VoIP Resilience and Security Jim Credland



Similar documents
VOIP Security Essentials. Jeff Waldron

Recommended IP Telephony Architecture

Voice over IP Basics for IT Technicians

Best Practices for Securing IP Telephony

IP Telephony Management

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

Voice over IP (VoIP) Basics for IT Technicians

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Enabling NAT and Routing in DGW v2.0 June 6, 2012

PETER CUTLER SCOTT PAGE. November 15, 2011

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.

CCNA Security v1.0 Scope and Sequence

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

SIP Trunking The Provider s Perspective

Session Border Controllers in Enterprise

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Directory and File Transfer Services. Chapter 7

Villains and Voice Over IP

How To Make A Cell Phone Converged Into A Cell Network

Security & Reliability in VoIP Solution

Voice Over IP and Firewalls

Network Virtualization Network Admission Control Deployment Guide

VoIP Security: How Secure is Your IP Phone?

Cisco Advanced Services for Network Security

An outline of the security threats that face SIP based VoIP and other real-time applications

Threats to be considered (1) ERSTE GROUP

ethernet services for multi-site connectivity security, performance, ip transparency

Business Continuity protection for SIP trunking service

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

White Paper. avaya.com 1. Table of Contents. Starting Points

Ingate Firewall/SIParator SIP Security for the Enterprise

Voice over IP Networks: Ensuring quality through proactive link management

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

How Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper

Avaya G700 Media Gateway Security - Issue 1.0

Securing SIP Trunks APPLICATION NOTE.

Voice Over IP (VoIP) Denial of Service (DoS)

V310 Support Note Version 1.0 November, 2011

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

Cisco Certified Network Associate (CCNA) Cisco Certified Network Associate (CCNA)

VoIP and IP Telephony A Carrier s s Perspective

Lucent VPN Firewall Security in x Wireless Networks

ICANWK406A Install, configure and test network security

VoIP Survivor s s Guide

Hosted PBX Platform-asa-Service. Offering

Securing VoIP Networks using graded Protection Levels

8 Steps for Network Security Protection

8 Steps For Network Security Protection

Deploying Firewalls Throughout Your Organization

network infrastructure: getting started with VoIP

CISCO IOS NETWORK SECURITY (IINS)

VOIP THE ULTIMATE GUIDE VERSION /23/2014 onevoiceinc.com

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Voice over IP Technologies

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP

One Cloud Cisco UK Service Annex to the General Service Schedule BT reference number...

Multi-Homing Dual WAN Firewall Router

Packet Tracer - Subnetting Scenario 1 (Instructor Version)

Kommunikationsdienste im Internet Möglichkeiten und Risiken

Avaya TM G700 Media Gateway Security. White Paper

VoIP and Beyond. Alex Gatiragas Product Manager Enterprise Convergence NEC Business Solutions Limited

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

Building Voice VPN with Simton IPX

Configuring IPsec VPN with a FortiGate and a Cisco ASA

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Smart Telephone System

Multi-layered Security Solutions for VoIP Protection

SIP Trunking with Microsoft Office Communication Server 2007 R2

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Security issues in Voice over IP: A Review

How to add a SIP server How to register a handset

Release the full potential of your Cisco Call Manager with Ingate Systems

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Installation of the On Site Server (OSS)

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

MyIP. Overview. listening, 6/3/2011 understanding, delivering

How To Build A Network Security Firewall

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Level: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes.

CCNA Security 2.0 Scope and Sequence

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

Business VoIP Solution Training 04/2009

VOICE OVER IP SECURITY

Virtual Privacy vs. Real Security

ZyXEL VoIP 2602HWL - Setup guide

TAXONOMY OF TELECOM TERMS

VoIP Security Threats and Vulnerabilities

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

VoIP Security regarding the Open Source Software Asterisk

IP Telephony Deployment Models

Transcription:

VoIP Resilience and Security Jim Credland

About THUS plc Provider and user of VoIP and Soft Switch technologies Developing Enterprise Security Standards NISCC VoIP Working Group Security Considerations for VoIP Service Providers NICC Security Group Interconnect Security Standards for Service Providers

VoIP Variations Internet based peer-to-peer services Skype Internet based commercial services Vonage SkypeOut Invisible carrier PSTN replacement THUS s NGN VoIP Peering PSTN Peering Carrier VoIP tails Enterprise VoIP with PSTN interface

Converging Threats Converging technologies Laptop now used for e-mail, IM, telephone calls Same cable, same switching Converging Threats Voice call destinations could be secure or could be insecure Denial-of-Service attacks can now easily affect your telephone service Laptop with tcpdump can now reveal phone conversations Phishing attacks using VoIP! SPIT

Goals: Set Your VoIP Security Goal Set your VoIP Security Goal Better Security Encryption, Strong Authentication, High Availability Similar Security Lower Security Different Security Pick and choose from confidentiality, integrity and availability.

Reducing the Risks at the Provider Separation MPLS Separate networks, routers. Enhancing Internal Security Denial-of-Service attacks Separate edge routers for private and Internet services. Delivery of Secure Services to Customers Limited by available technologies

Reducing the Risks at the Customer Maintain Separation Switch Security vlans Separate inter-site VPN for Voice? Separate networks, routers not cost effective? Enhancing Internal Security Encryption and Authentication More control over environment means better chances of success. Encryption and authentication do not always deliver availability, but succeed in confidentiality and integrity.

Customer: Basic Network Router

Securing Critical Infrastructure Customer: Trivial Risky Implementation ¼ s plug into same switches and hubs ¼ Risks Vulnerable to virus and worm attacks Eavesdropping by insides or external parties relatively trivial Considerably less secure and reliable than standard analogue PBX solution Hacked PC could easily make phone calls Toll Fraud Router Call Manager

Securing Critical Infrastructure Customer: Trivial Implementation Counter measures ¼ s plug into same switches and hubs ¼ Countermeasures Run encryption and strong authentication Requires more expensive phones and more complex configuration Doesn t reduce risk from denial of service type problems, phones may be disrupted by virus or other local network issues Router Call Manager

Securing Critical Infrastructure Customer: Dual LAN Solution ¼ Solves most common security issues Even following Cisco SAFE recommendation there may still be denial-of-service attacks possible, but difficult. Router Firewall ¼ More complex configuration Requires careful audit of switch configuration Allows telephone network to achieve almost the same level of security as a standard analogue system With encryption and strong authentication telephone system may even by some measure be more secure. IP PBX 172.20.11 Data vlan 10.1.1.0/24 Voice vlan 192.168.1.0/24

Customer: WAN Solutions Dual WAN Share physical links Run tagged vlans to your Ethernet switches Separating networks like this leads a simpler security configuration Easier to audit - fewer potential gateways from Voice to Data LAN Voice and Data vlan: Communication blocked by default Data Router Shared Physical Link Voice Data VPN (over MPLS) Voice VPN (over MPLS)

Questions? jim.credland@thus.net

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information