VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 3 VoIP Issues.

Slides:

Advertisements

Similar presentations

The leader in session border control for trusted, first class interactive communications.

Advertisements

IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Broadband and Wide Area Network Services Carrier Gigabit Ethernet Multi Protocol Label Switching Vs. IP VPNs T-1 & T-3 SIP Trunks Security Network Topology.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Session border control applications

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

Security Awareness: Applying Practical Security in Your World

1 MSIT 458 Information Security and Assurance VoIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui.

1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

By: Christopher Henderson.  What is VoIP?  How is it being used?  VoIP’s main Security Threats.  Availability of Service  Integrity of Service 

IT Expo SECURITY Scott Beer Director, Product Support Ingate

Common Misconceptions Alan D. Percy Director of Market Development The Truth of Enterprise SIP Security.

October 10-13, 2006 San Diego Convention Center, San Diego California Taking IP Security to the Next Level Real-time threat mitigation.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Lab #2 CT1406 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

Ingate & Dialogic Technical Presentation SIP Trunking Focused.

Agenda Voice Security Architecture VoIP Risk VoIP threats Service disruption Design Consideration Attacks.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

CHAPTER 14 PSTN and VoIP Interworking. Cisco Packet Telephony: Connection Control Call Control Services.

1 A high grade secure VoIP using the TEA Encryption Algorithm By Ashraf D. Elbayoumy 2005 International Symposium on Advanced Radio Technologies Boulder,

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

VoIP Privacy April ©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute 2 About BroadSoft Market Leader Market.

Security Challenges in the Enterprise. January 23-25, 2008 Miami Beach Convention Center Miami, Florida USA 2 Panelists Franchesca Walker,

Securing Open Source Enterprise VoIP Christian Stredicke/snom.

To Rent or Buy the IP PBX? Maybe it’s Both…. Building a VoIP Solution That Enables Both.

Delivering high-quality SIP applications and services Jim Hourihan VP Marketing & Product Management.

Session border control: CONTROL for service providers to make money from IP IC services Kevin Klett VP, Product Management.

Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

1 Session Controllers Micaela Giuhat AVP Product Management Netrake

SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.

Confidentiality using Conventional Encryption Chapter 5.

IS3220 Information Technology Infrastructure Security

SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.

Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

Chapter 1: Explore the Network

Fortinet VoIP Security June 2007 Carl Windsor.

Lab #2 NET332 By Asma AlOsaimi.

CompTIA Security+ Study Guide (SY0-401)

The study and demonstration on SIP security vulnerabilities

CompTIA Security+ Study Guide (SY0-401)

Introduction to Network Security

Ingate & Dialogic Technical Presentation

Presentation transcript:

VoIP Security Sanjay Kalra Juniper Networks

September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues Enterprise VoIP Service Provider IP PBX Services Other Carrier SOHO/Residential Softswitch Media Gateway Application Server Media Server OSS Softswitch Media Gateway SIP/H.323 Phones H.323/SIP Endpoints IP PBX Router SIP/H.323 Phones Data FW/NAT Cable/DSL Modem MGCP IAD POTS Phone Wireless IP Phone Mobile Phone Wireless/ Mobile Base Station Wireless/Mobile Internet or IP NW Hosted IP CentrexVoice Over Broadband (Cable, DSL) IP Network SME Router Class 5 Switch POTS Wholesale VoIP Carrier to EnterpriseCarrier to SOHO/Residential Carrier to Carrier Peering SS7 IN Network Security  DoS attacks  Service theft  Fraud  SPIT & Vishing  Protocol Vulnerabilities Address Translation  Conversion of private/public IP addresses  Firewalls challenged by small signaling/media packets  VoIP protocols not understood by all firewall’s Service Assurance  Quality of service  Admission enforcement  Lack of reporting Regulatory Compliance  E-911  Lawful intercept  CALEA support

September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 4 VoIP Attack Examples Vishing – Spam from Paypal asking users to leave credit card number. Toll Fraud – 2 people convicted to toll fraud using brute force. Resold minutes stolen from VOIP carriers. DOS – Buffer Overflow in Asterisk. DOS – Session Border Controller of a carrier compromised as could not provide security

September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 5 VoIP security risks en detail Enterprise VoIP Service Provider IP PBX Services Other Carrier SOHO/Residential Softswitch Media Gateway Application Server Media Server OSS Softswitch Media Gateway SIP/H.323 Phones H.323/SIP Endpoints IP PBX Router SIP/H.323 Phones Data FW/NAT Cable/DSL Modem MGCP IAD POTS Phone Wireless IP Phone Mobile Phone Wireless/ Mobile Base Station Wireless/Mobile Internet or IP NW Hosted IP CentrexVoice Over Broadband (Cable, DSL) IP Network SME Router Class 5 Switch POTS Wholesale VoIP Carrier to EnterpriseCarrier to SOHO/Residential Carrier to Carrier Peering SS7 IN Network Infrastructure (D)DoS attacks Route poisoning Traffic padding IP and ARP spoofing Session hijacking/replay VoIP protocol vulnerabilities VoIP infrastructure Server OS vulnerabilities Registration DoS attacks Invite overflows Excessive call setup rate Billing fraud Malformed protocol messages Man-in-the middle attacks DHCP/ARP spoofing VoIP content Call intercept Confidentiality issues Vishing Unwanted content Spambots collecting VoIP addresses Route server hacks can redirect calls Illegal call intercept Recording of conversations through accessing infrastructure (Ethereal records VoIP traffic as audio file)

September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 6 VoIP Security Mitigation IP PBX DoS or Hacking Attacks H.323 and SIP ALGs dynamically open and close FW ports to keep network secure Back door to corporate network Combination of ALGs, firewall and zone capabilities keep data network secure Voice call intercept Encrypt VoIP connections with site- to-site VPN (DES, 3DES, AES) to prevent eavesdropping All LAN segments have voice access Zones enable separation of VoIP network elements to ensure appropriate policies are applied

September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 7 Tiered Approach to security Integrated control between layers of the network Filter at the edge –Use equipment that can be controlled to filter at the edge –Don’t allow unwanted traffic into the network Provide Topology hiding at the edge –Hide all the internal network Centralised Management –Alerts come to a central place –Operator can be involved in the process Threat risk reduced by layers –If one layer misses the threat another catches it

September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 8 VoIP Security Toolkit IDP to mitigate VoIP attacks Zone Based Architecture Security through Firewall ALGs Voice Eavesdropping Prevention through encryption Unauthorized Use Prevention with Policy access control Resilient VPN Connectivity with Dynamic Tunnel Failover

September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 9 Defense Against VoIP Security Threats VoIP Security ThreatRamificationsDefense Technology Unauthorized access to PBX or voice mail system All voice communications fail FW with SIP attack protection IDP with SIP sigs/protocol anom DoS attack on PBX, IP Phone or gateway Hacker listens to voice mails, accesses call logs, company directories, etc. Zones, ALGs, policy-based access control Toll fraud Hacker utilizes PBX for long-distance calling, increasing costs VPNs, encryption (IPSec or other) Eavesdropping or man-in-the-middle attack Voice conversations unknowingly intercepted and altered Worms/trojans/viruses on IP phones, PBX Infected PBX and/or phones rendered useless, spread problems throughout network IDP with SIP protocol anomaly and stateful signatures SPIT (VoIP SPAM) and Vishing Lost productivity, annoyance and financial Loss ALGs, SIP attack prevention, SIP source IP limitations, UDP Flood Protection, Authentication