Data Security in a Converged Network

Size: px
Start display at page:

Download "Data Security in a Converged Network"

Transcription

1 Data Security in a Converged Network A Siemens White Paper Author: Contributors: Joel A. Pogar National Practice Manager Secure Network Services Joel.Pogar@icn.siemens.com Jeff Corcoran Solutions Architect, HiPath Professional Services Jeff.Corcoran@icn.siemens.com Steve Murphy Project Manager, HiPath Professional Services Steve.Murphy@icn.siemens.com Alan Medsker Engineer, HiPath Solutions Team Alan.Medsker@icn.siemens.com Steve Brodson Engineer, HiPath Network Integration Services Steve.Brodson@icn.siemens.com W. Bryan Dawson Security Engineer, Secure Network Services Bryan.Dawson@icn.siemens.com

2 Abstract Technology allowing Voice Over Internet Protocol (VoIP) has been available for a number of years, however, it has not been accepted as a mainstream technology in the enterprise until recently. There has been a strong and growing value proposition for the replacement of traditional PBX systems with VoIP. The benefits of ROI, communication flexibility and the concept of one network have been powerful drivers for the enterprise to adopt VoIP. One of the most significant questions around deployment of VoIP systems has been security. Since 9/11, security is no longer an optional line item. There has been a lot of discussion around VoIP security and there seems to be more questions than available answers. The intent of this paper is to educate you, the reader, on VoIP security issues and dispel fact from myth. The information presented in this document is technical in nature but straightforward and easy to understand. The vulnerabilities in VoIP are clearly identified and illustrated for non-technical individuals. Presenting this information in a public forum, such as this paper, does not jeopardize the security of existing VoIP systems. Most of the information presented here is already known by skilled attackers. This open discussion of vulnerabilities is intended to prompt vendors and the VoIP user community to be more diligent about their security. In the end, sharing this information will allow for a more secure and trusted environment. Introduction provides a wide variety of products and services to enable real-time communications. Specifically, our HiPath Voice Over IP (VoIP) portfolio was designed to enable real-time time communications in an enterprise environment. As with any rapidly evolving technology like VoIP, there will always be risk. Siemens Enterprise Networks is experienced and adept at providing the services and peace of mind to ensure your real-time communications are secure. This paper has evolved from years of experience in the communications and security industry. We have found that clients continue to ask the same questions when it comes to the deployment of VoIP and the associated security issues. Siemens believes it is important to understand the benefits AND risks of an investment in any technology. While many forums have discussed the benefits of VoIP, few have openly discussed security risks as they are presented here. This paper has been organized in a dialog style and attempts to directly answer key questions about VoIP security. It is also vendor agnostic. We do not discuss specific products or vendors because this paper was not meant to be an advertising vehicle or to publicly criticize competitive solutions. In writing this paper, our goal was to provide a neutral view, which would lend more credibility and open discussion of the topics presented. It is our hope and intention that this document provides the information you re looking for and it is a useful resource in your search for information on VoIP security Siemens Information and Communication Networks, Inc. Data Security in a Converged Network A Siemens White Paper 1

3 What s the difference between a threat, vulnerability and a risk? While this question is not specific to convergence, it is important to understand the differences between them. A threat is an external security issue represented by a natural or man-made attack. For example, a lightning bolt represents a natural attack as the lightning can threaten the safety and security of a data network. Similarly, an external intruder is a man-made threat, which attempts to compromise a network. A vulnerability is defined as a specific degree of weakness of an individual computer or network exposed to the influence of a threat. For example, if you have not applied the latest security patch to the operating system of your Web server then you have a vulnerability because that computer system is exposed to a threat, a potential intruder. A risk is the degree of probability that a disaster will occur in light of the existing conditions and the degree of vulnerability or weakness present in the system. The key difference between a threat and risk is that threat is related to the potential occurrence of a security issue, while risk is the probability of an incident occurring based on the degree of exposure to a threat. Risk, for security purposes, is usually calculated in dollars and cents. It s important to realize that you may have a vulnerability but without a threat, you have no risk. Evaluating each one of these factors is critical to know what security exposures you have, how critical they are and what impact they will have in your environment. Does VoIP introduce any new security vulnerabilities to an enterprise network? VoIP, by itself, represents a new vector for potential security issues but DOES NOT introduce any new vulnerabilities that have not been seen before. Some experts have argued that packetizing voice and placing it on a data network makes voice communication more accessible and easier to intercept we would have to agree with this point. In a traditional, analog environment, physical access to a switch or wring closet was usually necessary to intercept communications between two parties. By placing voice traffic on a data network, one could potentially intercept a voice communication by capturing the associated packets as they traverse a large network. Attackers have already developed easy to use tools for this purpose and one of the more popular tools is Vomit (Voice Over Misconfigured Internet Telephones, There are other concerns about VoIP from a risk management perspective, such as having all your eggs in one basket. For example, should your data network experience a critical failure you are now without voice AND data communications. The impact to your business could be greater for a prolonged outage of both systems rather than having separate systems. Therefore, you need to ensure that your organization has adequate business continuity and disaster recovery plans Siemens Information and Communication Networks, Inc. Data Security in a Converged Network A Siemens White Paper 2

4 What security threats should I be most concerned with for VoIP? As we have stated previously, there are no new vulnerabilities introduced by adding VoIP to your environment. Many of the already well-known security vulnerabilities can adversely impact voice communications and need to be guarded against. The most significant concerns in a VoIP environment are: Denial of Service (DoS) attacks: Endpoints, such as IP telephones, and VoIP gateways (SIP proxies), can be bombarded with SYN or ICMP packets in an attempt to disrupt communications Call Interception: Unauthorized monitoring of voice packets or Real-Time Transport Protocol (RTP) Signal Protocol Tampering: In the same category as call interception, a malicious user could monitor and capture the packets that setup the call. By doing this, it is possible for them to manipulate fields in the data stream and make VoIP calls without using a VoIP phone. Or, they could make an expensive call (i.e. International) and make the IP-PBX believe it originated from another user Presence Theft: Impersonation of a legitimate user sending or receiving data Toll Fraud: The ability of a malicious user or intruder to place fraudulent calls Call Handling OS: The call handling software of many IP-PBX systems relies on operating systems, or operating system components, that may not be secure. For example, the use of Microsoft IIS as a Web-based configuration tool for the IP-PBX may introduce significant vulnerabilities in your VoIP environment While it is impossible to completely eliminate all of these threats, they can be sufficiently mitigated in a few simple steps. There are many published and well written documents for minimizing your exposure to a Denial of Service (DoS) attacks. Following these guidelines will reduce the amount of DoS traffic your network is exposed to and your overall vulnerability to a DoS attack. Signal Tampering, as mentioned above, could be considered a DoS attack depending on how it is executed. Encrypting VoIP traffic, where possible, it will prevent the unauthorized interception of VoIP calls. While many vendors cannot encrypt traffic down to the handset today, this technology is in the very near future. However, there are several options for encrypting VoIP traffic while it is traversing the core of your network enroute to its destination. Presence theft offers a unique challenge in today s VoIP environment. The best countermeasure for presence theft is strong authentication (i.e. two factor authentication), although few, if any, vendors can support this today. Strong authentication at the IP endpoint is another emerging technology, which will be available soon. Until then we will have to rely on some security features built into the SIP and H.323 protocols such as address authentication, CSeq and Call-ID headers. To manage the threat of toll fraud, it is important that IP-PBX administrators employ the same call restrictions on an IP-PBX as they would a traditional TDM-PBX. International calling, blocking 900 numbers, etc. should all be employed on an IP-PBX. These systems are just as vulnerable, if not more, to the traditional phreaking attacks seen on TDM systems. Finally, and perhaps the most critical issue, is the operating system security of the call handling software. Many call handling systems run as applications or services on Microsoft or Linux platforms. These applications are installed and deployed without regard for the security of the underlying operating system. Therefore, it is critical to ensure that the OS of your call handling software is not using any unnecessary services (i.e. FTP) and has any security patches applied. The only caveat here is to make sure that disabling these services will not adversely impact your VoIP system. For example, as an administrator you may feel an HTTP server is unnecessary and disable it. However, that HHTP server could be a required component for remote configuration or administration. Check with your VoIP vendor before making any operating system changes or applying any OS patches Siemens Information and Communication Networks, Inc. Data Security in a Converged Network A Siemens White Paper 3

5 Do the endpoints, or IP phones, have any specific vulnerabilities to be aware of? The IP phones are intelligent devices with a processor, memory an operating system and communication capability. The good news is that they have a relatively limited input scheme from the twelveposition touchpad for dialing and a few programmable buttons. The most significant vulnerability, and this varies by vendor, is the ability to reset the IP phone to factory defaults via a reset button or function. When the device is reset, some vendors provide a greater level of access to the VoIP system to configure the phone for the first time. A malicious user could compromise or reset administrator level passwords during the configuration process. The best solution is to limit the deployment of IP phones in public environments such as lobbies or public phone banks. Ensure that it is not possible to reset the phones used in these locations. Other than this small possibility, the IP phones of today do not represent a significant security threat. As the phones get more intelligent this may change. Is it easy to intercept or monitor a VoIP conversation? It s not that difficult considering most of the tools used are available for free download on the Internet. Consider the following hypothetical scenario. An attacker that had physical access to the LAN, perhaps an employee could plug into the network and identify a target phone they wanted to monitor. With any tool like tcpdump, it would be very easy to identify the IP and MAC address of the phone to be attacked. By using an arp spoofing tool, the attacker could impersonate the local gateway and the IP phone on the network. This allows IP traffic to and from the target IP phone to be monitored by the attacking workstation. FragRouter or IP forwarding would have to be enabled on the attacking machine so the data packets would reach their ultimate destination. Next, using tcpdump again, the attacker would capture VoIP packets and save them to a file. Once the attacker has captured the amount of data desired, it can be played back using Vomit and the appropriate codec. This example represents a simplified scenario but it would work. The risk of experiencing this ARP Spoof of IP Phone Attacker Linux Workstation with DSniff ARP Spoof FragRouter Vomit L2 Switch ARP Spoof of default gateway Router Victim IP Telephone attack is somewhat limited because it would require physical access to the local network or remote access to a compromised L2 Switch Router Call handling software Router L2 Switch IP Telephone #1 host on the local network. In addition, ARP spoofing does not work across the Internet or a wide-area-network (WAN). What tools are available to monitor or manage the security of a VoIP environment? VoIP is just now becoming a mainstream technology. Many of the available VoIP tools are designed for performance management and enhancement, not security. Because we have discussed that VoIP is not a unique vulnerability in a data environment, traditional data security tools would be sufficient to monitor and manage your VoIP network. Some components, like IDS, may have specific tuning needs but they should still be effective Siemens Information and Communication Networks, Inc. Data Security in a Converged Network A Siemens White Paper 4

6 Can my firewall/nat infrastructure handle VoIP traffic? First of all, you will need to examine the topology of your network. Most VoIP traffic today does not traverse a public network, VPNs excluded, such as the Internet. The availability and use of the Internet as a carrier for VoIP is not reality today. This can and most certainly will change in the future as the technologies evolve and mature. If your environment has layers of internal firewalls between networks and VoIP will traverse these devices, it is doubtful your firewall can efficiently VoIP traffic. Most conventional firewalls, today, cannot natively support SIP or H.323, the two primary VoIP protocols. Native support does not mean opening the ports that SIP or H.323 would use. Native support does mean the firewall has a predefined service type for VoIP and has the capability to open and inspect these packets. While there are some commercial firewalls capable of doing this, this feature is not yet pervasive in the firewall industry. A second issue with conventional firewalls is their inability to efficiently handle large amounts of small packets. Large amounts of small data packets are what most VoIP traffic consists of. On average, VoIP conversations generate packets per second and packets that are bytes in size. If this were an FTP download, the network could handle the same volume of data content in a fewer number of larger packets yielding much less information for the firewall to inspect. A good analogy for this concept is a shipyard. If you had 100 crates to inspect and ship would you rather put them on a single boat that can handle all 100 crates or would you want to put them on ten boats that can only handle 10 crates each? It would obviously take more work and effort to ship your crates on ten different boats. The small packet size allows low latency and better performance for the VoIP system but not for the firewall, which is used to handling larger ships. Because firewalls cannot efficiently handle large amounts of small packets, the throughput capability of the firewall begins to degrade along with the quality of service. Therefore the voice conversation may begin to falter or other data traffic will be delayed or dropped based on a variety of configuration options in your network. Finally, most firewalls utilize some type of Network Address Translation to conserve IP address space. However, many VoIP systems will not work properly with complex NAT environments. Depending on the firewall vendor and product, some NAT implementations embed IP address information in the payload portion of the packet. When the VoIP system receives the IP address data instead of voice data, it does not know how to handle it. Thus, another opportunity for a dropped call, poor voice quality or complete inability to make a call on a VoIP system due to firewall or NAT issues. If firewalls cannot efficiently handle voice traffic today, what technology should I have at my network perimeter? For security and performance issues, it is best to offload your real-time or VoIP protocols from your data network. If your VoIP data is going to traverse a public network, it is our recommendation to use a reverse proxy or multimedia gateway designed to handle real-time communications. There are several vendors now making these gateways to act as firewalls. They offer the advantage of better security for real-time communications and the performance to handle large amounts of small packets. Data traffic Voice traffic L2 Switch Router Firewall Multimedia gateway Internet Do I need an Intrusion Detection System on my VoIP network? It certainly would not hurt to have an IDS system on a VoIP network. However, in our experience, we have seen IDS systems generate a substantial amount of false positives on a voice network. Many, but not all, IDS systems use pattern matching to detect anomalies. To an IDS system, voice traffic is just a series of 1s and 0s. It is inevitable that the conversion of voice to a data value for network transport will match some IDS signature and generate an alert. If you choose to use IDS on your voice network, be aware that a larger number of false positives can be generated and considerable grooming may be required to have the IDS system operate effectively. If your IDS system has the ability to disconnect potential intruders this could disrupt voice calls if they have been incorrectly assessed as an attack by the IDS system Siemens Information and Communication Networks, Inc. Data Security in a Converged Network A Siemens White Paper 5

7 Of the two most used VoIP protocols, SIP and H.323, which is more secure? From a security perspective, both protocols are fairly equal. It s very difficult to say one is more secure than the other. They both offer authentication and encryption features within the protocol but few vendors are leveraging the complete capabilities of either protocol. They also share a common vulnerability in their signaling or call setup. As we have discussed previously in this paper, the call signaling is crucial to VoIP communications and disrupting or attacking the signaling process could be a type of DoS or a way to fraudulently use the IP-PBX. Although they both have pros and cons, we would feel very comfortable recommending either of these two protocols based solely on their security capabilities. has a very good, side-by-side, comparison of the two protocols. Based on the technology available today, what would you recommend to secure a VoIP environment? Keep in mind there is no such thing as a secure environment. As security professionals, it s our job to minimize risk. To minimize the security risks in a VoIP environment, we would recommend the following: Virtual LANs Make use of VLANs to segregate VoIP from data traffic. The VLAN will give you some quality of service benefits as well as add another layer of complexity for an attacker trying to sniff or capture packets off the network. Keeping voice and data on separate VLANs is a good idea for increasing security and performance. Unauthorized devices or spoofing can be mitigated if the switch/router can deny forwarding packets for devices with MAC addresses/ip addresses not matching lists of allowed devices. However this measure is invalidated with soft phones running on PCs since these are allowed devices that reside on the data network. Additionally, the best practice for securing a voice VLAN is to control the traffic between the voice and data VLAN using filtering and/or firewalls. This can prevent DoS attacks and spoofing as well as providing general filtering that limits malicious footprinting. Finally, it s a good idea to use RFC 1918 addresses for IP phones to make external scanning for voice devices very difficult and to ensure that no packets can ever be routed out of the corporate network. Encryption Where possible, implement encryption through VPNs or any method available to you. Encryption does the potential to delay voice packets and adversely affect the performance of VoIP on your network, especially if there are multiple encryption points. However, as long your network is operating efficiently, the overhead of the encryption should have little impact on the performance of the VoIP system. You can minimize the risk to voice quality even more by employing hardware crypto systems rather than those performed in software. Direct firewall support If VoIP traffic will be traversing a firewall, make sure your firewall is capable of direct support for SIP or H.323. If you have to open a port to allow these protocols through, then your firewall does not adequately support VoIP. Use of reverse proxies Segment your VoIP traffic from your data traffic and consider using a multimedia gateway or reverse proxy. These devices offer greater security and are designed to handle VoIP traffic more efficiently than a traditional firewall. Secure OS of call handling software Use a commercial scanning tool to probe the call servers in your VoIP system. If any critical or high-level vulnerabilities arise, contact your vendor to have them corrected as soon as possible. Care should be taken to allow only necessary services to run and to limit the number of listening ports that could be attacked. This might warrant placing core VoIP devices in a safe zone behind a firewall or a router with access filters. Routine monitoring Managed services are a good idea if you do not have the resources to keep an eye on your network. It also makes sense when your VoIP system becomes mission critical. You should establish daily, weekly and quarterly milestones of activity to watch for. This ensures your system is performing adequately and that your VoIP has not been compromised. Sound practices Observe sound security practices. Strong passwords, anti-virus protection, reliable backup, etc. are all part of a good data security program. If you have a good data security program already in place then you have that much of an advantage when implementing VoIP Siemens Information and Communication Networks, Inc. Data Security in a Converged Network A Siemens White Paper 6

8 Will security issues slow the adoption of VoIP technologies? Probably not. Although several organizations have delayed implementing VoIP technologies until the security impact to the organization could be analyzed this delay has only been a few weeks in duration and is negligible in the overall adoption rate. Many organizations quickly realize the issues we have presented in this paper and concluded that no additional security risks are introduced through the implementation of VoIP. Siemens Information and Communication Networks, Inc. 900 Broken Sound Parkway Boca Raton, FL Collateral stock number G0303-W Availability and technical specifications are subject to change without notice. PDF Produced in the U.S.A. Siemens Information and Communication Networks, Inc. All Rights Reserved. Siemens is a registered trademark of Siemens AG. All other trademarks, product and company names are the property of their respective owners.

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP (VoIP) Denial of Service (DoS) Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Avaya G700 Media Gateway Security - Issue 1.0

Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Ingate Firewall/SIParator SIP Security for the Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...

More information

PETER CUTLER SCOTT PAGE. November 15, 2011

PETER CUTLER SCOTT PAGE. November 15, 2011 Future of Fax: SIP Trunking PETER CUTLER SCOTT PAGE November 15, 2011 QUESTIONS AND ANSWERS TODAY S SPEAKERS Peter Cutler Vice President of Sales Instant InfoSystems Scott Page Subject Matter Expert Dialogic

More information

Villains and Voice Over IP

Villains and Voice Over IP Villains and Voice Over IP Heather Bonin ECE 578 March 7, 2004 Table of Contents Introduction... 3 How VOIP Works... 3 Ma Bell and her Babies... 3 VoIP: The New Baby on the Block... 3 Security Issues...

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Threat Mitigation for VoIP

Threat Mitigation for VoIP Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Basic Vulnerability Issues for SIP Security

Basic Vulnerability Issues for SIP Security Introduction Basic Vulnerability Issues for SIP Security By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com The Session Initiation Protocol (SIP) is the future

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc. Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim

More information

Avaya TM G700 Media Gateway Security. White Paper

Avaya TM G700 Media Gateway Security. White Paper Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network 10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity

More information

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Proprietary 2011 Media5 Corporation Table of Contents Introduction... 3 Solution Overview... 3 Network Topology... 4 Network Configuration...

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

Securing VoIP Networks using graded Protection Levels

Securing VoIP Networks using graded Protection Levels Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract

More information

Multi-layered Security Solutions for VoIP Protection

Multi-layered Security Solutions for VoIP Protection Multi-layered Security Solutions for VoIP Protection Copyright 2005 internet Security Systems, Inc. All rights reserved worldwide Multi-layered Security Solutions for VoIP Protection An ISS Whitepaper

More information

Application Note - Using Tenor behind a Firewall/NAT

Application Note - Using Tenor behind a Firewall/NAT Application Note - Using Tenor behind a Firewall/NAT Introduction This document has been created to assist Quintum Technology customers who wish to install equipment behind a firewall and NAT (Network

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Security and the Mitel Teleworker Solution

Security and the Mitel Teleworker Solution Security and the Mitel Teleworker Solution White Paper July 2007 Copyright Copyright 2007 Mitel Networks Corporation. This document is unpublished and the following notice is affixed to protect Mitel Networks

More information

Voice over IP (VoIP) Vulnerabilities

Voice over IP (VoIP) Vulnerabilities Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT diane.davidowicz@noaa.gov "Security problems in state of the art IP-Telephony

More information

INTRODUCTION TO FIREWALL SECURITY

INTRODUCTION TO FIREWALL SECURITY INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

VoIP Security Threats and Vulnerabilities

VoIP Security Threats and Vulnerabilities Abstract VoIP Security Threats and Vulnerabilities S.M.A.Rizvi and P.S.Dowland Network Research Group, University of Plymouth, Plymouth, UK e-mail: info@network-research-group.org This paper presents the

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Solution Brief. Secure and Assured Networking for Financial Services

Solution Brief. Secure and Assured Networking for Financial Services Solution Brief Secure and Assured Networking for Financial Services Financial Services Solutions Page Introduction To increase competitiveness, financial institutions rely heavily on their networks to

More information

THE ROLE OF IDS & ADS IN NETWORK SECURITY

THE ROLE OF IDS & ADS IN NETWORK SECURITY THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security

More information

Firewall Security. Presented by: Daminda Perera

Firewall Security. Presented by: Daminda Perera Firewall Security Presented by: Daminda Perera 1 Firewalls Improve network security Cannot completely eliminate threats and a=acks Responsible for screening traffic entering and/or leaving a computer network

More information

Network Instruments white paper

Network Instruments white paper Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features

More information

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall? What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to

More information

NETWORK SECURITY (W/LAB) Course Syllabus

NETWORK SECURITY (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information

More information

This chapter covers the following topics:

This chapter covers the following topics: This chapter covers the following topics: Components of SAFE Small Network Design Corporate Internet Module Campus Module Branch Versus Headend/Standalone Considerations for Small Networks C H A P T E

More information

VegaStream Information Note Considerations for a VoIP installation

VegaStream Information Note Considerations for a VoIP installation VegaStream Information Note Considerations for a VoIP installation To get the best out of a VoIP system, there are a number of items that need to be considered before and during installation. This document

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005 State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

Session Border Controllers in Enterprise

Session Border Controllers in Enterprise A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing

More information

ICANWK406A Install, configure and test network security

ICANWK406A Install, configure and test network security ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.

More information

Voice over IP Security

Voice over IP Security Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with

More information

How To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib

How To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib NetVanta Unified Communications Technical Note The Purpose of a SIP-Aware Firewall/ALG Introduction This technical note will explore the purpose of a Session Initiation Protocol (SIP)-aware firewall/application

More information

An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons

An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons TRAVERSING FIREWALLS AND NATS WITH VOICE AND VIDEO OVER IP An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons Traversing Firewalls and NATs With Voice and Video Over

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

How To Prevent Hacker Attacks With Network Behavior Analysis

How To Prevent Hacker Attacks With Network Behavior Analysis E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security Patton Electronics Co. www.patton.com 7622 Rickenbacker Drive, Gaithersburg, MD 20879, USA tel: +1 301-975-10001000 fax: +1 301-869-9293 Application Note Patton SmartNode in combination with a CheckPoint

More information

Securing a Converged Network By Steven Sullivan

Securing a Converged Network By Steven Sullivan Securing a Converged Network By Steven Sullivan Abstract Network security has traditionally been viewed in business as more of a cost than a benefit. But the latest trends are towards converged networks

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

An outline of the security threats that face SIP based VoIP and other real-time applications

An outline of the security threats that face SIP based VoIP and other real-time applications A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Guidance Regarding Skype and Other P2P VoIP Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

White Paper. avaya.com 1. Table of Contents. Starting Points

White Paper. avaya.com 1. Table of Contents. Starting Points White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting

More information

SIP Security Controllers. Product Overview

SIP Security Controllers. Product Overview SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Proxy Server, Network Address Translator, Firewall. Proxy Server

Proxy Server, Network Address Translator, Firewall. Proxy Server Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as

More information

Beyond Quality of Service (QoS) Preparing Your Network for a Faster Voice over IP (VoIP)/ IP Telephony (IPT) Rollout with Lower Operating Costs

Beyond Quality of Service (QoS) Preparing Your Network for a Faster Voice over IP (VoIP)/ IP Telephony (IPT) Rollout with Lower Operating Costs Beyond Quality of Service (QoS) Preparing Your Network for a Faster Voice over IP (VoIP)/ IP Telephony (IPT) Rollout with Lower Operating Costs Beyond Quality of Service (QoS) Cost Savings Unrealized THE

More information

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server Quick Start Guide October 2013 Copyright and Legal Notice. All rights reserved. No part of this document may be

More information

Network Security Topologies. Chapter 11

Network Security Topologies. Chapter 11 Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network

More information

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the

More information

Firewall Architecture

Firewall Architecture NEXTEP Broadband White Paper Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper June 2001 Firewall Architecture WHAT

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

VOIP Security Essentials. Jeff Waldron

VOIP Security Essentials. Jeff Waldron VOIP Security Essentials Jeff Waldron Traditional PSTN PSTN (Public Switched Telephone Network) has been maintained as a closed network, where access is limited to carriers and service providers. Entry

More information

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style

More information

Safeguards Against Denial of Service Attacks for IP Phones

Safeguards Against Denial of Service Attacks for IP Phones W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)

More information

nexvortex SIP Trunking Implementation & Planning Guide V1.5

nexvortex SIP Trunking Implementation & Planning Guide V1.5 nexvortex SIP Trunking Implementation & Planning Guide V1.5 510 S PRING S TREET H ERNDON VA 20170 +1 855.639.8888 Introduction Welcome to nexvortex! This document is intended for nexvortex Customers and

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6?

Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? - and many other vital questions to ask your firewall vendor Zlata Trhulj Agilent Technologies zlata_trhulj@agilent.com

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Firewalls and Network Defence

Firewalls and Network Defence Firewalls and Network Defence Harjinder Singh Lallie (September 12) 1 Lecture Goals Learn about traditional perimeter protection Understand the way in which firewalls are used to protect networks Understand

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering The ProSafe VPN Firewall 50 provides you with Web content filtering options such as Block Sites and Keyword Blocking. Parents and network administrators

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2

Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2 Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2 Updated: February 2009 Microsoft Response Point is a small-business phone solution that is designed to be easy to use and

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

Security and Risk Analysis of VoIP Networks

Security and Risk Analysis of VoIP Networks Security and Risk Analysis of VoIP Networks S.Feroz and P.S.Dowland Network Research Group, University of Plymouth, United Kingdom e-mail: info@network-research-group.org Abstract This paper address all

More information

IP Telephony Management

IP Telephony Management IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient

More information

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP ENTERPRISE VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information