5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

Slides:



Advertisements
Similar presentations
The leader in session border control for trusted, first class interactive communications.
Advertisements

H. 323 Chapter 4.
A Presentation on H.323 Deepak Bote. , IM, blog…
H.323 Recommended by ITU-T for implementing packet-based multimedia conferencing over LAN that cannot guarantee QoS. Specifying protocols, methods and.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H Terminal.
H.323 Recommendation published by ITU Ties together a number of protocols to allow multimedia transmission through an unreliable packet-based network 1996:
24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.
VoIP EE 548 Ashish Kapoor. Characteristics – Centralized and Distributed Control H.323 pushes call control functionality to the endpoint, while still.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
SCSC 455 Computer Security Virtual Private Network (VPN)
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Internet Protocol Security (IPSec)
Voice over IP (VoIP) Hani Al Ruwaili Abdulkrem Al Zhrani Prepared for Dr. Samir Ghadhban.
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
Voice and Data Integration over IP An analytical overview of voice-over-IP Prabhu Sivarja Wichita State University, Wichita, KS Spring 2003.
Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.
Lecturer: Tamanna Haque Nipa
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Service Oriented VoIP (SOVoIP): True Convergence of Data and Voice Networks Presented By Mohammed Jubaer Arif Supervisors Dr Shanika Karunasekera and Dr.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
IP Ports and Protocols used by H.323 Devices Liane Tarouco.
WAN Technologies Dial-up modem connections
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. WAN Infrastructure  WAN Transmission Technologies  WAN Connectivity Methods 
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.
Voice over IP in the Enterprise. What is VOIP? The use of data networks to carry voice without a loss of sound quality The use of data networks to carry.
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
Module 4: Designing Routing and Switching Requirements.
Applied Communications Technology Voice Over IP (VOIP) nas1, April 2012 How does VOIP work? Why are we interested? What components does it have? What standards.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
TCP/IP Protocols Contains Five Layers
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Voice over IP by Rahul varikuti course instructor: Vicky Hsu.
Media Gateway Figure 8-1 Comparing PSTN and VoIP voice call setup.
Call signaling/Media control
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
Voice and Video over IP.
PTCL Training & Development1 H.323 Terminals Client end points on the network IP phones, PCs having own OS Terminals running an H.323 protocols and the.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 5 – VoIP and the OSI Model.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
3/10/2016 Subject Name: Computer Networks - II Subject Code: 10CS64 Prepared By: Madhuleena Das Department: Computer Science & Engineering Date :
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 11 – VoIP Hardware.
K. Salah1 Security Protocols in the Internet IPSec.
Network Models. The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding.
Securing Access to Data Using IPsec Josh Jones Cosc352.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Telecommunications Essentials Chapter 9. Cost savings & revenue generation Logical rather than physical connections IPT – Telephony IPTV – Digital Television.
IP Telephony (VoIP).
Virtual Local Area Networks (VLANs) Part I
IT443 – Network Security Administration Instructor: Bo Sheng
VOICE AND VIDEO OVER IP VOIP, RTP, RSVP.
Network Virtualization
Virtual Private Networks
Security Protocols in the Internet
Presentation transcript:

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525

25/3/2006tlpham VOIP/Security What is VoIP? Inexpensive phone service using the internet which transforms analog signals into digital signals for transmission over the internet. Inexpensive phone service using the internet which transforms analog signals into digital signals for transmission over the internet.

35/3/2006tlpham VOIP/Security VoIP call Flow Analog to Digital Converter Data Compression RTP Packets UDP Packets internet

45/3/2006tlpham VOIP/Security VoIP Components The IP networks: supports VoIP technology, ensures smooth transmission and prioritize packets accordingly. The call processor or controllers: setup calls, authorize users, calling plans and other basic telephone features (holding, transferring,etc.) The media or signaling gateways: call initiation, detection, analog to digital conversion. The subscriber terminals: provide real time communication, can be desk phone or soft phone.

55/3/2006tlpham VOIP/Security H.323 H.323 (includes H.325 & H.245): specifies a standardized infrastructure consists of four major components: specifies a standardized infrastructure consists of four major components: Terminals: provides real time communication Gateways: placed between circuit-switch network and IP network. Gateways: placed between circuit-switch network and IP network. Gatekeepers: provides call management functions, address resolution and bandwidth control. Multipoint Control Units: conferencing multiple connections.

65/3/2006tlpham VOIP/Security H.323 Architecture

75/3/2006tlpham VOIP/Security Session Initiation Protocol Discussed in another project on Wednesday

85/3/2006tlpham VOIP/Security Security Issues VoIP network be separated from data network: using logical address and subnet division, virtual LAN zoning. ACL, IP filtering and VLAN be implemented where there need to be a link between data segment and IP segment. Implement stateful firewalls: remembers traffic information in the header when filtering packets (for dynamic ports application). IP Soft phone be placed behind stateful firewalls. Use IPsec tunneling mode : encryption at header and datagram.

95/3/2006tlpham VOIP/Security Security Issues (cont) IPsec AH is incompatible with NAT : address behind NAT are masked -> Encapsulating IPsec packet in a new UDP packet. Use SRTP: offers encryption, authentication and periodic refreshment of session keys. Implement strict ACL at gateways. Implement NAT behind firewalls: issues with incoming call. Application Level Gateway on firewalls -> associate with overhead. Application Level Gateway on firewalls -> associate with overhead. Middle boxes-> have the same risks as a traditional box. Middle boxes-> have the same risks as a traditional box.

105/3/2006tlpham VOIP/Security Conclusion While VoIP is still maturing, companies are concerned about quality, latency and interoperability, many overlook security issues If not implemented properly, VoIP could lead to serious privacy violation and unwanted solicitation over IP telephones.