEC Corporation Contents 1. Introduction... 1 1.1 Abstract...1 1.2 Audience...1 1.3 Author...2 1.4 Acknowledgements...2 2. Guideline and Configuration
More informationFDIC Division of Supervision and Consumer Protection
FDIC Division of Supervision and Consumer Protection Voice over Internet Protocol (VoIP) Informational Supplement June 2005 1 Summary In an attempt to control expenses, consumers and businesses are considering
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationSolution Brief. Secure and Assured Networking for Financial Services
Solution Brief Secure and Assured Networking for Financial Services Financial Services Solutions Page Introduction To increase competitiveness, financial institutions rely heavily on their networks to
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationVoice Over IP and Firewalls
Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationVOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationSecurity and Risk Analysis of VoIP Networks
Security and Risk Analysis of VoIP Networks S.Feroz and P.S.Dowland Network Research Group, University of Plymouth, United Kingdom e-mail: info@network-research-group.org Abstract This paper address all
More informationVoice over IP Basics for IT Technicians
Voice over IP Basics for IT Technicians White Paper Executive summary The IP phone is coming or has arrived on desk near you. The IP phone is not a PC, but does have a number of hardware and software elements
More informationBest Practices for Securing IP Telephony
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
More informationFirewall-Friendly VoIP Secure Gateway and VoIP Security Issues
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationOverview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationSecuring VoIP Networks using graded Protection Levels
Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract
More informationHow To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack
DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationAchieving Truly Secure Cloud Communications. How to navigate evolving security threats
Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.
More informationVoice over IP (VoIP) Basics for IT Technicians
Voice over IP (VoIP) Basics for IT Technicians VoIP brings a new environment to the network technician that requires expanded knowledge and tools to deploy and troubleshoot IP phones. This paper provides
More informationA Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model
A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Table of Contents Introduction 3 Deployment approaches 3 Overlay monitoring 3 Integrated monitoring 4 Hybrid
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationIPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationVoIP Security: How Secure is Your IP Phone?
VoIP Security: How Secure is Your IP Phone? Dan York, CISSP Director of IP Technology, Office of the CTO Chair, Mitel Product Security Team Member, Board of Directors, VoIP Security Alliance (VOIPSA) ICT
More informationHow To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses
Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer
More informationDraft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications
Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that
More informationMitigating the Security Risks of Unified Communications
2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Mitigating the Security Risks of Unified Communications Fernando Almeida 1 +, Jose
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationConnecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP
Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual
More informationZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer:
DSL Access Guide DSL Access Routers ZyXEL is a leading manufacturer and supplier of DSL and Voice over IP routers. ZyXEL offer a complete portfolio of routers suited for Telecoms providers, Internet Service
More informationSecurity Guidance for Deploying IP Telephony Systems
Report Number: I332-016R-2005 Security Guidance for Deploying IP Telephony Systems Systems and Network Attack Center (SNAC) Released: 14 February 2006 Version 1.01 SNAC.Guides@nsa.gov ii This Page Intentionally
More informationCconducted at the Cisco facility and Miercom lab. Specific areas examined
Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security
More informationRAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009
Systems Development Proposal Scott Klarman March 15, 2009 Systems Development Proposal Page 2 Planning Objective: RAS Associates will be working to acquire a second location in Detroit to add to their
More informationCisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers
Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer
More informationComparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios
An Oracle White Paper June 2013 Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios Introduction Voice
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationVOIP Security Essentials. Jeff Waldron
VOIP Security Essentials Jeff Waldron Traditional PSTN PSTN (Public Switched Telephone Network) has been maintained as a closed network, where access is limited to carriers and service providers. Entry
More informationIngate Firewall/SIParator SIP Security for the Enterprise
Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...
More informationSIP Trunking with Microsoft Office Communication Server 2007 R2
SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationehealth Ontario EMR Connectivity Guidelines
ehealth Ontario EMR Connectivity Guidelines Version 1.3 Revised March 3, 2010 Introduction Ontario s new ehealth strategy includes the use of commercially-available high-speed Internet to meet Electronic
More informationEnterprise A Closer Look at Wireless Intrusion Detection:
White Paper Enterprise A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Josh Wright Senior Security Researcher Introduction As wireless enterprise networks become
More informationApplication Note Secure Enterprise Guest Access August 2004
Application Note Secure Enterprise Guest Access August 2004 Introduction More and more enterprises recognize the need to provide easy, hassle-free high speed internet access to people visiting their offices,
More informationLucent VPN Firewall Security in 802.11x Wireless Networks
Lucent VPN Firewall Security in 802.11x Wireless Networks Corporate Wireless Deployment is Increasing, But Security is a Major Concern The Lucent Security Products can Secure Your Networks This white paper
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationVoIP Survivor s s Guide
VoIP Survivor s s Guide Can you really save $, improve operations, AND achieve greater security and availability? Presented by Peggy Gritt, Founder and CEO of the VoIP A non-biased organization for the
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationVillains and Voice Over IP
Villains and Voice Over IP Heather Bonin ECE 578 March 7, 2004 Table of Contents Introduction... 3 How VOIP Works... 3 Ma Bell and her Babies... 3 VoIP: The New Baby on the Block... 3 Security Issues...
More informationVOIP SECURITY ISSUES AND RECOMMENDATIONS
VOIP SECURITY ISSUES AND RECOMMENDATIONS Sathasivam Mathiyalakan MSIS Department, College of Management, University of Massachusetts Boston Phone: (617) 287 7881; Email: Satha.Mathiyalakan@umb.edu ABSTRACT
More informationHosted Voice. Best Practice Recommendations for VoIP Deployments
Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationPrinciples of VoIP Security. VoIP Security Best Practice. Vol. I. Principles of VoIP Security (Version: 1.3) NEC Corporation
VoIP Security Best Practice (Version: 1.3) NEC Corporation Liability Disclaimer NEC Corporation reserves the right to change the specifications, functions, or features, at any time, without notice. NEC
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationSecurity and the Mitel Teleworker Solution
Security and the Mitel Teleworker Solution White Paper July 2007 Copyright Copyright 2007 Mitel Networks Corporation. This document is unpublished and the following notice is affixed to protect Mitel Networks
More informationTechnical Standards for Information Security Measures for the Central Government Computer Systems
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
More informationLoad Balancing for Microsoft Office Communication Server 2007 Release 2
Load Balancing for Microsoft Office Communication Server 2007 Release 2 A Dell and F5 Networks Technical White Paper End-to-End Solutions Team Dell Product Group Enterprise Dell/F5 Partner Team F5 Networks
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationSession Border Controllers in Enterprise
A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing
More informationDesign and Implementation Guide. Apple iphone Compatibility
Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new
More informationVoIP Security regarding the Open Source Software Asterisk
Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de
More informationBasic Vulnerability Issues for SIP Security
Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationVoice over IP (VoIP) for Telephony. Advantages of VoIP Migration for SMBs BLACK BOX. 724-746-5500 blackbox.com
Voice over IP (VoIP) for Telephony Advantages of VoIP Migration for SMBs BLACK BOX Hybrid PBX VoIP Gateways SIP Phones Headsets 724-746-5500 blackbox.com Table of Contents Introduction...3 About Voice
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationVoice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005
Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in
More informationVOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com
VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationIP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract
Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private
More informationWireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business. www.megapath.com
Wireless Services The Top Questions to Help You Choose the Right Wireless Solution for Your Business Get Started Now: 877.611.6342 to learn more. www.megapath.com Why Go Wireless? Today, it seems that
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationConfiguring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011
Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Proprietary 2011 Media5 Corporation Table of Contents Introduction... 3 Solution Overview... 3 Network Topology... 4 Network Configuration...
More informationThreat Mitigation for VoIP
Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities
More informationSIP Trunking Configuration with
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
More informationWireless Security with Cyberoam
White paper Cyberoam UTM Wireless Security with Cyberoam Robust, Fault-tolerant security is a must for companies sporting wireless networks. Cyberoam UTM strengthens the existing Wireless Security Architecture
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationZyXEL V100 Support Notes. ZyXEL V100. (V100 Softphone 1 Runtime License) Support Notes
ZyXEL V100 (V100 Softphone 1 Runtime License) Support Notes Version 1.00 April 2009 1 Contents Overview 1. Overview of V100 Softphone...3 2. Setting up the V100 Softphone.....4 3. V100 Basic Phone Usage.....7
More informationComputer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection
More informationSecure VoIP for optimal business communication
White Paper Secure VoIP for optimal business communication Learn how to create a secure environment for real-time audio, video and data communication over IP based networks. Andreas Åsander Manager, Product
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationRon Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems
Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationData Security in a Converged Network
Data Security in a Converged Network A Siemens White Paper Author: Contributors: Joel A. Pogar National Practice Manager Secure Network Services Joel.Pogar@icn.siemens.com Jeff Corcoran Solutions Architect,
More informationCyber Security Where Do I Begin?
ISPE Automation Forum Cyber Security Where Do I Begin? Don Dickinson Project Engineer Phoenix Contact ..50% more infected Web pages Click in the on one last and three you months won t of notice 2008 than
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More information