Voice over IP Security

Size: px
Start display at page:

Download "Voice over IP Security"

Transcription

1 Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana USA

2 vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with VoIP 5 VoIP Benefits 6 VoIP Disadvantages 8 Sources of Vulnerability 10 IP-Based Network Infrastructure 10 Open or Public Networks 11 Open VoIP Protocol 11 Exposed Interface 11 Real-Time Communications 11 Mobility 11 Lack of Security Features and Devices 11 Voice and Data Integration 12 Vulnerable Components 12 Myths Versus Reality 14 Legacy Versus VoIP Systems 14 Protecting Networks Using Strict Authentication and Encryption 14 Protecting Networks Using a Data Security Infrastructure 15 Summary 15 End Notes 16 References 16 Chapter 2 VoIP Threat Taxonomy 19 Threats Against Availability 20 Call Flooding 20 Malformed Messages (Protocol Fuzzing) 22 Spoofed Messages 24 Call Teardown 25 Toll Fraud 26 Call Hijacking 26 Registration Hijacking 27 Media Session Hijacking 27 Server Impersonating 28 QoS Abuse 29

3 VIII Threats Against Confidentiality 30 Eavesdropping Media 30 Call Pattern Tracking 32 Data Mining 33 Reconstruction 34 Threats Against Integrity 34 Message Alteration 35 Call Rerouting 35 Call Black Holing 36 Media Alteration 37 Media Injection 37 Media Degrading 38 Threats Against Social Context 38 Misrepresentation 39 Call Spam (SPIT) 39 IM Spam (SPIM) 40 Presence Spam (SPPP) 41 Phishing 42 Summary 43 End Notes 44 References 44 Chapter 3 Security Profiles in VoIP Protocols 47 H Overview 48 Components 49 Basic Call Flow 50 Security Profiles 52 H.235 Annex D (Baseline Security) 54 H.235 Annex E (Signature Security) 55 H.235 Annex F (Hybrid Security) 56 SIP 57 Overview 58 Components 58 Basic Call Flow 60 Session Setup Example 61

4 ix Security Profiles 67 Digest Authentication 68 Identity Authentication 69 Secure/Multipurpose Internet Mail Extensions (S/MIME) 70 Secure RTP 71 TLS 71 IPSec 73 MGCP 74 Overview 74 Basic Call Flow 75 Security Profiles 75 Summary 78 End Notes 79 References 80 Chapter 4 Cryptography 83 Symmetric (Private) Key Cryptography 84 DES 85 3DES 87 AES 89 SubBytes 89 ShiftRows 90 MixColumns 91 AddRoundKey 92 Asymmetric (Public) Key Cryptography 92 RSA 93 Digital Signature 95 Hashing 96 Hash Function (MD5) 97 SHA 98 Message Authentication Code 99 MAC Versus Digital Signature 100 Key Management 100 Key Distribution 101 Summary 103 End Notes 104 References 104

5 X Chapters VoIP Network Elements 107 Security Devices 108 VoIP-Aware Firewall 108 NAT 109 Session Border Controller 113 Lawful Interception Server 114 Service Devices 116 Customer Premise Equipment 116 Call Processing Servers 117 PAP Versus CHAP 119 RADIUS Versus TACACS+ 120 Summary 120 End Notes 121 References 122 Part II VoIP Security Best Practices 125 Chapter 6 Analysis and Simulation of Current Threats 127 Denial of Service 128 Intentional Flooding 129 Simulation 129 Analysis 135 Mitigation 137 Unintentional Flooding 138 Analysis 139 Mitigation 141 Malformed Messages 143 Simulation 144 Analysis 150 Mitigation 154 Sniffing/Eavesdropping 154 Simulation 154 Analysis 158 Mitigation 161 Spoofing/Identity Theft 162 Simulation 162 Prespoofing Scan 162 Identity Theft 163 Analysis 164 Mitigation 165

6 xi VoIP Spam 165 Voice Spam 165 IM Spam 167 Presence Spam 167 Mitigation 168 Content Filtering 168 Turing Test 168 Reputation System 169 Address Obfuscation 170 Limited-Use Address 171 Consent-Based Black/White List 171 Summary 172 End Notes 173 References 173 Chapter 7 Protection with VoIP Protocol 175 Authentication 175 User-to-Proxy Authentication 176 User-to-User Authentication 179 Encryption 182 Message Encryption (S/MIME) 183 S/MIME Certificates 184 S/MIME Key Exchange 185 Formatting S/MIME Bodies 186 Media Encryption 188 Key Derivation 188 SRTP Packet Processing 190 SRTPTest 191 Transport and Network Layer Security 193 Transport Layer Security 194 IPSec (Tunneling) 195 Threat Model and Prevention 195 Registration Hijacking 195 Impersonating a Server 196 Tearing Down Sessions 196 Denial-of-Service and Amplification 197 Limitations 198 Digest Authentication Limitations 198 S/MIME Limitations 198 TLS Limitations 199 SIPS URI Limitations 199

7 XII Summary 200 End Notes 200 References 201 Chapter 8 Protection with Session Border Controller 203 Border Issues 204 Between Access and Core Networks 206 Between Core and Peer Networks 207 Access and Peer SBCs 208 SBC Functionality 208 Network Topology Hiding 208 Example of Topology Hiding 209 DoS Protection 213 Policy-Driven Access Control 213 Hardware Architecture 215 Overload Prevention 216 Registration Timer Control 217 Ping Control 220 Load Balancing 220 NAT Traversal 222 Lawful Interception 224 Other Functions 226 Protocol Conversion 226 Transcoding 226 Number Translation 227 QoS Marking 228 Service Architecture Design 228 High Availability 229 Active-Standby 230 Active-Active 231 Network Connectivity 232 Service Policy Analysis 234 Virtualization 237 Optimization of Traffic Flow 239 Deployment Location 239 Media Control 240 Summary 245 End Notes 246 References 246

8 Protection with Enterprise Network Devices 249 Firewall 249 ASA and PIX Firewalls 251 Routed Mode 251 Transparent Mode 252 TLS Proxy Feature 253 Configuration Example 254 FWSM Firewall 256 Routed Mode 256 Transparent Mode 256 Configuration Example 257 Limitations 258 Unified Communications Manager Express 259 Access Control 259 Phone Registration Control 261 Secure GUI Management 263 Class of Restriction 264 After-Hours Call Blocking 266 Unified Communications Manager 267 Security Features and Certificates 267 Integrity and Authentication 269 Image Authentication 270 Device Authentication 270 File Authentication 270 Signaling Authentication 271 Digest Authentication 271 Authorization 272 Encryption 273 Signaling Encryption 273 Media Encryption 274 Configuration File Encryption 275 Configuration Guideline 275 Access Devices 277 IP Phone 278 Switch 278 Mitigate MAC CAM Flooding 278 Prevent Port Access 279 Prevent Network Extensions 280 Prevent Fraudulent DHCP Server 280 Mitigate DHCP DoS Attacks 281 Limit ARP Responses 282

9 xiv VLAN ACL 282 Deployment Example 284 Summary 286 End Notes 287 References 287 Part III Lawful Interception (CALEA) 289 Chapter 10 Lawful Interception Fundamentals 291 Definition and Background 292 Requirements from Law Enforcement Agents 293 Reference Model from an Architectural Perspective 294 AF (Access Function) 295 DF (Delivery Function) 295 CF (Collection Function) 296 SPAF (Service Provider Administration Function) 297 LEAF (Law Enforcement Administration Function) 297 Request and Response Interfaces 297 Operational Considerations 300 Detection by the Target Subscriber 300 Address Information for Call Content Interception 301 Content Encryption 302 Unauthorized Creation and Detection 303 Call Forwarding or Transfer 303 Capacity 304 Summary 304 End Notes 305 Chapter 11 Lawful Interception Implementation 307 Intercept Request Interface 308 SIP P-DCS Header 309 Intercept Process Flow for Outbound Call 310 Intercept Process Flow for Inbound Call 311 Cisco Sil 313 Device Interfaces 314 Intercept Process Flow for Standard Call 316 Intercept Process Flow for Forwarding Call 319 Intercept Process Flow for Conference Call 322 Predesign Considerations 325 Security Considerations 326 Configuration Example 327

10 XV Index 345 Call Data and Content Connection Interfaces 329 Call Content Connection Interface 330 Call Data Connection Interface 333 CDC Messages 333 Interface Between MD and LEA 339 Summary 341 End Notes 342 References 342

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Ingate Firewall/SIParator SIP Security for the Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Christina Hattingh Darryl Sladden ATM Zakaria Swapan Cisco Press 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Contents Introduction xix Part I: From TDM Trunking to SIP Trunking

More information

Implementing Cisco Unified Communications Security (UCSECv1.0)

Implementing Cisco Unified Communications Security (UCSECv1.0) Implementing Cisco Unified Communications Security (UCSECv1.0) Course Objectives Identify vulnerabilities in Cisco Unified Communications networks and describe security strategies, cryptographic services,

More information

Tim Bovles WILEY. Wiley Publishing, Inc.

Tim Bovles WILEY. Wiley Publishing, Inc. Tim Bovles WILEY Wiley Publishing, Inc. Contents Introduction xvii Assessment Test xxiv Chapter 1 Introduction to Network Security 1 Threats to Network Security 2 External Threats 3 Internal Threats 5

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Cisco ASA, PIX, and FWSM Firewall Handbook

Cisco ASA, PIX, and FWSM Firewall Handbook Cisco ASA, PIX, and FWSM Firewall Handbook David Hucaby, CCIE No. 4594 Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA Contents Foreword Introduction xxii xxiii Chapter 1 Firewall

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information

Cisco ASA 5500 Series Unified Communications Deployments

Cisco ASA 5500 Series Unified Communications Deployments 5500 Series Unified Communications Deployments Cisco Unified Communications Solutions unify voice, video, data, and mobile applications on fixed and mobile networks, enabling easy collaboration every time,

More information

642 552 Securing Cisco Network Devices (SND)

642 552 Securing Cisco Network Devices (SND) 642 552 Securing Cisco Network Devices (SND) Course Number: 642 552 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional, Cisco Firewall Specialist,

More information

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany Service Provider implementation of SIP regarding security Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, holger.zuleger}@arcor.net Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, 65760 Eschborn, Germany

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

Voice over IP Security

Voice over IP Security ii Voice over IP Security Patrick Park Copyright 2009 Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced

More information

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP (VoIP) Denial of Service (DoS) Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

Implementing Cisco IOS Network Security

Implementing Cisco IOS Network Security Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles

More information

Secure Communication and VoIP Threats in Next Generation Networks

Secure Communication and VoIP Threats in Next Generation Networks International Journal of Computer and Communication Engineering, Vol. 2, No. 5, September 2013 Secure Communication and VoIP Threats in Next Generation Networks M. Hossein Ahmadzadegan, M. Elmusrati, and

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

Session Border Controllers in Enterprise

Session Border Controllers in Enterprise A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing

More information

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border Siemens Enterprise Communications Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border April 2011 Agenda 1 Industry Trends 2 Customer Initiatives

More information

IINS Implementing Cisco Network Security 3.0 (IINS)

IINS Implementing Cisco Network Security 3.0 (IINS) IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using

More information

SIP Security Controllers. Product Overview

SIP Security Controllers. Product Overview SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running

More information

VoIP Security Threats and Vulnerabilities

VoIP Security Threats and Vulnerabilities Abstract VoIP Security Threats and Vulnerabilities S.M.A.Rizvi and P.S.Dowland Network Research Group, University of Plymouth, Plymouth, UK e-mail: info@network-research-group.org This paper presents the

More information

Threats to be considered (1) ERSTE GROUP

Threats to be considered (1) ERSTE GROUP VoIP-Implementation Lessons Learned Philipp Schaumann Erste Group Bank AG Group IT-Security philipp.schaumann@erstegroup.com http://sicherheitskultur.at/ Seite 1 Threats to be considered (1) Eavesdropping

More information

White Paper. avaya.com 1. Table of Contents. Starting Points

White Paper. avaya.com 1. Table of Contents. Starting Points White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting

More information

An outline of the security threats that face SIP based VoIP and other real-time applications

An outline of the security threats that face SIP based VoIP and other real-time applications A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications

More information

642 523 Securing Networks with PIX and ASA

642 523 Securing Networks with PIX and ASA 642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall

More information

Implementing VoIP monitoring solutions. Deployment note

Implementing VoIP monitoring solutions. Deployment note Implementing VoIP monitoring solutions Deployment note Introduction With VoIP being an integral part of modern day business communications, enterprises are placing greater emphasis on the monitoring and

More information

ABC SBC: Securing the PBX. FRAFOS GmbH

ABC SBC: Securing the PBX. FRAFOS GmbH ABC SBC: Securing the PBX FRAFOS GmbH Introduction A widely reported fraud scenarios is the case of a malicious user detecting the address of a company s PBX and accessing that PBX directly. Once the attacker

More information

Securing VoIP Networks. GENBAND s multi-layer security architecture and threat mitigation solution

Securing VoIP Networks. GENBAND s multi-layer security architecture and threat mitigation solution Securing VoIP Networks GENBAND s multi-layer security architecture and threat mitigation solution White Paper February 2011 Executive Summary The introduction of VoIP solutions for fixed and mobile networks

More information

Kommunikationsdienste im Internet Möglichkeiten und Risiken

Kommunikationsdienste im Internet Möglichkeiten und Risiken Die Zukunft der Kommunikationsdienste im Internet Möglichkeiten und Risiken Erwin P. Rathgeb Technik der Rechnernetze, Universität Duisburg-Essen Jochen Kögel, Marc Barisch IKR, Universität Stuttgart Steffen

More information

SIP SECURITY WILEY. Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne. A John Wiley and Sons, Ltd.

SIP SECURITY WILEY. Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne. A John Wiley and Sons, Ltd. SIP SECURITY Dorgham Sisalem John Floroiu Jiri Kuthan Ulrich Abend Henning Schulzrinne WILEY A John Wiley and Sons, Ltd., Publication Foreword About the Authors Acknowledgment xi xiii xv 1 Introduction

More information

Threat Mitigation for VoIP

Threat Mitigation for VoIP Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities

More information

Securing Unified Communications for Healthcare

Securing Unified Communications for Healthcare Securing Unified Communications for Healthcare Table of Contents Securing UC A Unique Process... 2 Fundamental Components of a Healthcare UC Security Architecture... 3 Making Unified Communications Secure

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009 S-Series SBC Interconnect Solutions A GENBAND Application Note May 2009 Business Requirements A ubiquitous global voice service offering is the challenge among today s large service providers. The need

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security

More information

Cisco Integrated Services Routers Performance Overview

Cisco Integrated Services Routers Performance Overview Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,

More information

Avaya SBCE 6.3 Security Configuration and Best

Avaya SBCE 6.3 Security Configuration and Best Avaya SBCE 6.3 Security Configuration and Best Practices Guide Release 6.3 Issue 1.0 October 2014 1 2014 Avaya Inc. All Rights Reserved. Notice While reasonable efforts were made to ensure that the information

More information

Cisco Certified Security Professional (CCSP)

Cisco Certified Security Professional (CCSP) 529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination

More information

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009 VoIP some threats, security attacks and security mechanisms Lars Strand RiskNet Open Workshop Oslo, 24. June 2009 "It's appalling how much worse VoIP is compared to the PSTN. If these problems aren't fixed,

More information

SIP Trunking with Microsoft Office Communication Server 2007 R2

SIP Trunking with Microsoft Office Communication Server 2007 R2 SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY

More information

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios An Oracle White Paper June 2013 Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios Introduction Voice

More information

AdvOSS Session Border Controller

AdvOSS Session Border Controller AdvOSS Session Border Controller Product Data Sheet Find latest copy of this document from http://www.advoss.com/pdf/advoss-sbc-productdatasheet.pdf Copyright AdvOSS.com, 2007-2011 All Rights Reserved

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

Cisco ASA 5500 Series Unified Communications Deployments

Cisco ASA 5500 Series Unified Communications Deployments Cisco ASA 5500 Series Unified Communications Deployments Overview Businesses of all sizes are migrating to IP telephony in order to take full advantage of unified communications. Cisco Unified Communications

More information

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security (640-554)

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security (640-554) CCNA Security Öngereksinimler: CCNA http://www.cliguru.com/ccna Kurs Tanımı: CCNA Security network'ün temellerini anlamış olan katılımcılara network güvenliği hakkında temel bilgi sağlamaya yönelik hazırlanmış

More information

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server Quick Start Guide October 2013 Copyright and Legal Notice. All rights reserved. No part of this document may be

More information

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6?

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? - and many other vital questions to ask your firewall vendor Zlata Trhulj Agilent Technologies zlata_trhulj@agilent.com

More information

Security Considerations

Security Considerations 112 SIP Trunking VoIP endpoints and call agents such as CUCM and CUCMExpress also have facilities to control and mark packets. These can be used directly if the enterprise markings are the same as the

More information

Enumerating and Breaking VoIP

Enumerating and Breaking VoIP Enumerating and Breaking VoIP Introduction Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organizations which have implemented VoIP are either unaware

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

Session Border Controller and IP Multimedia Standards. Mika Lehtinen mika.lehtinen@teliasonera.com

Session Border Controller and IP Multimedia Standards. Mika Lehtinen mika.lehtinen@teliasonera.com Session Border Controller and IP Multimedia Standards Mika Lehtinen mika.lehtinen@teliasonera.com December 1, 2005 Contents Introduction Motivation Research problem Research method Results Conclusion December

More information

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation Introduction Enterprises are continuing to convert and

More information

Government of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall

Government of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall Government of Canada Managed Security Service (GCMSS) Date: July 12, 2012 TABLE OF CONTENTS 1 FIREWALL... 1 1.1 SECURITY...1 1.2 STANDARDS...1 1.3 FAILOVER...2 1.4 PERFORMANCE...3 1.5 REPORTING...3 1.6

More information

VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011

VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 VoIP Security* Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 *Thanks to Prof. Angelos Keromytis for materials for these lecture slides. CSE545 - Advanced Network Security -

More information

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title Introduction The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and the new 210-260

More information

Implementing Cisco IOS Network Security v2.0 (IINS)

Implementing Cisco IOS Network Security v2.0 (IINS) Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners

More information

Voice over IP (VoIP) Vulnerabilities

Voice over IP (VoIP) Vulnerabilities Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT diane.davidowicz@noaa.gov "Security problems in state of the art IP-Telephony

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Business Phone Security. Threats to VoIP and What to do about Them

Business Phone Security. Threats to VoIP and What to do about Them Business Phone Security Threats to VoIP and What to do about Them VoIP and Security: What You Need to Know to Keep Your Business Communications Safe Like other Internet-based applications, VoIP services

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Villains and Voice Over IP

Villains and Voice Over IP Villains and Voice Over IP Heather Bonin ECE 578 March 7, 2004 Table of Contents Introduction... 3 How VOIP Works... 3 Ma Bell and her Babies... 3 VoIP: The New Baby on the Block... 3 Security Issues...

More information

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP ENTERPRISE VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

Terminology and Definitions Acronyms and Abbreviations Acknowledgement

Terminology and Definitions Acronyms and Abbreviations Acknowledgement Contents Foreword Terminology and Definitions Acronyms and Abbreviations Acknowledgement xiii xv xvii xxi 1 Introduction 1 1.1 General Introduction 1 1.2 On Voice over IP and Telephony over IP 2 1.3 Context

More information

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style

More information

Security & Reliability in VoIP Solution

Security & Reliability in VoIP Solution Security & Reliability in VoIP Solution July 19 th, 2006 Ram Ayyakad ram@ranchnetworks.com About My background Founder, Ranch Networks 20 years experience in the telecom industry Part of of architecture

More information

Welltel - Session Border Controller SBC 120

Welltel - Session Border Controller SBC 120 SBC 120 Appliance Welltel - Session Border Controller SBC 120 enhanced performance, increased security Welltel s Session Border Controllers (SBCs) help enterprises to reduce communications costs, enable

More information

Session Border Controller

Session Border Controller CHAPTER 13 This chapter describes the level of support that Cisco ANA provides for (SBC), as follows: Technology Description, page 13-1 Information Model Objects (IMOs), page 13-2 Vendor-Specific Inventory

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Attachment Q5. Voice over Internet Protocol (VoIP)

Attachment Q5. Voice over Internet Protocol (VoIP) DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Release the full potential of your Cisco Call Manager with Ingate Systems

Release the full potential of your Cisco Call Manager with Ingate Systems Release the full potential of your Cisco Call Manager with Ingate Systems -Save cost with flexible connection to Service Providers. -Save mobile costs, give VoIP mobility to your workforce. -Setup an effective

More information

EdgeMarc 4508T4/4508T4W Converged Networking Router

EdgeMarc 4508T4/4508T4W Converged Networking Router Introduction The EdgeMarc 4508T4W combines multiple voice and data features into a single, easy to use converged networking router. It includes models that have up to 4 T1 WAN interfaces or a single Ethernet

More information

VoIPon Solutions www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0) 1245 600560. Ranch Asterisk VoIP Solution

VoIPon Solutions www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0) 1245 600560. Ranch Asterisk VoIP Solution Ranch Asterisk VoIP Solution Ranch Networks manufactures Network appliances built to advance VoIP telephony deployments. The RN series of products provide security, reliability, and scalability to VoIP

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Session Initiation Protocol (SIP) Vulnerabilities. Mark D. Collier Chief Technology Officer SecureLogix Corporation

Session Initiation Protocol (SIP) Vulnerabilities. Mark D. Collier Chief Technology Officer SecureLogix Corporation Session Initiation Protocol (SIP) Vulnerabilities Mark D. Collier Chief Technology Officer SecureLogix Corporation What Will Be Covered Introduction to SIP General SIP security SIP vulnerabilities and

More information

SIP and VoIP 1 / 44. SIP and VoIP

SIP and VoIP 1 / 44. SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies

More information

Sonus Networks engaged Miercom to evaluate the call handling

Sonus Networks engaged Miercom to evaluate the call handling Lab Testing Summary Report September 2010 Report 100914 Key findings and conclusions: NBS5200 successfully registered 256,000 user authenticated Total IADs in 16 minutes at a rate of 550 registrations

More information

Securing VoIP Networks using graded Protection Levels

Securing VoIP Networks using graded Protection Levels Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network

More information

SBC WHITE PAPER. The Critical Component

SBC WHITE PAPER. The Critical Component SBC WHITE PAPER The Critical Component Table of Contents of your VoIP Infrastructure... 3 Enter the SBC... 4 Functions... 5 Security... 5 Denial of Service... 5 Toll Fraud... 6 Encryption... 6 Policy...

More information

(d-5273) CCIE Security v3.0 Written Exam Topics

(d-5273) CCIE Security v3.0 Written Exam Topics (d-5273) CCIE Security v3.0 Written Exam Topics CCIE Security v3.0 Written Exam Topics The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please

More information

VOIP SECURITY ISSUES AND RECOMMENDATIONS

VOIP SECURITY ISSUES AND RECOMMENDATIONS VOIP SECURITY ISSUES AND RECOMMENDATIONS Sathasivam Mathiyalakan MSIS Department, College of Management, University of Massachusetts Boston Phone: (617) 287 7881; Email: Satha.Mathiyalakan@umb.edu ABSTRACT

More information

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP HOSTED VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

WHITE PAPER. SIP Trunks. Keeping your UC System Secure

WHITE PAPER. SIP Trunks. Keeping your UC System Secure WHITE PAPER SIP Trunks Keeping your UC System Secure Table of Contents 1. Executive summary...3 2. Security considerations for SIP trunks...5 2.1. Threats.........................................................

More information

OpenScape UC Firewall and OpenScape Session Border Controller

OpenScape UC Firewall and OpenScape Session Border Controller UC Firewall and Session Border Controller Security within and beyond the boundaries Security within and beyond your network s boundaries Our connected world We are living and working in a new world that

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information