Secure SIP? Do It Yourself! OpenFortress* digital signatures



Similar documents
SIP and VoIP 1 / 44. SIP and VoIP

CE Advanced Network Security VoIP Security

How To Use A Phone Over Ip (Phyto) For A Phone Call

Best Practices for Securing IP Telephony

Overview ENUM ENUM. VoIP Introduction (2/2) VoIP Introduction (1/2)

Internet Security. Prof. Anja Feldmann, Ph.D.

VOICE OVER IP SECURITY

Recommended IP Telephony Architecture

Application Note Configuring the Synapse SB67070 SIP Gateway for Broadvox GO! SIP Trunking

TLS and SRTP for Skype Connect. Technical Datasheet

Skype Connect Requirements Guide

Overview of VoIP Systems

VoIP Server Reference

SIP Trunking Configuration with

LifeSize Transit Deployment Guide June 2011

SIP Essentials Training

How to make free phone calls and influence people by the grugq

nexvortex Setup Guide

Formación en Tecnologías Avanzadas

Release the full potential of your Cisco Call Manager with Ingate Systems

Internet Voice, Video and Telepresence Harvard University, CSCI E-139. Lecture #5

VoIP & Internet Telephony

Using DNS SRV to Provide High Availability Scenarios

Note: As of Feb 25, 2010 Priority Telecom has not completed FXS verification of fax capabilities. This will be updated as soon as verified.

SIP and PSTN Connectivity. Jiri Kuthan, iptel.org September 2003

Alcatel OmniPCX Enterprise R11 Supported SIP RFCs

Fact Sheet. N-fon Case Study

SIP Security Controllers. Product Overview

SIP Proxy. SIP Proxy. Bicom SYSTEMS. SIP Proxy... Advanced Simplicity

KISUMU LAW COURTS: SPECIFICATIONS FOR A UNIFIED COMMUNICATION SYSTEM / VOICE OVER INTERNET PROTOCOL (VOIP) SOLUTION. Page 54 of 60

Dial91 iphone User Guide

Practical VoIP Peering. Klaus Darilion enum.at

1 SIP Carriers Warnings Vendor Contact Vendor Web Site : Versions Verified SIP Carrier status as of 9/11/2011

How To Set Up Skype Connect

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

Configuration Notes 0215

Internet Privacy Options

How To Implement A Cisco Vip From Scratch

Multimedia Service Platform

QUICK START GUIDE MONDOPAD/WIN

Cisco ATA 187 Analog Telephone Adaptor

Cisco Unified Communications 500 Series

Ingate Firewall/SIParator SIP Security for the Enterprise

SIP Trunking with Microsoft Office Communication Server 2007 R2

A P2P SIP Architecture - Two Layer Approach - draft-sipping-shim-p2p-arch-00.txt

TECHNICAL CHALLENGES OF VoIP BYPASS

Basic Vulnerability Issues for SIP Security

Bria iphone Edition User Guide

White paper. SIP An introduction

LifeSize Video Communications Systems Administrator Guide

SEUK. How to setup SIP Trunking?

Online course syllabus. MAB: Voice over IP

AT&T IP Flex Reach/ IP Toll Free Configuration Guide IC 3.0 with Interaction SIP Proxy

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

VOICE OVER IP (VOIP) TO ENTERPRISE USERS GIOTIS KONSTANTINOS

This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1.

Analysis of a VoIP Attack

Switchvox. Technical Application Notes

Cisco Multiservice IP-to-IP Gateway the Cisco IOS Session Border Controller

Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)

How to choose the right IP gateway for your VoIP migration strategy. Deployment note

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

Preparatory Meeting for Phase 2 of Philippine National ENUM Trial

IP Telephony and Network Convergence

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Application Note Multiple SIParator Distribution

OpenSIPS networking the VoIP

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0

Module 6. Designing and Deploying External Access. MVA Jump Start

QuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview

Impact of enum and IP telephony

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

How to Configure the Avaya IP Office 6.1 for use with Integra Telecom SIP Solutions

IP Phone Presence Setup

NCS 416 Paul Brennan Mohammed Haque IAX2 Trunking

OpenScape Business. Tutorial Networking OpenScape Business OpenScape Voice Configuration Guide. Version: 1.0

Bria iphone Edition User Guide

Alkit Reflex RTP reflector/mixer

Bria Android Edition User Guide

To ensure you successfully install Timico VoIP for Business you must follow the steps in sequence:

Cisco TelePresence Video Communication Server (Cisco VCS) IP Port Usage for Firewall Traversal. Cisco VCS X8.5 December 2014

The SIP School- 'Mitel Style'

Quick Setup Guide. Integration of Aastra MX-ONE / Aastra 700 and Microsoft Lync Server 2010

Advanced Internetworking

The SSCA SIP training program

SIP A Technology Deep Dive

VoIP Security. Seminar: Cryptography and Security Michael Muncan

Session Border Controller

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

How to Configure the NEC SV8100 for use with Integra Telecom SIP Solutions

SIP Trunking Application Notes V1.3

SIP Trunk Configuration Guide. using

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

LAN Planning Guide LAST UPDATED: 1 May LAN Planning Guide

Cisco Unified Communications Manager 7.0

White Paper. avaya.com 1. Table of Contents. Starting Points

Transcription:

Secure SIP? Do It Yourself! OpenFortress digital signatures

why divert from pots? Slow to accept change: Immobile numbers Switch to voicemail after N rings Caller-ID limitations Limited lingo: Voltage/frequency bursts Rigid bureaucracy: One supplier at any time Supplier switching difficulties Payment contracts between suppliers sipsecure intro OpenFortress

why switch to sip? SIP is the VoIP that can be as global as POTS It feels like POTS++ The world can upgrade gradually (DID, DOD, ENUM) Domain-based telephony (like email) Manufacturers aim at interoperability Unconstrained signalling lingo Broader media lingo (video, whiteboard, games) Call routing with the flexibity of the Internet More control over telephony sipsecure intro OpenFortress

annoying cheap sip SIP is sold as a cheap way to call More importantly, SIP can help to bypass POTS SIP networks are not being interconnected customers are kept ignorant but SIP was never intended to be confined! sipsecure intro cheap OpenFortress

annoying cheap sip OpenFortress is developing 0cpm.nl SIP-calls are connected directly non-sip calls are relayed to an upstream provider SIP calls at a guaranteed rate of 0 ct/min Aiming to connect as many domains/suppliers as possible Revolutionary pricing model: Charge only a SIP setup fee sipsecure intro cheap OpenFortress

why secure sip? Login is already protected Privacy yours your customer s Authenticity Caller-ID on POTS is reliable SIP needs authentication for that sipsecure security OpenFortress

sip and security Common SIP is: Lookups over DNS Signalling over UDP Media over RTP/UDP Not at all secure! sipsecure security OpenFortress

sip and security Formally, SIP is: Lookups over DNS or DNSsec Signalling over UDP, TCP or TLS Media over RTP/UDP with encryption options Potentially secure! sipsecure security OpenFortress

problems with secure sip TLS is just transport protection Wiretapping in civilised countries sipsecure security OpenFortress

tls is just transport protection Positive: TLS is not optional for SIP proxies conform RFC 3261 TLS could protect media encryption keys Negative: TLS protects connections between SIP proxies Most SIP-traffic passes through a number of proxies Reliance on all their trusted certificate lists sipsecure security tls4sip OpenFortress

wiretaps in the netherlands Public telephony providers must support taps Provider s encryption must be removed upon delivery Signalling party is responsible Wiretaps make TLS-security useless for privacy Only end-to-end encryption is really private No laws against explaining such encryption :-) sipsecure security wiretapping OpenFortress

solution (1) do not rely on vendors They must tap your traffic They won t support SIPS They probably filter out S/MIME attachments sipsecure solution OpenFortress

solution (2) do it yourself You alone can setup end-to-end encryption Welcome SRTP media on trusted networks Get a suitable telephone or media proxy Consider S/MIME for SRTP key exchange? NAT problems... Proxies may strip it off... sipsecure solution OpenFortress

solution (2) do it yourself Use your domain: sips:bakker@orvelte.nep Avoids POTS (and its related services) Use DNSsec or /etc/hosts By all means, both SIDN about DNSsec! SIP uses DNS SRV so /etc/hosts is not enough Accept TLS-based calls on a trusted network Possibly setup a translating proxy sipsecure solution OpenFortress

conclusions Secure SIP is good for privacy, authenticity Security is more important for SIP than for POTS Do not rely on a provider for Secure SIP Setup a few gateways yourself sipsecure conclusions OpenFortress

info@openfortress.nl http://openfortress.nl OpenFortress digital signatures

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information