www.itexpo.com October 10-13, 2006 San Diego Convention Center, San Diego California Taking IP Security to the Next Level Real-time threat mitigation.

Slides:



Advertisements
Similar presentations
October 10-13, 2006 San Diego Convention Center, San Diego California VoIP/SOA Integration Impact on IT Apps, Processes, & Overall Business.
Advertisements

The leader in session border control for trusted, first class interactive communications.
IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
Saif Bin Ghelaita Director of Technologies & Standards TRA UAE
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
CANTO – 2006 Information Security and Voice over IP (VoIP) Robert Potvin, CISSP VP - Strategic Consulting June 21st, 2006.
Sonus SBC1000, SBC 2000 Competitive Positioning
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Guide to Network Defense and Countermeasures Second Edition
IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.
Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.
Joel Maloff Phone.com February, 2012.
By: Christopher Henderson.  What is VoIP?  How is it being used?  VoIP’s main Security Threats.  Availability of Service  Integrity of Service 
Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.
IT Expo SECURITY Scott Beer Director, Product Support Ingate
VoIP Security Assessment Service Mark D. Collier Chief Technology Officer
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:
The Voice Security Company Kirk Vaughan Product Director –VoIP SIP Application Security.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Ingate & Dialogic Technical Presentation SIP Trunking Focused.
What is internet telephony?  IP telephony uses the Internet to send audio, video, fax etc between two or more users in real time, so the users can converse.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
VoIP Security Best Practices Bogdan Materna CTO & VP Engineering VoIPshield Systems Session: U /02/2009.
1 A high grade secure VoIP using the TEA Encryption Algorithm By Ashraf D. Elbayoumy 2005 International Symposium on Advanced Radio Technologies Boulder,
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
VoIP Technology Briefing
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Existing PBX Existing Phone Handsets Numbering Plan to digit Internal extensions 9 for an outside line 3 digits.
October 10-13, 2006 San Diego Convention Center, San Diego California Preparing Your Network for an IP PBX TMCU Warren Sonnen Director.
October 10-13, 2006 San Diego Convention Center, San Diego California Effective Deployment and Migration Strategies Leigh Fatzinger, VP.
VoIP Privacy April ©2007 BroadSoft®, Inc. Proprietary and Confidential; Do Not Copy, Duplicate, or Distribute 2 About BroadSoft Market Leader Market.
Topic 5: Basic Security.
SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com.
Finding the Right Tool For The Job Network Management: Peter Charland Senior Manager, Product Marketing
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Track A: Network Security 9AM-10AM May 6, 2004 Security And Next Generation VoIP George G. McBride Senior Manager, Security Practice Lucent Technologies.
“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies
IS3220 Information Technology Infrastructure Security
SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
March 2009 Sipera Overview. 2 © 2009 Sipera Systems, Inc. All Rights Reserved. About Sipera  Leader in real-time Unified Communications (UC) security.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
Fortinet VoIP Security June 2007 Carl Windsor.
Network customization
Securing Information Systems
HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager
Chapter 11: It’s a Network
The study and demonstration on SIP security vulnerabilities
Network customization
Ingate & Dialogic Technical Presentation
Presentation transcript:

October 10-13, 2006 San Diego Convention Center, San Diego California Taking IP Security to the Next Level Real-time threat mitigation for VoIP networks

October 10-13, 2006 San Diego Convention Center, San Diego California Overview Basics VoIP Security Impact Examples of real vulnerabilities VoIP Security Functional areas Why Threat Mitigation? Components Additional Considerations Further work

October 10-13, 2006 San Diego Convention Center, San Diego California VoIP Security is Different VoIP Services Business Communications Enabling Applications Network Protocols PSTN Networks Network Infrastructure IP VoIP spans:  Business-critical operational boundaries  IP network infrastructure  Converged-network boundaries VoIP is a real-time, mission-critical service:  Requires high reliability  Extremely sensitive to delay, packet loss and jitter that can be caused by worms, viruses and DoS attacks Voice-specific malicious activities can threaten the viability of VoIP services:  Toll fraud, service theft  Voice spam (SPIT)  Identity theft VoIP presents new vectors of attack:  Hundreds of VoIP application-specific features and options can be attacked and exploited  New protocols (SIP, H.323, Skinny, Unistim, RTP, RTCP) create new ways for intruders to attack VoIP services and infrastructure Open network boundaries present challenges to security infrastructure:  VoIP interaction with PSTN networks (e.g. SIP  SS7  Wireless VoIP Wireless Networks

October 10-13, 2006 San Diego Convention Center, San Diego California Impact of VoIP Security Attacks Service Providers Lost revenue Worms and virus attacks causing service disruption resulting in SLAs not being met For service providers providing public services such E-911, even the smallest disruption could have significant or even catastrophic consequences Enterprises Attacks on VoIP equipment result in multi hour or day outages, call centers shut down, quality of customer service impacted Leakage of sensitive corporate information through eavesdropping, resulting in loss of revenue Government Intercept or masquerading resulting in third parties gaining access to information related to national security, citizen’s private information, etc. Consumers Eavesdropping attacks resulting in identity theft, scams, etc. Service outages resulting in no 911 services, no access to critical services

October 10-13, 2006 San Diego Convention Center, San Diego California Example of Vulnerabilities Vendor A VoIP implementation: –Vulnerability by sending a crafted phone registration packet, PBX will reset a phone –Vulnerability in certain modes, PBX will allow a user to get the username/password belonging to other users –Vulnerability In certain modes, some information and firmware can be easily downloaded from PBX due to the fact that the IIS VD is unprotected. Vendor B VoIP implementation: –Vulnerability PBX crashes during UDP port scan. –Vulnerability sending a crafted message with duplicated IP address to PBX will reset IP phone –Vulnerability sending a crafted message with duplicated MAC address to PBX will reset IP phone –Vulnerability sending a crafted UDP payload message will reset PBX SIP –Vulnerability – sending crafted SIP packet to SIP/PSTN gateway resets the device

October 10-13, 2006 San Diego Convention Center, San Diego California Documented VoIP Outages Pena Service Theft Case  Edwin Pena was charged with defrauding VoIP service providers by hacking into their networks, 15 service providers were impacted losing revenue from more than 10 million minutes of VoIP calls. Pena generated more than $1 million in revenue from the stolen services. Newsfactor Network  A major consumer product company deployed 1,000 VoIP endpoints over an 18-month time period. The company was plagued by problems related to the firewall and patches resulting in a number of QoS issues, as well as outages.  A farm equipment manufacturer left live jacks which were then internally hacked. The result was a multi-hour outage disrupting data and voice services. Merrill Lynch  Todd Goodyear, VP and manager of voice product development at Merrill Lynch & Co., said his VoIP network was taken down by a worm. Brokers were unable to place or receive calls for several hours.

October 10-13, 2006 San Diego Convention Center, San Diego California Where Does Threat Mitigation Fit In? VoIP requires a comprehensive approach to security protection, prevention and mitigation

October 10-13, 2006 San Diego Convention Center, San Diego California  Prevention Identify and fix threats before they can become an issue VA for VoIP enables the assessment of VoIP equipment and applications prior, during and following deployment Works at the systems level to identify vulnerabilities across the entire VoIP network  Protection Ongoing protection of VoIP services from security threats during their life cycle Must be “VoIP aware” so they do not impact VoIP service quality and reliability. Multi-layer security infrastructure that provides both perimeter as well as internal network protection. Consists of a number of security devices and host-based applications – Session Border Controllers (SBCs), VoIP-specific IPS and IDS, AAA servers, encryption engines Must be coordinated via a higher level application to provide service providers with a unified view of entire VoIP system  Mitigation Keeps VoIP services running in the presence of security threats already developing on the VoIP infrastructure Where Does Threat Mitigation Fit In?

October 10-13, 2006 San Diego Convention Center, San Diego California Why Threat Mitigation? Prevention and Protection are not enough – we have to consider the situations where the threat bypassed existing security infrastructure and is impacting VoIP Currently, a combination of human intervention and security management tools are being used to mitigate the impact of data security attacks. In many cases the downtime is measured in hour or days – what about 5 minutes downtime a year? VoIP is the first of the many new services that will force us to implement near real-time mitigation systems

October 10-13, 2006 San Diego Convention Center, San Diego California Elements of VoIP Threat Mitigation System VoIP threat mitigation involves three core elements: Detection Threat must be identified as soon as possible using signature independent approaches such as anomaly based detection. False/positive ratio is a problem here. Correlation: Once the threat is detected, it must then be correlated to known information on that device(s) such as known vulnerabilities, topology, additional information from the security infrastructure such as IPS, Firewall, SBC, etc. Near real-time requirements and extremely low false/positive ratios are needed VoIP specific rules and knowledge base Response: Automated approach is the only options Policy driven The system must then respond in near real-time

October 10-13, 2006 San Diego Convention Center, San Diego California Additional Considerations End-to-end, layered view of VoIP networks is required to address the entire VoIP network including the OS, protocols, etc. VoIP Protocol Layer VoIP Application Layer (Call Manager, Call Center…) Singling Protocols (SIP, H323, SS7…) Transport Protocols (RTP, UDP, …) VoIP Supporting Services Layer (DNS, NAT, QoS, AAA…) OS and Network Layer (Linux, Unix, Windows, ARP, MAC, IP…) Hardware Layer (Server, IP Phone, PDA, Server, Intel, Motorola, …)

October 10-13, 2006 San Diego Convention Center, San Diego California Conclusions and Further Work VoIP reliability requirements very demanding Near real-time, automated mitigation system needed Minimize false/positive ratios Near-real time correlation is difficult Automated response is a new concept

October 10-13, 2006 San Diego Convention Center, San Diego California Conclusion Questions? Thank you Contact: