VOIP Security Essentials. Jeff Waldron



Similar documents
ATA: An Analogue Telephone Adapter is used to connect a standard telephone to a high-speed modem to facilitate VoIP and/or calls over the Internet.

Security and Risk Analysis of VoIP Networks

Voice over IP Basics for IT Technicians

Voice over IP (VoIP) Basics for IT Technicians

Convergence Technologies Professional (CTP) Course 1: Data Networking

VoIP / SIP Planning and Disclosure

Receiving the IP packets Decoding of the packets Digital-to-analog conversion which reproduces the original voice stream

FACILITY TELECOMMUNICATIONS MANAGEMENT FOR THE GOVERNMENT EMERGENCY TELECOMMUNICATIONS SERVICE Introduction

Packetized Telephony Networks

IP Telephony Basics. Part of The Technology Overview Series for Small and Medium Businesses

VOICE OVER IP AND NETWORK CONVERGENCE

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

VOIP THE ULTIMATE GUIDE VERSION /23/2014 onevoiceinc.com

VoIP Resilience and Security Jim Credland

TECHNICAL CHALLENGES OF VoIP BYPASS

Frequently Asked Questions about Integrated Access

Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud Supervisor: Prof.Dr. Shawkat K.Guirguis

Gateways and Their Roles

VoIP Survivor s s Guide

Alexandre Weffort Thenorio - Data. IP-Telephony

Voice over IP Networks: Ensuring quality through proactive link management

Figure 1. Traditional PBX system based on TDM (Time Division Multiplexing).

TAXONOMY OF TELECOM TERMS

Quality of Service Testing in the VoIP Environment

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

How Small Businesses Can Use Voice over Internet Protocol (VoIP) Internet Technology for Voice Communications

Voice over Internet Protocol (VoIP) systems can be built up in numerous forms and these systems include mobile units, conferencing units and

PETER CUTLER SCOTT PAGE. November 15, 2011

1. Public Switched Telephone Networks vs. Internet Protocol Networks

How To Make A Cell Phone Converged Into A Cell Network

Indepth Voice over IP and SIP Networking Course

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

SAVE MONEY WITH THE RIGHT BUSINESS PHONE SYSTEM

Voice Over Internet Protocol (VoIP) Issues and Challenges William McCrum

TIME-SAVING VOIP FEATURES YOUR BUSINESS NEEDS

Voice over Internet Protocol. Kristie Prinz. The Prinz Law Office

Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2

Voice over IP (VoIP) for Telephony. Advantages of VoIP Migration for SMBs BLACK BOX blackbox.com

Overview of Voice Over Internet Protocol

Multi-layered Security Solutions for VoIP Protection

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

IP Telephony (Voice over IP)

VoIP Glossary. Client (Softphone client): The software installed in the userâ s computer to make calls over the Internet.

Goal We want to know. Introduction. What is VoIP? Carrier Grade VoIP. What is Meant by Carrier-Grade? What is Meant by VoIP? Why VoIP?

WAN Data Link Protocols

CHAPTER 1 INTRODUCTION

Telephony Fundamentals

How To Implement A Cisco Vip From Scratch

Threat Mitigation for VoIP

PSTN IXC PSTN LEC PSTN LEC STP STP. Class 4. Class 4 SCP SCP STP. Switch. Switch STP. Signaling Media. Class 5. Class 5. Switch.

White Paper. avaya.com 1. Table of Contents. Starting Points

Course 4: IP Telephony and VoIP

Security & Reliability in VoIP Solution

Three Network Technologies

Analysis and Simulation of VoIP LAN vs. WAN WLAN vs. WWAN

Contents. Specialty Answering Service. All rights reserved.

Best Practices for Securing IP Telephony

VOIP TELEPHONY: CURRENT SECURITY ISSUES

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP

Hosted PBX Platform-asa-Service. Offering

Securing SIP Trunks APPLICATION NOTE.

ETM System SIP Trunk Support Technical Discussion

Session Border Controllers in Enterprise

SIP Trunking The Provider s Perspective

Troubleshooting Voice Over IP with WireShark

IP Implementation in Private Branch Exchanges From 9:30 a.m until 4:30 p.m (7 hrs./day) 5 days / week

Written Testimony of John L. Barnes Director of Product Development Verizon Business. Hearing on VoIP: Who Has Jurisdiction to Tax It?

VoIP QoS. Version 1.0. September 4, AdvancedVoIP.com. Phone:

Contents Introduction Why Fax over IP? How Real-time Fax over IP works Implementation with MessagePlus/Open Summary. About this document

Ingate UC-SIP Trunking Summit

Integration of Voice over Internet Protocol Experiment in Computer Engineering Technology Curriculum

Re-Engineering Campus-Wide Internet Telephony Using Voice over Internet Protocol

SIP and VoIP 1 / 44. SIP and VoIP

Voice Over IP and Firewalls

ACD: Average Call Duration is the average duration of the calls routed bya a VoIP provider. It is a quality parameter given by the VoIP providers.

Threats to be considered (1) ERSTE GROUP

Agilent Technologies Performing Pre-VoIP Network Assessments. Application Note 1402

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

Convergence: The Foundation for Unified Communications

VoIP Workbook. VoIP Workbook. Copyright Page 1

Internet: Telephone Calls for Free with Vo I P I 19/1. Your PC can Make Telephone Calls to Anywhere in the World for Free!

Written by Igal Rabinovich, CEO IT Help Central. How to Successfully Select and Implement a Hosted VoIP System Page 1

SIP-ing? Pipeline Articles

Requirements of Voice in an IP Internetwork

WAN Technology. Heng Sovannarith

Functional Specifications Document

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

Subtitle. VoIP Migration Strategy. Keys to a Successful Planning and Transition. VoIP Migration Strategy Compare Business Products

Terms VON. VoIP LAN WAN CODEC

Voice over IP Technologies

Transcription:

VOIP Security Essentials Jeff Waldron

Traditional PSTN PSTN (Public Switched Telephone Network) has been maintained as a closed network, where access is limited to carriers and service providers. Entry to the PSTN has traditionally been a protected by price, as the annual costs exceed $100,000 (USD). These two characteristics of the PSTN (closed network and very high cost of access) have established the false perception that the PSTN is a secure network. This claim is quickly discredited once someone starts to analyze the security controls, or lack of, that are available in the PSTN.

PSTN Trust The PSTN is comprised of thousands of interconnected network elements over dedicated circuit switched facilities that use the SS7 (Common Channel Signaling System No.7, SS7 or C7) which relies upon a model of trusted neighbors.

Voice Over Internet Protocol (VOIP) Voice over IP the transmission of voice over packet-switched IP networks is one of the most important emerging trends in telecommunications. VOIP introduces both security risks and opportunities. VOIP has a very different architecture than traditional circuit-based telephony, and these differences result in significant security issues. Lower cost and greater flexibility are among the promises of VOIP for the enterprise

VOIP Advantages Cost Savings (toll charges, PBX vendor costs, moves-addschanges) A study by The Yankee Group noted VOIP systems were 22% less expensive to operate than circuit-switched networks. Most saving is found within new site facilities only needing one copper infrastructure. Almost all organization have existing IP infrastructure. VOIP can run over wired or wireless infrastructure Mobility (routing phone numbers to dynamic IP address)

VOIP Disadvantages Initial start-up cost. Phone VOIP equipment (call center, gateway) Additional training for IT staff to support. Power outage. All components supporting VOIP system need UPS protection Voice Quality and QOS Requirements Network and Codecs affect voice quality Latency (acceptable delay < 150 ms) Jitter (variations in delay) Packet loss New security requirements to deal with: Denial of Service, Eavesdropping, Misuse/fraud, Impersonation Softphones

VOIP Security Basics Secure the VOIP gateways (or call centers) Ensure anti-virus is installed and updated/current. Configure the devices securely Apply patches Apply security settings/configurations at boundaries and devices Ensure VOIP Gateway is behind enterprise firewall Segment voice and data traffic on separate VLANS UPS is key to availability

VOIP Architecture PBX Replacement Vendors are no longer offering the traditional PSTN on the new offerings of PBX devices. Organizations will be forced to migrate to VOIP. Media Servers and Gateways Connect calls within VOIP system Connect calls between PSTN and VOIP End Nodes VOIP capable phones (wired or wireless) Softphones IM Clients Video Clients

VOIP Protocols Current VOIP systems use either a proprietary protocol, or one of two standards, H.323 and the Session Initiation Protocol (SIP). Although SIP seems to be gaining in popularity, neither of these protocols has become dominant in the market yet, so it often makes sense to incorporate components that can support both.

Skype With over 29 Million Skype users online at one time as of June 2006, Skype is a technology to be dealt with A peer-to-peer VOIP client Secured using 256 bit AES encryption PGP authentication

VOIP in the News VoIP theft nets $1M, two arrests Published: 2006-06-09 (http://www.securityfocus.com/brief/225) At least 15 Internet phone companies were hacked --one of which suffered as much as $300,000 in loses as a result of the attacks. The group sold more than ten million minutes of telephone time for as little as 0.4 cents per minute

VoFi [Voice-over-WiFi] While it's still very early for voice-over-802.11 handsets, users and vendors alike will have to think hard about security issues -- particularly since vendors are scheduled to bring a wave of new dual-mode handsets to market, creating the potential for many more of these devices entering the workplace, often without the IT department knowing about it.

VOIP Security Issues There are Four main issues of VoIP security. Authentication: Is the party who answered the call the intended destination? Nonrepudiation: Once a destination accepts a call, is there anything in place that prohibits it from denying receipt of the connection? Privacy: Is the call content secure? Availability: Users expect to hear a dial tone when they pick up the phone.

VOIP Ready for Primetime? May not be ready for external Enterprise use depending on industry/staff knowledge. Could be used to connect branch offices/agents to a corporate headquarters. Requires a different mindset to implement within a business structure. Works well in the home environment.

Summary Standards are maturing and there are so many of them to choose from OK for home use. Will reduce or eliminate long-distance bills Good option for use by mobile users depending on the nature of the calls. Cell phone might still be an option.

Conclusion VOIP is still an emerging technology, so it is difficult to develop a complete picture of what a mature worldwide VOIP network will one day look like. As the emergence of SIP has shown, new technologies and new protocol designs have the ability to radically change VOIP.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information