Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Slides:

Advertisements

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Advertisements

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

CounterPath Corporation William Khris Kendrick: – Director of Business Development and Channel Marketing – –

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

1 Lindsay Kintner VP Product Management Tadiran Telecom SIP Trunking Case Study.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Security Awareness: Applying Practical Security in Your World

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.

Enterprise Infrastructure Solutions for SIP Trunking

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.

Joel Maloff Phone.com February, 2012.

© 2009 Avaya Inc. All rights reserved. Introduction to SIP Trunking Alan Klein Consulting Systems Engineer February 2009.

IT Expo SECURITY Scott Beer Director, Product Support Ingate

Common Misconceptions Alan D. Percy Director of Market Development The Truth of Enterprise SIP Security.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.

The Voice Security Company Kirk Vaughan Product Director –VoIP SIP Application Security.

UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Ingate & Dialogic Technical Presentation SIP Trunking Focused.

PART THREE E-commerce in Action Norton University E-commerce in Action.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Existing PBX Existing Phone Handsets Numbering Plan to digit Internal extensions 9 for an outside line 3 digits.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Adoption of IP in the Next Generation Contact Center Rupesh ChokshiGautham NatarajanDirector, AT&T.

Topic 5: Basic Security.

SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com.

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

Agenda Why Cyber Security? Products, Projects and Services.

To Rent or Buy the IP PBX? Maybe it’s Both…. Building a VoIP Solution That Enables Both.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Safe’n’Sec IT security solutions for enterprises of any size.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies

IS3220 Information Technology Infrastructure Security

SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

Unified Communications – Use and Advantages If you deal with business communications or head an organization where the right emphasis is put upon effective.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

March 2009 Sipera Overview. 2 © 2009 Sipera Systems, Inc. All Rights Reserved. About Sipera  Leader in real-time Unified Communications (UC) security.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

Instructor Materials Chapter 5: Network Security and Monitoring

Introduction Wireless devices offering IP connectivity

Introduction to Networking

Introduction to Networking

Security of a Local Area Network

Chapter 5: Network Security and Monitoring

Extended Authentication Protocol (EAP) Vulnerabilities exploited through Rogue Access Points Stephen Cumella.

Internet of Things Vulnerabilities

Ingate & Dialogic Technical Presentation

AT&T Firewall Battlecard

Presentation transcript:

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes

2 Common threats and impacts ̶ Toll Fraud ̶ Telephony Denial of Service (TDoS) ̶ VOIP threats How the hacking process works ̶ Footprinting ̶ Scanning ̶ Enumeration Securing Unified Communications with SBC’s Agenda

3 Common Threats and Impacts

Global Fraud Loss Estimate: $46.3 Billion (USD) annually VoIP systems make these kind of attacks much easier Top 5 Fraud Methods Reported by Surveyed Companies: Toll Fraud Impacts Source: 2013 CFCA Global fraud loss Survey Billion (USD)

5 The most damaging form of toll fraud The idea is to exploit an IP PBX and find a way to take an inbound call and hair-pin out to an international number Dial-Through Fraud (DTF) PBX ITSP / Internet Enterprise users Attacker sells access to users who dial in and back out Many calls generated to long distance or international destinations

6 One Ring and Cut (Wangiri) Fraud PBX ITSP / Internet Enterprise users the enterprise will incur the charge of connecting to the premium number Users who receive these calls are often tricked into calling back The attacker sets up a call to unsuspecting users from a premium number, the call rings once and then cut off 5 High cost Destination Attacker

7 Telephony denial of service attacks (TDoS) are increasing in severity and frequency Unauthorized users flood the system with bogus access requests and prevent legitimate users from accessing the system Keeping these calls active for long duration, the attacker prevents voice network resources from being used by legitimate callers TDoS - Telephony Denial of Service ITSP / Internet PBX TDoS Attacker Agents Customers cannot reach the agents

8 Increased convergence ̶ Transition from dedicated networks to converged approaches that can include extensions to trusted third parties such as: SIP Trunking providers UCaaS Multiple device support ̶ Users want to integrate their bring your own device (BYOD) strategies with the enterprise UCC solution Communications-enabled applications ̶ VoIP is increasingly embedded directly into applications ̶ WebRTC integrating voice directly into CRM, ERP and contact center ̶ It is becoming more difficult to isolate voice onto their own networks Security threats to VoIP traffic have become prevalent

9 ThreatResult Call FloodingAn attacker floods valid or invalid heavy traffic (signals or media) to a target system and drops the performance significantly or breaks down the system Malformed Messages (Protocol Fuzzing) An attacker sends malformed messages to the target server or client for the purpose of service interruption. A malformed message is a protocol message with wrong syntax. Spoofed MessagesAn attacker may insert fake (spoofed) messages into a certain VoIP session to interrupt the service, or insert them to steal the session. The typical examples are "call teardown" and "toll fraud." Registration Hijacking A SIP registration hijack works by a hacker disabling a valid user’s SIP registration, and replacing it with the hacker’s IP address instead EavesdroppingAn attacker is able to monitor the entire signaling and/or data stream between two or more VoIP endpoints VoIP Threats

10 Registration Hijacking IP-PXIP-PBX Enterprise LAN Attacker Internet ITSP Customer Agents The call is forwarded to the attacker instead of the enterprise user The attacker registered to the PBX after breaking one of the enterprises user’s password 1 An inbound call is made to this enterprise user 2 3

11 How the hacking process works

12 Before any attack can take place against a company, hackers need to go through three phases: Collection of Information about the Target FootPrintingScanningEnumeration

13 The first step is to gather information about the infrastructure of a target network Extension numbers, IP addresses, network address ranges, remote access capabilities etc… ̶ From the company’s website ̶ IP ranges registered to the company as reported by ARIN (American Registry for Internet Numbers) The hacker makes a footprint about the target Analyzes it Picks the most appropriate methods and tools to hack the system Footprinting

14 The hacker needs to get more information about the target He needs to probe and communicate with the target ̶ Using OPTIONS There are four commonly encountered scanning objectives: ̶ Determining whether system is alive ̶ Discovering open ports ̶ Identifying network services ̶ Detecting system type (user-agent) Scanning

15 The next and last step in information gathering is enumeration It involves probing the identified services for known weaknesses There are several methods which rely on studying the error messages returned ̶ SIP REGISTER, OPTIONS and INVITE Exposing valid usernames/passwords ̶ Extensions without password ̶ Extensions with easy password: Pass: 1234 Ext: 4000, pass: 4000 Enumeration

16 How to secure Unified Communications?

17 Using Session Border Controllers Monitoring and Reporting Data Confidentiality and Privacy Protection against Unauthorized Access Protection against Attacks and Threats Robust Management Security Gartner recommendation for securing enterprise voice: “Implement session border controllers (SBCs) to control and log the security policies between the specific security zone for real-time voice and video communication and the other security zones.” E-SBC provides an extensive set of features to protect an enterprise voice network:

18 The service provider SBC is there to protect themselves from their enterprise customers The core SBC is not located at the enterprise demarcation and therefore can only provide limited protection E-SBCs provide the necessary security enterprises need to protect their VoIP communication networks ̶ Similar to the firewalls enterprises use to enforce their data network security E-SBCs ̶ Enforce enterprise’s unique security policies ̶ Allow secure remote connections: mobile clients, remote agents ̶ Provide complete network topology hiding Doesn’t expose internal network and employee names to SP Why do I need an SBC when the SP has one?

19 Conventional data firewalls were not designed with real time communications in mind ̶ Leaving enterprises vulnerable to security threats AudioCodes E-SBC can help businesses protect their UC infrastructure and service ̶ Mitigating financial losses and legal exposure Summary

20 Thank You