VOIP TELEPHONY: CURRENT SECURITY ISSUES
|
|
- Shanon Bailey
- 8 years ago
- Views:
Transcription
1 VOIP TELEPHONY: CURRENT SECURITY ISSUES Authors: Valeriu IONESCU 1, Florin SMARANDA 2, Emil SOFRON 3 Keywords: VoIP, SIP, security University of Pitesti Abstract: Session Initiation Protocol (SIP) is the new protocol that integrates voice and data networks. Even if there are many advantages in implementing SIP, it has not yet been widely deployed because there many users are reluctant to overlook the security issues that this protocol brings. This paper presents an overview of current security model and the issues introduced by VoIP telephony. An analysis was performed using various open-source test-suites in order to determine the security problems and the equipment behavior, and results were gathered with the use of the NAGIOS network monitoring program. The applications used the Asterisk software as a complete IP PBX (Private Branch Exchange), on a Fedora Core 5 Linux OS, a Grandstream GXV-3000 Video IP Phone, and various IP Soft Phones. Because the technology is still in an early stage, many of the VoIP implementations failed to perform in a robust manner under the test. Some failures had information security implications, and should be considered as vulnerabilities. A good security policy implies a complete architecture, not a single product or protocol. Therefore, as the SIP scene matures, in order to implement a secure network with VoIP technology, a new security model must be developed based on the use of specialized hardware in internet gateways and in the SIP proxy, with integrating dedicated VoIP monitoring software. I. Introduction Voice over Internet Protocol (VoIP) refers to the transmission of speech across datastyle networks. This form of transmission is superior to conventional circuit switched communication but it adds a number of complications to existing network technology that are compounded by security considerations. Telecommunications companies and other organizations have already, or are in the process of moving their telephony infrastructure to their data networks. The VoIP solution provides an alternative to traditional PSTN phone lines, and now long distance phone calls become very inexpensive as voice traffic travels on the Internet or over private data network lines. VoIP is also cost effective because all of an organization s electronic traffic (phone and data) is condensed onto one physical network, and there is no longer a need for several teams to manage a data network and another to mange a voice network. Also, the network administrator s tasks may be lessened as they can focus on a single network. 1 Faculty of Electronics Communications and Computers, University of Pitesti, Romania (phone: 40/248/222949; fax: 40/248/216448; valeriu@upit.ro) 2 Manager of the Communication Department, University of Pitesti, Romania (phone: 40/248/218804; fax: 40/248/216448; florin@upit.ro) 3 Faculty of Electronics Communications and Computers, University of Pitesti, Romania (phone: 40/248/222949; fax: 40/248/216448; sofron@upit.ro)
2 Although its implementation is widespread, the technology is still in the development phase, often lacking compatibility and continuity with existing systems. Nevertheless, VoIP will capture a significant portion of the telephony market, given the fiscal savings and flexibility that it can provide. VOIP systems take a wide variety of forms [1], [2]: - Traditional telephone handset: these products have extra features beyond a simple handset with dial pad: a LCD screen that allows the user to configure the handset to gain access to enhanced features such as conference calls. - Mobile units: wireless VoIP units are becoming increasingly popular, especially since many organizations already have an installed base of networking equipment. These may present additional challenges if certain security issues are not carefully addressed (such as the use of AES encryption). - PC or softphone : any PC can be used as a VoIP unit. However, if possible, softphones should not be used where security or privacy are a concern due to the dual capability of the PC to deal with both data and voice traffic. As this paper will show, attacks come, in a dual hardware and software VoIP network, from applications running on the PCs. In addition to end-user equipment, VOIP systems include a large number of other components, including call managers, gateways, routers, firewalls, and protocols. Unlike the ordinary phone system, the basic flow of voice data in a VOIP system includes many transformations. The first step in this process is converting analog voice signals to digital, while using a compression algorithm to reduce the volume of data to be transmitted. Next, voice samples are inserted into data packets to be carried on the Internet. The protocol for the voice packets is typically the Real-time Transport Protocol, and it will be carried as data by UDP datagrams (for compatibility with data transmissions throughout the Internet). II. VoIP Security Issues In a conventional telephone system, security is more of a theoretical assumption, as intercepting conversations requires physical access to telephone lines. Few organizations encrypt voice traffic over traditional telephone lines. The same cannot be said for Internetbased connections, where packets sent from one computer to another may pass through many systems that are not under the control of the user s ISP, thus lacking the same physical wire security as the phone lines. The key to securing VoIP is to use the security mechanisms like those deployed in data networks. Quality of Service (QoS) is a fundamental concept to the operation of a VoIP network [3]. The implementation of various security measures can degrade QoS by delaying or blocking of call setups by firewalls to encryption-produced latency and delay variation. Because of the time-critical nature of VOIP, and its low tolerance for disruption and packet loss, many security measures implemented in traditional data networks just aren t applicable to VOIP in their current form. QoS is affected by: latency (for international calls, a delay of up to 400 ms is deemed tolerable, but for local calls this must be below 200 ms); jitter - refers to non-uniform packet delays (often caused by low bandwidth situations in VoIP. Although using UDP to pass packets to destination, RTP allows applications to do the reordering using the sequence number and timestamp fields, however in networks that implement security measures such as IPsec encryption may introduce delays too large to compensate by the protocol, thus increasing jitter); packet loss (resulting from excess latency or can be the result of jitter. Even if VOIP packets are very small, containing a payload of only bytes, usually the packet losses happen in sequences - often due to congestion - so signal degradation may rapidly become a problem.) There are several implementations of VoIP protocols, such as standardized H.323 and SIP or proprietary such as Skype or GoogleTalk. As the hardware available for testing was a SIP based network, so we will focus our presentation on this specific network; however, many observations are applicable to other protocols, too. The strict performance requirements of VoIP have significant implications for
3 security, particularly denial of service (DoS) issues. Invalid Requests Invalid Media Fuzzing Malformed Messages Call Hijacking DoS attacks specific to VoIP Registration Media session Server masquerading QoS abuse User call Flooding Endpoint Request Flooding Call Controller Flooding Request Looping Directory Service Flooding Request flooding Spoofed messages Call redirection Fake Call Response Fig. 1 DoS attacks (the most common form of attack) are adapted to VoIP structure VoIP-specific attacks (i.e. floods of specially crafted SIP messages) may result in DoS for many VoIP-aware devices. For example, SIP phone endpoints may freeze and crash when attempting to process a high rate of packet traffic SIP proxy servers also may experience failure and intermittent log discrepancies with a VOIP-specific signaling attack of less than 1Mb/sec. In general, the packet rate of the attack may have more impact than the bandwidth; where a high packet rate may result in a denial of service even if the bandwidth consumed is low. III. SIP VoIP Networks SIP is the IETF specified protocol for initiating a two-way communication session. It is considered by some to be simpler than H.323. SIP is a text based, application level protocol, meaning that it can be carried by TCP, UDP, or SCTP. UDP may be used to decrease overhead and increase speed and efficiency, or TCP may be used if SSL/TLS is incorporated for security services. Unlike H.323, only one port is used in SIP, with the default value A SIP network is made up of end points, a proxy and/or redirect server, location server, and registrar [4]. RTP/voice traffic VoIP Phone 1 VoIP Phone 2 Location server Register Register SIP Proxy server Send Call to Destination SIP Proxy server Fig. 2 SIP Topological Elements: SIP Proxy server where both phones need to register prior to conversation, and a location server that resolves/stores the identities of the participants. Note that call invitations are sent between Proxies, not phones, and that the voice traffic, sent after a call is established, does not concern Proxies.
4 In the SIP model [3], [5], a user is not linked to a specific host. The user initially reports their location to a registrar, which may be integrated into a proxy or redirect server. This information is in turn stored in the external location server. Messages from endpoints must be routed through a proxy/redirect server. The proxy server intercepts messages from endpoints, inspects their To: field, contacts the location server to resolve the username into an address and forwards the message along to the appropriate end point or another server. The SIP protocol itself is modeled on the three-way handshake method implemented in TCP. A SIP call monitored with WireShark software is seen in figure 3. Fig. 3 SIP call steps include requests/responses that follow a TCP three-way handshake The text encoding of SIP makes it easier to analyze using standard parsing tools such as Perl or lex and yacc, so new requirements must be placed on the firewall in a SIP-based VoIP network. First, firewalls must be stateful and monitor SIP traffic to determine which RTP ports are to be opened and made available to which addresses. The other issues SIPbased VOIP encounters are related to NAT implementations, because of the changes in IP addresses and port numbers from source to destination. Also, firewalls are usually placed on the NAT border as the SIP proxy is normally outside the NAT device, meaning that attacks from within the NAT are very hard to stop. IV. Test setup configuration The tests performed are using a SIP based network, with an Asterisk on Fedora Core 5 Linux O.S. platform and Grandstream GXV-3000 Video IP Phone. In order to asses a part of the security issues, especially those coming from exceeding QoS recommendations, we used the PROTOS (Security Testing of Protocol Implementations) [6] that includes syntax testing procedures which aim to stress a SIP server's parser. Being java based it can run on any system, and for the purpose of this test we used a Windows XP machine. This allows sending customized SIP packages in a network, in order to test the behavior of the targeted devices. The packets sent in the network had both a malformed message body, and did not respect the three-way handshake SIP protocol. After de INVITE request and RINGING response, there will be immediately sent a CANCEL request, followed by an immediate INVITE request. This way the phone would not only have to decode and interpret the message sent but it will als bo faced with a great number of requests. As the calls were sent from a computer behind the firewall, all the hardware equipments were devoid of its protection. The first network test was to see how a hardware VoIP phone would react to the test packets. The timing diagram below shows one aspect of the modified call structure: as soon as the caller receives a SIP client receives the 180 (RINGING) response it cancels the call and
5 places another call invitation. Also, the packet s formatting shows the missing fields as seen in figure 4. Fig. 4 The hardware VoIP phone received the malformed request and started ringing The result was that the hardware received the packets and started ringing, and multiple missed calls were listed in phone s call history. If the number of packets was doubled, the phone not only started ringing, but it indicated multiple on hold connections. If the number of packages was further increased, no other unexpected behavior was noticed, due perhaps to the lack of computational power on the hardware unit. Fig. 5 The hardware VoIP phone could no longer process the received requests The other test concerned two soft phones: X-Lite and SJ-Phone. These phones were exposed to the same bad formatted packets in two configurations: with firewall on and without firewall (the second case tries to emulate the situation of the hardware unit, which had no firewall present). With the firewall on the attacking computer doesn t receive a 180 (Ringing) response, but it continues to execute the same attack sequence. On the target computer there is no call initiated. Fig. 6 The VoIP softphone phone did not answer the requests with firewall on With the firewall off, the softphone detects the incomplete requests and sends an according message. The CANCEL request, which references the transaction to be cancelled, will be invalid as the phone has not yet entered the ringing state. Fig. 7 The VoIP softphone phone indicated errors in the requests with firewall off
6 With or without the firewall, both softphones behaved correctly, and none of them initiated the call, or listed any missing calls. V. Conclusions VoIP is still an emerging technology, so it is somewhat speculative to develop a complete picture of what a mature worldwide VOIP network will one day look like. Although there are currently many different architectures and protocols to choose from, eventually a dominant standard will emerge. The most obvious of these competing standards are SIP and H.323. SIP is a fast growing protocol with similarities to current Internet standards such as HTTP. The test performed revealed that the soft SIP phone successfully managed the attack, even in the case when the firewall was down. This confirms the recommendation of many SIP equipment manufacturers that software and hardware VoIP telephony should be separated. Also because we used a PC in order to launch the attack makes their presence in the same network with the hardware SIP devices, a real security problem. Also, the timing of firmware updates for the hardware devices varies from producer to producer, while softphones can be easily upgraded or even replaced with other versions if security problems are discovered. Another conclusion that results from this test is that DoS attack for VoIP telephony are not the only threat when it comes to spamming packages in a network. As DoS attacks can prove hard to be fully successful, it was proven that, while not being required to put down the network, programs that merely slow it down or generate random hardware behavior can become a problem. Also the hardware vendor s response may prove not be fast enough, leading to VoIP down time, financial and reputation loss. As the attacking packages were successfully dropped by the external firewall router, it is also interesting to note that the main security issues come, as is the case in many situations, from within the network from potential unwary or ill intentioned users. References: [1] Cisco Whitepaper (2004). Overview of SIP Security. [2] Cisco Whitepaper (2006). Security in SIP-Based Networks. [3] Rick Kuhn (2004). Voice over Internet Protocol (VOIP) security. National Institute of Standards and Technology, Computer Security Division [4] O. Abouabdalla and R. Sureswaran (2003). SIP functionality and structure of the protocol. [5] The Internet Society: Network Working Group (2002). SIP: Session Initiation Protocol. [6] PROTOS -Security Testing of Protocol Implementations (2005). /research/ouspg/protos/
A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationAn Introduction to VoIP Protocols
An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this
More informationBasic Vulnerability Issues for SIP Security
Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future
More informationVoice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology
Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style
More informationVoice over IP Basics for IT Technicians
Voice over IP Basics for IT Technicians White Paper Executive summary The IP phone is coming or has arrived on desk near you. The IP phone is not a PC, but does have a number of hardware and software elements
More informationVoice over IP (VoIP) Basics for IT Technicians
Voice over IP (VoIP) Basics for IT Technicians VoIP brings a new environment to the network technician that requires expanded knowledge and tools to deploy and troubleshoot IP phones. This paper provides
More informationVOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com
VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP
More informationIndepth Voice over IP and SIP Networking Course
Introduction SIP is fast becoming the Voice over IP protocol of choice. During this 3-day course delegates will examine SIP technology and architecture and learn how a functioning VoIP service can be established.
More informationSIP Trunking Configuration with
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
More informationReceiving the IP packets Decoding of the packets Digital-to-analog conversion which reproduces the original voice stream
Article VoIP Introduction Internet telephony refers to communications services voice, fax, SMS, and/or voice-messaging applications that are transported via the internet, rather than the public switched
More information10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network
10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity
More informationVoice Over IP and Firewalls
Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more
More informationProject Code: SPBX. Project Advisor : Aftab Alam. Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080
Test Cases Document VOIP SOFT PBX Project Code: SPBX Project Advisor : Aftab Alam Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080 Submission Date:23-11-2007 SPBX
More informationVOICE OVER IP AND NETWORK CONVERGENCE
POZNAN UNIVE RSITY OF TE CHNOLOGY ACADE MIC JOURNALS No 80 Electrical Engineering 2014 Assaid O. SHAROUN* VOICE OVER IP AND NETWORK CONVERGENCE As the IP network was primarily designed to carry data, it
More informationSIP Trunking and Voice over IP
SIP Trunking and Voice over IP Agenda What is SIP Trunking? SIP Signaling How is Voice encoded and transported? What are the Voice over IP Impairments? How is Voice Quality measured? VoIP Technology Confidential
More informationContents. Specialty Answering Service. All rights reserved.
Contents 1 Introduction... 2 2 PBX... 3 3 IP PBX... 4 3.1 How It Works... 4 3.2 Functions of IP PBX... 5 3.3 Benefits of IP PBX... 5 4 Evolution of IP PBX... 6 4.1 Fuelling Factors... 6 4.1.1 Demands from
More informationEvaluation of Security for a H.323-based VoIP Emulated Architecture
Evaluation of Security for a H.323-based VoIP Emulated Architecture Eng. MARIUS HERCULEA, Professor VIRGIL DOBROTA Ph.D. Abstract Evaluation tests were conducted on H.323 Cisco Gatekeeper, Gateways and
More informationTECHNICAL CHALLENGES OF VoIP BYPASS
TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish
More informationVoice Over IP (VoIP) Denial of Service (DoS)
Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based
More informationVOIP Security Essentials. Jeff Waldron
VOIP Security Essentials Jeff Waldron Traditional PSTN PSTN (Public Switched Telephone Network) has been maintained as a closed network, where access is limited to carriers and service providers. Entry
More informationBest Practices for Securing IP Telephony
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
More informationAn outline of the security threats that face SIP based VoIP and other real-time applications
A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications
More informationSecurity and Risk Analysis of VoIP Networks
Security and Risk Analysis of VoIP Networks S.Feroz and P.S.Dowland Network Research Group, University of Plymouth, United Kingdom e-mail: info@network-research-group.org Abstract This paper address all
More informationACD: Average Call Duration is the average duration of the calls routed bya a VoIP provider. It is a quality parameter given by the VoIP providers.
ACD: Average Call Duration is the average duration of the calls routed bya a VoIP provider. It is a quality parameter given by the VoIP providers. API: An application programming interface (API) is a source
More informationRequirements of Voice in an IP Internetwork
Requirements of Voice in an IP Internetwork Real-Time Voice in a Best-Effort IP Internetwork This topic lists problems associated with implementation of real-time voice traffic in a best-effort IP internetwork.
More informationVoice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005
Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in
More informationPerformance of Various Codecs Related to Jitter Buffer Variation in VoIP Using SIP
Performance of Various Related to Jitter Buffer Variation in VoIP Using SIP Iwan Handoyo Putro Electrical Engineering Department, Faculty of Industrial Technology Petra Christian University Siwalankerto
More informationSS7 & LTE Stack Attack
SS7 & LTE Stack Attack Ankit Gupta Black Hat USA 2013 akg0x11@gmail.com Introduction With the evolution of IP network, Telecom Industries are using it as their core mode of communication for their network
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationVoice over IP (VoIP) Vulnerabilities
Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT diane.davidowicz@noaa.gov "Security problems in state of the art IP-Telephony
More informationApplication Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Abstract These Application Notes describe the steps to configure an Avaya
More informationIntroduction to VoIP Technology
Lesson 1 Abstract Introduction to VoIP Technology 2012. 01. 06. This first lesson of contains the basic knowledge about the terms and processes concerning the Voice over IP technology. The main goal of
More informationA Comparative Study of Signalling Protocols Used In VoIP
A Comparative Study of Signalling Protocols Used In VoIP Suman Lasrado *1, Noel Gonsalves *2 Asst. Prof, Dept. of MCA, AIMIT, St. Aloysius College (Autonomous), Mangalore, Karnataka, India Student, Dept.
More information159.334 Computer Networks. Voice over IP (VoIP) Professor Richard Harris School of Engineering and Advanced Technology (SEAT)
Voice over IP (VoIP) Professor Richard Harris School of Engineering and Advanced Technology (SEAT) Presentation Outline Basic IP phone set up The SIP protocol Computer Networks - 1/2 Learning Objectives
More informationClearing the Way for VoIP
Gen2 Ventures White Paper Clearing the Way for VoIP An Alternative to Expensive WAN Upgrades Executive Overview Enterprises have traditionally maintained separate networks for their voice and data traffic.
More informationInternet Technology Voice over IP
Internet Technology Voice over IP Peter Gradwell BT Advert from 1980s Page 2 http://www.youtube.com/v/o0h65_pag04 Welcome to Gradwell Gradwell provides technology for every line on your business card Every
More informationChapter 2 PSTN and VoIP Services Context
Chapter 2 PSTN and VoIP Services Context 2.1 SS7 and PSTN Services Context 2.1.1 PSTN Architecture During the 1990s, the telecommunication industries provided various PSTN services to the subscribers using
More informationSecurity issues in Voice over IP: A Review
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu
More informationIngate Firewall/SIParator SIP Security for the Enterprise
Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...
More informationFirewall-Friendly VoIP Secure Gateway and VoIP Security Issues
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice
More informationWhite Paper. Solutions to VoIP (Voice over IP) Recording Deployment
White Paper Solutions to VoIP (Voice over IP) Recording Deployment Revision 2.1 September 2008 Author: Robert Wright (robert.wright@ultra-audiosoft.com), BSc (Hons) Ultra Electronics AudioSoft, October
More informationVoice over IP Networks: Ensuring quality through proactive link management
White Paper Voice over IP Networks: Ensuring quality through proactive link management Build Smarter Networks Table of Contents 1. Executive summary... 3 2. Overview of the problem... 3 3. Connectivity
More informationVOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationStrategies to Keep Your VoIP Network Secure
V OIP NETWORK SECURITY VoIP enterprise deployments need strategies to help provide a balance between security and ease of use. Wesley Chou Strategies to Keep Your VoIP Network Secure A s VoIP technology
More informationEncapsulating Voice in IP Packets
Encapsulating Voice in IP Packets Major VoIP Protocols This topic defines the major VoIP protocols and matches them with the seven layers of the OSI model. Major VoIP Protocols 15 The major VoIP protocols
More informationMulti-layered Security Solutions for VoIP Protection
Multi-layered Security Solutions for VoIP Protection Copyright 2005 internet Security Systems, Inc. All rights reserved worldwide Multi-layered Security Solutions for VoIP Protection An ISS Whitepaper
More informationFrequently Asked Questions about Integrated Access
Frequently Asked Questions about Integrated Access Phone Service How are local, long distance, and international calls defined? Local access transport areas (LATAs) are geographical boundaries set by the
More informationVoice Over IP. Priscilla Oppenheimer www.priscilla.com
Voice Over IP Priscilla Oppenheimer www.priscilla.com Objectives A technical overview of the devices and protocols that enable Voice over IP (VoIP) Demo Packet8 and Skype Discuss network administrator
More informationVoice over IP (VoIP) for Telephony. Advantages of VoIP Migration for SMBs BLACK BOX. 724-746-5500 blackbox.com
Voice over IP (VoIP) for Telephony Advantages of VoIP Migration for SMBs BLACK BOX Hybrid PBX VoIP Gateways SIP Phones Headsets 724-746-5500 blackbox.com Table of Contents Introduction...3 About Voice
More informationAgilent Technologies Performing Pre-VoIP Network Assessments. Application Note 1402
Agilent Technologies Performing Pre-VoIP Network Assessments Application Note 1402 Issues with VoIP Network Performance Voice is more than just an IP network application. It is a fundamental business and
More informationVoIP Security regarding the Open Source Software Asterisk
Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de
More informationSoftware Engineering 4C03 VoIP: The Next Telecommunication Frontier
Software Engineering 4C03 VoIP: The Next Telecommunication Frontier Rudy Muslim 0057347 McMaster University Computing and Software Department Hamilton, Ontario Canada Introduction Voice over Internet Protocol
More informationVoIP from A to Z. NAEO 2009 Conference Cancun, Mexico
VoIP from A to Z NAEO 2009 Conference Cancun, Mexico VoIP glossary What is VoIP? Bandwidth Signaling Codecs Quality of Service (QoS) What is VoIP? Voice over Internet Protocol (VoIP) is the method of transmitting
More informationFunctional Specifications Document
Functional Specifications Document VOIP SOFT PBX Project Code: SPBX Project Advisor : Aftab Alam Project Team: Umair Ashraf 03-1853 (Team Lead) Imran Bashir 02-1658 Khadija Akram 04-0080 Submission Date:19-10-2007
More informationThreat Mitigation for VoIP
Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities
More informationVoice over IP: Forensic Computing Implications
Voice over IP: Forensic Computing Implications Matthew Simon and Jill Slay Enterprise Security Management Lab, Advanced Computing Research Centre University of South Australia, MAWSON LAKES, SA 5095 SIMMP002@students.unisa.edu.au
More informationSIP Trunking Quick Reference Document
SIP Trunking Quick Reference Document Publication Information SAMSUNG TELECOMMUNICATIONS AMERICA reserves the right without prior notice to revise information in this publication for any reason. SAMSUNG
More informationNetwork Simulation Traffic, Paths and Impairment
Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating
More informationHow Small Businesses Can Use Voice over Internet Protocol (VoIP) Internet Technology for Voice Communications
How Small Businesses Can Use Voice over Internet Protocol (VoIP) Internet Technology for Voice Communications Small businesses will find this booklet useful for learning how VoIP works and for clarifying
More informationHow To Understand The Differences Between A Fax And A Fax On A G3 Network
The Fax on IP Networks White Paper February 2011 2 The Fax on IP Networks Contents Overview... 3 Group 3 Fax Technology... 4 G.711 Fax Pass-Through... 5 T.38 IP Fax Relay... 6 Network Design Considerations...
More informationIntegrating Voice over IP services in IPv4 and IPv6 networks
ARTICLE Integrating Voice over IP services in IPv4 and IPv6 networks Lambros Lambrinos Dept.of Communication and Internet studies Cyprus University of Technology Limassol 3603, Cyprus lambros.lambrinos@cut.ac.cy
More informationSIP and VoIP 1 / 44. SIP and VoIP
What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies
More informationChapter 10 Session Initiation Protocol. Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University
Chapter 10 Session Initiation Protocol Prof. Yuh-Shyan Chen Department of Computer Science and Information Engineering National Taipei University Outline 12.1 An Overview of SIP 12.2 SIP-based GPRS Push
More informationTroubleshooting Voice Over IP with WireShark
Hands-On Course Description Voice over IP is being widely implemented both within companies and across the Internet. The key problems with IP voice services are maintaining the quality of the voice service
More informationVoIP Trunking with Session Border Controllers
VoIP Trunking with Session Border Controllers By Chris Mackall Submitted to the Faculty of the Information Technology Program in Partial Fulfillment of the Requirements for the Degree of Bachelor of Science
More informationCombining Voice over IP with Policy-Based Quality of Service
TechBrief Extreme Networks Introduction Combining Voice over IP with Policy-Based Quality of Service Businesses have traditionally maintained separate voice and data networks. A key reason for this is
More informationUnit 23. RTP, VoIP. Shyam Parekh
Unit 23 RTP, VoIP Shyam Parekh Contents: Real-time Transport Protocol (RTP) Purpose Protocol Stack RTP Header Real-time Transport Control Protocol (RTCP) Voice over IP (VoIP) Motivation H.323 SIP VoIP
More informationFDIC Division of Supervision and Consumer Protection
FDIC Division of Supervision and Consumer Protection Voice over Internet Protocol (VoIP) Informational Supplement June 2005 1 Summary In an attempt to control expenses, consumers and businesses are considering
More informationIntegration of GSM Module with PC Mother Board (GSM Trunking) WHITE/Technical PAPER. Author: Srinivasa Rao Bommana (srinivasrao.bommana@wipro.
(GSM Trunking) WHITE/Technical PAPER Author: Srinivasa Rao Bommana (srinivasrao.bommana@wipro.com) Table of Contents 1. ABSTRACT... 3 2. INTRODUCTION... 3 3. PROPOSED SYSTEM... 4 4. SOLUTION DESCRIPTION...
More informationETM System SIP Trunk Support Technical Discussion
ETM System SIP Trunk Support Technical Discussion Release 6.0 A product brief from SecureLogix Corporation Rev C SIP Trunk Support in the ETM System v6.0 Introduction Today s voice networks are rife with
More informationIntegration of Voice over Internet Protocol Experiment in Computer Engineering Technology Curriculum
Integration of Voice over Internet Protocol Experiment in Computer Engineering Technology Curriculum V. Rajaravivarma and Farid Farahmand Computer Electronics and Graphics Technology School of Technology,
More informationCHAPTER 1 INTRODUCTION
CHAPTER 1 INTRODUCTION 1.0 Introduction Voice over Internet Protocol (VoIP) is the most popular in telecommunication technology. Nowadays, three million users use VoIP. It is estimated that the number
More informationHosted Voice. Best Practice Recommendations for VoIP Deployments
Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband
More informationQuality of Service Testing in the VoIP Environment
Whitepaper Quality of Service Testing in the VoIP Environment Carrying voice traffic over the Internet rather than the traditional public telephone network has revolutionized communications. Initially,
More informationNAT TCP SIP ALG Support
The feature allows embedded messages of the Session Initiation Protocol (SIP) passing through a device that is configured with Network Address Translation (NAT) to be translated and encoded back to the
More informationATA: An Analogue Telephone Adapter is used to connect a standard telephone to a high-speed modem to facilitate VoIP and/or calls over the Internet.
KEY VOIP TERMS 1 ACD: Automatic Call Distribution is a system used to determine how incoming calls are routed. When the ACD system receives an incoming call it follows user-defined specifications as to
More informationCurso de Telefonía IP para el MTC. Sesión 1 Introducción. Mg. Antonio Ocampo Zúñiga
Curso de Telefonía IP para el MTC Sesión 1 Introducción Mg. Antonio Ocampo Zúñiga Conceptos Generales VoIP Essentials Family of technologies Carries voice calls over an IP network VoIP services convert
More informationIP Telephony Basics. Part of The Technology Overview Series for Small and Medium Businesses
IP Telephony Basics Part of The Technology Overview Series for Small and Medium Businesses What is IP Telephony? IP Telephony uses the Internet Protocol (IP) to transmit voice or FAX traffic over a public
More informationCisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.
Optimizing Converged Cisco Networks (ONT) reserved. Lesson 2.4: Calculating Bandwidth Requirements for VoIP reserved. Objectives Describe factors influencing encapsulation overhead and bandwidth requirements
More informationAchieving Truly Secure Cloud Communications. How to navigate evolving security threats
Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.
More informationSecure VoIP for optimal business communication
White Paper Secure VoIP for optimal business communication Learn how to create a secure environment for real-time audio, video and data communication over IP based networks. Andreas Åsander Manager, Product
More informationCourse 4: IP Telephony and VoIP
Course 4: IP Telephony and VoIP Telecommunications Technical Curriculum Program 3: Voice Knowledge 6/9/2009 1 Telecommunications Technical Curriculum Program 1: General Industry Knowledge Course 1: General
More informationCPNI VIEWPOINT 01/2007 INTERNET VOICE OVER IP
INTERNET VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
More informationNetwork Connection Considerations for Microsoft Response Point 1.0 Service Pack 2
Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2 Updated: February 2009 Microsoft Response Point is a small-business phone solution that is designed to be easy to use and
More informationSecured Voice over VPN Tunnel and QoS. Feature Paper
Secured Voice over VPN Tunnel and QoS Feature Paper Table of Contents Introduction...3 Preface...3 Chapter 1: The Introduction of Virtual Private Network (VPN) 3 1.1 The Functions and Types of VPN...3
More informationOnline course syllabus. MAB: Voice over IP
Illuminating Technology Course aim: Online course syllabus MAB: Voice over IP This course introduces the principles and operation of telephony services that operate over Internet Protocol (IP) networks
More informationVegaStream Information Note Considerations for a VoIP installation
VegaStream Information Note Considerations for a VoIP installation To get the best out of a VoIP system, there are a number of items that need to be considered before and during installation. This document
More informationAn Overview on Security Analysis of Session Initiation Protocol in VoIP network
An Overview on Security Analysis of Session Initiation Protocol in VoIP network Tarendra G. Rahangdale 1, Pritish A. Tijare 2, Swapnil N.Sawalkar 3 M.E (Pursuing) 1, Associate Professor 2, Assistant Professor
More informationSimulation of SIP-Based VoIP for Mosul University Communication Network
Int. J. Com. Dig. Sys. 2, No. 2, 89-94(2013) 89 International Journal of Computing and Digital Systems http://dx.doi.org/10.12785/ijcds/020205 Simulation of SIP-Based VoIP for Mosul University Communication
More informationIntroduction to VOIP. Stephen Okay Abdus Salam Int l Center for Theoretical Physics Trieste, Italy, February 21, 2007
Introduction to VOIP Stephen Okay Abdus Salam Int l Center for Theoretical Physics Trieste, Italy, February 21, 2007 Intro to VOIP Classic Telephony Data Networks(Review) VOIP What it is Protocols Hardware
More informationRon Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems
Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationSIP Trunking with Microsoft Office Communication Server 2007 R2
SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY
More informationVoice over IP (VoIP) Overview. Introduction. David Feiner ACN 2004. Introduction VoIP & QoS H.323 SIP Comparison of H.323 and SIP Examples
Voice over IP (VoIP) David Feiner ACN 2004 Overview Introduction VoIP & QoS H.323 SIP Comparison of H.323 and SIP Examples Introduction Voice Calls are transmitted over Packet Switched Network instead
More informationAn Investigation into the Effect of Security on Performance in a VoIP Network
Abstract An Investigation into the Effect of Security on Performance in a VoIP Network Muhammad Tayyab Ashraf, John N. Davies and Vic Grout Centre for Applied Internet Research (CAIR) Glyndŵr University,
More informationVoice over IP. Presentation Outline. Objectives
Voice over IP Professor Richard Harris Presentation Outline Brief overview of VoIP and applications Challenges of VoIP IP Support for Voice Protocols used for VoIP (current views) RTP RTCP RSVP H.323 Semester
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationConfiguration Notes 0217
PBX Remote Line Extension using Mediatrix 1104 and 1204 Introduction... 2 Application Scenario... 2 Running the Unit Manager Network (UMN) Software... 3 Configuring the Mediatrix 1104... 6 Configuring
More informationVoIP / SIP Planning and Disclosure
VoIP / SIP Planning and Disclosure Voice over internet protocol (VoIP) and session initiation protocol (SIP) technologies are the telecommunication industry s leading commodity due to its cost savings
More information