VmSat (VoIP monitoring & Security assessment tool)



Similar documents
PENTEST. Pentest Services. VoIP & Web.

Common VoIP problems, How to detect, correct and avoid them. Penny Tone LLC 1

Fundamentals of VoIP Call Quality Monitoring & Troubleshooting. 2014, SolarWinds Worldwide, LLC. All rights reserved. Follow SolarWinds:

NEW!!! Industry s only Comprehensive VoIP Security Boot Camp

VOIP Guide Using ZyXEL Switch

Troubleshooting Voice Over IP with WireShark

VOIP TELEPHONY: CURRENT SECURITY ISSUES

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Indepth Voice over IP and SIP Networking Course

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

Your new VoIP Network is working great Right? How to Know. April 2012 WHITE PAPER

Observer Analysis Advantages

LIST OF FIGURES. Figure No. Caption Page No.

Quality of Service (QoS) and Quality of Experience (QoE) VoiceCon Fall 2008

Voice Over IP (VoIP) Denial of Service (DoS)

Digital Advisory Services Professional Service Description Network Assessment

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING.

Network Management and Monitoring Software

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs

Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information

Application Note. Pre-Deployment and Network Readiness Assessment Is Essential. Types of VoIP Performance Problems. Contents

Security Advisory. Some IPS systems can be easily fingerprinted using simple techniques.

ETM System SIP Trunk Support Technical Discussion

Lab VI Capturing and monitoring the network traffic

Huawei esight Brief Product Brochure

SLA para aplicaciones en redes WAN. Alvaro Cayo Urrutia

Network Performance Monitoring at Minimal Capex

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Secure Networks for Process Control

Best Practices for Securing IP Telephony

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Check Point submitted the SWG Secure Web Gateway for

Getting Started with VoIP Reports

Troubleshooting Common Issues in VoIP

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Authors Mário Serafim Nunes IST / INESC-ID Lisbon, Portugal mario.nunes@inesc-id.pt

SIP, Security and Session Border Controllers

Voice, Video and Data Convergence > A best-practice approach for transitioning your network infrastructure. White Paper

Company & Solution Profile

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

PANDORA FMS NETWORK DEVICES MONITORING

ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network

Network Instruments white paper

Securing Cloud using Third Party Threaded IDS

Introducing Cisco Voice and Unified Communications Administration Volume 1

Benefits. Around-the-clock data collection and CDR warehousing ensures data is there when needed

Radware s Behavioral Server Cracking Protection

How to Configure the Allworx 6x, 24x and 48x for use with Integra Telecom SIP Solutions

Voice Over IP and Firewalls

VoIP Security Threats and Vulnerabilities

Wildix Management System (WMS) White Paper

Traffic Characterization and Perceptual Quality Assessment for VoIP at Pakistan Internet Exchange-PIE. M. Amir Mehmood

Securing VoIP Networks using graded Protection Levels

Interoperability Test Plan for International Voice services (Release 6) May 2014

CiscoWorks Internetwork Performance Monitor 4.0

Application Notes. Introduction. Contents. Managing IP Centrex & Hosted PBX Services. Series. VoIP Performance Management. Overview.

The Triple Play Analysis Suite - VoIP. Key Features. Standard VoIP Protocol G.711 SIP RTP / RTCP. Ethernet / PPP. XDSL, Metro Ethernet

Network Management. 8.1 Centralized Monitoring, Reporting, and Troubleshooting Monitoring Challenges and Solutions CHAPTER

PANDORA FMS NETWORK DEVICE MONITORING

CT LANforge-FIRE VoIP Call Generator

Update in Methodology of SIP Performance Testing and its Application

Thanks to SECNOLOGY s wide range and easy to use technology, it doesn t take long for clients to benefit from the vast range of functionality.

Basic & Advanced Administration for Citrix NetScaler 9.2

VIRTUALIZED WEB DESKTOP Towards a Faster Web Cloud Operating System

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

The Value of Automated Penetration Testing White Paper

Managing IT Security with Penetration Testing

A Model-based Methodology for Developing Secure VoIP Systems

EXpert Test Tools PLATFORM SOFTWARE TOOLS FOR TESTING IP-BASED SERVICES

OneSight Voice Quality Assurance

FIREWALL POLICY November 2006 TNS POL - 008

A Tool for Evaluation and Optimization of Web Application Performance

Voice over IP Networks: Ensuring quality through proactive link management

Voice over IP Probe! for Network Operators and! Internet Service Providers

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University

QoS in VoIP. Rahul Singhai Parijat Garg

Hur kvalitetsäkrar vi tjänsterna i molnet!

How To Deliver High Quality Telephony Over A Network

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Enterprise Voice and Online Services with Microsoft Lync Server 2013

The Trivial Cisco IP Phones Compromise

Usage of OPNET IT tool to Simulate and Test the Security of Cloud under varying Firewall conditions

Business case for VoIP Readiness Network Assessment

VisuSniff: A Tool For The Visualization Of Network Traffic

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

NETFORT LANGUARDIAN MONITORING WAN CONNECTIONS. How to monitor WAN connections with NetFort LANGuardian Aisling Brennan

Voice over IP Basics for IT Technicians

Secure VoIP Transmission through VPN Utilization

AC : A VOICE OVER IP INITIATIVE TO TEACH UNDERGRADUATE ENGINEERING STUDENTS THE FUNDAMENTALS OF COMPUTER COMMUNICATIONS

Information Security Assessment and Testing Services RFQ # Questions and Answers September 8, 2014

Common issues of hosted VOIP service (and how to avoid them!)

Transcription:

VmSat (VoIP monitoring & Security assessment tool) College: Pune Institute of Computer Technology, Pune Team Members: Krishna S. Ghodke Saurabh A. Gawande Roshan R. Ghumare Sumant D. Kukkar Sponsored By : GREAT SOFTWARE LABORATRY PVT. LTD. (GS Lab) (www.gs-lab.com) Contact: vmsat.pict@gmail.com External Guide Internal Guide Mr.Avinash Shenoi Mr.Vivek Relan Mr.Tushar Rane

I] Idea and concept behind the Project: The deployment of Voice over Internet Protocol (VoIP) instead of traditional communication system has helped in huge reduction in operating costs, as well as enabled adoption of next generation communication services using IP infrastructure. There exist many vendors which provide VoIP services. But a comprehensive monitoring/assessment mechanism is required to verify the claims made by vendor company to client organization. Considering the above requirements we propose a VoIP Monitoring and Security Assessment Tool (VmSat). This tool monitors, analyzes and tests the VoIP infrastructure and services provided. The first part of this tool monitors and performs the analysis of the real time VoIP traffic for troubleshooting the infrastructure. It provides various quality metrics for voice traffic in terms of bandwidth utilized, delay, jitter, packet loss, R-Factor and MOS. It provides comprehensive remedial reasoning for quality deterioration. The second part of the tool assesses the VoIP infrastructure against security threats. VmSat provides several most generic attack templates and launches attacks (flood attacks, message attacks etc) within the system to identify the vulnerabilities present in the system. Robustness of SIP protocol implementation is assessed through rigorous checks.vmsat also provides most comprehensive and generic Meta language to assist in generating any custom attacks. It consists of a plaintext format like an English sentence which provides great flexibility to the user. Once vulnerabilities are identified it provides remedial information that enables security professionals to perform appropriate actions. Following are the application of VmSat: To aid owners/users of VoIP infrastructure to test, audit, and uncover security vulnerabilities in their deployments. To aid third parties to test, audit, and uncover security vulnerabilities in the VoIP infrastructure of owners of said infrastructure who contract with or otherwise expressly approve said third parties to assess said VoIP infrastructure. To aid producers of VoIP infrastructure to test, audit, and uncover security vulnerabilities in the VoIP hardware/software/systems they produce. For use in collective educational endeavors or use by individuals for their own intellectual curiosity or aggrandizement. Thus user can rely on this tool to penetrate the VoIP deployment for finding vulnerabilities in the network

II] Salient Features: 1. Real Time Monitoring: Proactive monitoring of Bandwidth utilization and QoS metrics such as Jitter, Latency, Packet loss. ITU standard E-Model based MOS calculation. Pictorial representation of the call flow, plotting all the SIP requests/response that took place from start to end of call. This comes in handy for debugging error calls. Call categorization such as complete, incomplete, unanswered, error, good and poor quality calls. Flexible filtering of data based on IP address and caller name. Alarm generation on vital parameters viz., Too many consecutive incomplete calls, SIP Errors, High Average Delay, Jitter and Packet-Loss. Web Based User Interface for platform independence. 2. Power-Off and System-Crash situations: Power-Off and System-Crash situations for both Server& Clients are handled. It helps the administrator to identify the reason of the Failed or Incomplete calls. 3. Infrastructure Discovery: Discovery of the SIP components viz, SIP Server, SIP Client. 4. Attacks: Three categories of attacks for Vulnerabilities detection: Protocol Checks SIP Message attacks (Bye,ReInvite,Replay) Flooding attacks ( DoS attacks) 5. Attack Templates & Meta language: VmSat provides several generic attack templates which are used to perform attacks. It intakes customized datasets from the administrator. A Meta language is constructed using LEX and YACC which provides the mechanism to the user for generating various attacks, through user mindset. 6. Configurable SIP Packet Generator: 7. Comprehensive Reports: The reports give the administrator a quick and most probable reason for quality deterioration and the vulnerabilities present in the VoIP infrastructure.

III] Technological Specification: 1. VmSat is implemented in Java. 2. Packet Sniffing is done using JPcap packet capturing library. 3. XML is used for developing state machine for call flow and scenario generation of the VoIP calls (for SIP Protocol). Use of XML allows extension of scenarios. XML helps to provide compliance with wide variety SIP implementations. 4. Web-based UI in JSP, AJAX javascript, servlet allowing remote access. IV] Implementation Strategy: Diagram 1 shows the position of VmSat in VoIP infrastructure.vmsat sniffs the traffic flowing through the SIP Proxy using a trunk/mirror port of the switch. Diagram 2 shows the architecture of VmSat. It has two phases: 1. Traffic Monitoring 2. Vulnerability Assessment Traffic Monitoring [Diagram 3] Traffic Monitoring and analysis is implemented by sniffing the packets over network using Jpcap (a packet capture library). The call traffic is identified using a XML parser and call quality is determined by analyzing the captured RTP packets against various parameters. All the data is stored in MySQL database. A platform independent web based GUI provides the administrator to view the results. Traffic Monitor includes two threads: Thread 1: Sniffer Algorithm: 1. Capture the packets. 2. Identify the protocol of packet. 3. Dissect the packet and extract necessary information required as per protocol (SIP or RTP). 4. Insert the information objects in Queue. Thread 2: Processor Algorithm: 1. Delete the information object from Queue. 2. Differentiate information object as per protocol and submit it to respective processor. 3. Calculate & analyze information object and generate information. 4. Store necessary information in database. Snapshots of GUI of Traffic Monitor are shown in Diagram 4.

Vulnerability Assessment [Diagram 5] Implementation of security assessment involves performing various checks and attacks against the deployed infrastructure. These attacks are performed by user using a predefined template on a web based interface. In addition, a facility is provided that enables user to write custom attacks using a Meta language, implemented using LEX and YACC. Working of phase: 1. SIP components (SIP servers, clients soft phones etc) in the system are discovered and information is stored in config.db. 2. User provides the attack details through input system. 3. Attack system initializes attack parameters by using config.db. 4. Attack is launched. 5. System identifies status of attack by consulting with symptoms.db, which contains predefined parameters about attack for recognition. 6. Attack is stopped by using stopping condition for respective attack. 7. Based on status of system after attack, reports are generated which provides complete description of vulnerabilities found along with recommendation. VI] Commercial viability: Need in the market: Cost-based analysis of industry usage of VoIP services shows the growth of VoIP market. Most of VoIP providers have adopted SIP implementation; however, corporations have not been deploying the technology because of its inherent security weaknesses. Our project helps the VoIP providers as well as users to overcome these security hurdles. Thus the contribution of the project towards VoIP market can be estimated on the basis of huge market value of the VoIP services, which is growing fast every year. This proves the importance of project in terms of market value and usage. Hence, the need of product is justified. Alternatives: Though different alternatives exist for VmSat, VmSat is one of its kinds which provide both Traffic Monitoring and Vulnerability Assessment. Existing products don t provide language or customized attack, so it is difficult for the user to find out various other vulnerabilities present in the network. The Meta Language (plain English language format) feature of VmSat provides greater flexibility to the user for performing attacks, thus helping him to find out any new vulnerability in the network or protocol implementation which he can think of.

Diagram 1: VoIP Infrastructure Overview Diagram 2: Architecture of VmSat

Diagram 3: Design of Traffic Monitor

Diagram 4: Snapshots of Traffic monitor

Diagram 5: Design of Vulnerability Assessment

VII] References: Books: 1. VoIP Hacking Exposed by David Endler and Mark Collier 2. VoIP Practical Security by Thomas Porter 3. VoIP Security by James Ransome and John Rittinghouse 4. SIP Demystified by Gonzallo Camarillo URL: 1. www.hackingvoip.com 2. www.voipinfo.org 3. www.asteriskguru.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information