The Voice Security Company Kirk Vaughan Product Director –VoIP SIP Application Security.

Slides:

Advertisements

Similar presentations

Aspire Vertical Markets Banking, Finance and Insurance.

Advertisements

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

2N Telekomunikace a.s. VoIP Products.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.

FIREWALLS Chapter 11.

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.

Overview:  Manufacturer of Media Gateways, Enterprise Session Border Controllers, Media Servers, IP Phones, Mobility Technologies  20 years of Operations,

TeleWall, TeleSweep Secure, TeleAudit, TeleVPN, ETM, TeleView, TeleBridge, TeleIDS, TeleWall NET, SecureLogix, SecureLogix Corporation and the SecureLogix.

SIP Trunking and the SMB Jason Walker Cbeyond. Cbeyond Solution Productivity Enhancing Applications for Entrepreneurial Business –Voice & Broadband –Mobile.

ETM, TeleWall, TeleAudit, TeleView, TeleVPN, TeleIDS, TeleWatch Secure, TWSA, SecureLogix, SecureLogix Corporation, and the ETM, TeleWall, TeleAudit, TeleView,

Separate Domains of IT Infrastructure

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Copyright © 2006 VoEX, Inc. All Rights Reserved1.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

© 2004, SS8 Networks, Inc. Remote Office/Branch Office IP Telephony Solutions Sean Kent – Director Architecture/Technology V18.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Cyber Security – Our Approach James Clement Network Specialist ETS: Communications & Network Services

Enterprise Infrastructure Solutions for SIP Trunking

Department Of Computer Engineering

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Copyright © 2002 ACNielsen a VNU company Key Features and Benefits of the 3CX PBX for Windows Server.

George Njoroge CSCIE 139 Hosted vs. Managed VoIP Hosted VOIP is utilizing a company for phone connectivity (soft and hard), extensions,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

VoIP Security Assessment Service Mark D. Collier Chief Technology Officer

Presence Applications in the Real World Patrick Ferriter VP of Product Marketing.

January 23-26, 2007 Ft. Lauderdale, Florida Integrating Your IP PBX with an ITSP Leveraging SIP Trunking for Broadband Services John Blasko Vice President.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

Hosted by Gain Maximum WAN and LAN Performance Michael Hoch Research Director Aberdeen Group.

Ingate & Dialogic Technical Presentation SIP Trunking Focused.

PART 2: Product Line. Tenor Switches & Gateways Tenor AX Series Solution For Medium to Large Enterprises  Available in 8, 16, 24 and 48 port Available.

Personal and SOHO VoIP Solution Fonemosa. SOHO/Personal Gateway November 2, 2001 Page 2 Fonemosa FXO + 1 FXS FXO + 2 FXS.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Making the Case for Hosted IP-PBX It’s the economy…and it’s not stupid Walter Snell.

October 10-13, 2006 San Diego Convention Center, San Diego California Making the Case for Hosted IP-PBX It’s the economy…and it’s not stupid.

The Role of High Availability Software in Quality of Service Joe McFadden Vice President, Marketing, Nuasis.

VoIP Technology Briefing

Applied Communications Technology Voice Over IP (VOIP) nas1, April 2012 How does VOIP work? Why are we interested? What components does it have? What standards.

Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.

Chapter 5: Networks, Internet & Ecommerce IT Auditing & Assurance, 2e, Hall & Singleton.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Copyright  StarVox, Inc, - All Rights Reserved- Services Platform Requirements for for Next Generation Networks Next Generation.

CPT 123 Internet Skills Class Notes Internet Security Session A.

October 10-13, 2006 San Diego Convention Center, San Diego California SIP Trunking… Why is it so important?

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Softswitch SIP Proxy Server Call Manager IP Telephony Router Tablet PC IP PBX Class 5 Switch Class 4 Switch PBX Access Gateway Broadband Router Voice Gateway.

To Rent or Buy the IP PBX? Maybe it’s Both…. Building a VoIP Solution That Enables Both.

Solutions for Unified Enterprise IP Communication Steven J. Johnson President, Ingate Systems Inc.

“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies

ROI for VoIP in the Enterprise A business case for Zultys VoIP Solutions.

Out of Sight, But Not Out of Touch Remote Office, Branch Office IP Telephony Solutions Charles Henderson Director, Product Management EADS TELECOM North.

SOSIMPLE: A Serverless, Standards- based, P2P SIP Communication System David A. Bryan and Bruce B. Lowekamp College of William and Mary Cullen Jennings.

Administering Microsoft Response Point How to deploy and manage Microsoft Response Point hardware and software Joe Schurman Founder, Executive Director.

March 2009 Sipera Overview. 2 © 2009 Sipera Systems, Inc. All Rights Reserved. About Sipera  Leader in real-time Unified Communications (UC) security.

CONNECTING TO THE INTERNET

Network Security Analysis Name : Waleed Al-Rumaih ID :

Delivering Reliability and Security in a VoIP Solution November 8, 2005 Michael Porter Avaya Inc. Government Marketing Director Today I’m going to talk.

TOPEX miniGateway.

KX-HTS Step by Step Guide SIP Phone Registration (Remote)

IS4550 Security Policies and Implementation

WELCOME TO DID Numbers for Local Presence in Foreign Regions.

IMS & Wireline to Wireless Convergence

Enterprise Infrastructure Solutions for SIP Trunking

Helping to Achieve ROI Targets with SIP Trunking

Presentation transcript:

The Voice Security Company Kirk Vaughan Product Director –VoIP SIP Application Security

VoIP security is a big deal Why? Fear of the Unknown Everyone talks about VoIP security threats DoS Attacks Eavesdropping Theft-of-service These are the obvious ones! And they are manageable. Theft-of-identity

What is scary is what is around the corner that we can’t see Hacker’s hate Billy Gates….will John Chambers be next? Disgruntled employees can wreak havoc with internal access IT security “Best Practices” Stay off of Billy’s platforms Secure Backdoors Enterprises are easy targets – too little voice security Some current VoIP Security Recommendations help Strict Authentication

Enterprises are not early adopters Business case is necessary Proven reliability and security ROI calculation includes cost of management Build applications with this in mind from day one Data Networking History taught us  Network security requires lots of tools – not one single answer - Firewalls - IPS/IDS - Anti-viral software  Modem and fax lines create a huge security backdoor - Some enterprises have hundreds which are unmonitored thus creating an insecure voice and data network!

LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voic TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voic TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voic TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voic TelephonesFax Unauthorized Modems After hours scanning – 2%-4% of phone lines have unauthorized modems. Unauthorized Modem Attack

LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voic TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voic TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voic TelephonesFax Unauthorized Modems Employees use a modem to dial around the Firewall and IDS. Hacker “piggybacks” off ISP connection to access the Data Network. ISP Modem Attack ISP Modem Attack

LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voic TelephonesFax Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voic TelephonesFax Modems Telecom Firewall Mgmt Server Blocked! Alert! Unauthorized calls are blocked by a Security Appliance called a Telecom Firewall The Solution The Solution

The backdoor modem is the Data Security Manager’s “Achilles Heel” My message to the SIP Application Development world…. Don’t become the Achilles Heel to the VoIP world

Before you write 1 line of code, ask how the operations manager will.. - Have Visibility and Control of user behavior on your service - Simply and effectively manage the service Configuration of applications User database Security policy - Authorize use of approved applications (hopefully yours!) - Accurately account and report on performance, usage and charging - Guarantee the security of the application Are you in the business of writing applications for enterprise users?

Integrated voice service platforms (MS RTC Server - Greenwich) SIP-enabled web applications Embedded services via API Don’t be naïve – enterprises won’t allow new communication services into their networks without appropriate management, visibility and security Enterprise use of Public IM services (MS Messenger, AIM, Yahoo) Created market for IM gateways Access to SIP services over the internet (VONAGE, FWD) Application Layer Gateways and VoIP-aware Firewalls

LAN Servers Workstations Internet Central Office ISP PSTN IDS Firewall PBX Voic TelephonesFax Modems Telecom Firewall VoIP Security Manager Mgmt. Server Router IP Phone Accept the fact that you will be monitored and managed….. 3 rd Party AS

VoIP Security Manager secures the data and voice network external threats over the internet or WAN TDM Security (Telecom Firewall) secures the data and voice network external threats over unmonitored analog modem and fax lines internal threats from trusted or unknown sources Both devices provide management, reporting, and security policy tools No need for two separate management and security tools… Combine them!!

LAN Servers Workstations Internet Central Office ISP PSTN IDS Firewall PBX Voic TelephonesFax Modems Mgmt. Server Router IP Phone The CPE providing TDM and VoIP security becomes one….. 3 rd Party AS RTMM Firewall Real-Time Mixed Media Firewall

The Real-Time Mixed Media Firewall - Provides real-time Visibility and Control of user behavior - Combines the security and monitoring features of several platforms Application-Layer Gateway Telecom Firewall Call-Accounting System IM Gateway Client Registrar (DHCP) Presence Manager Security policy manager with reporting Bandwidth and routing policy manager - Manages access to both on-net and off-net VoIP services Simplifies the management of mixed media application platforms and secures the entire network!!! - Secures TDM Voice Network against attack and misuse

The Real-Time Mixed Media Firewall - Aids in the management and provisioning of SIP Services Secures backdoor modem threats Restricts use of unapproved rogue clients and applications Prevents hacker attacks by controlling content across network borders Detects signaling anomalies and IPS signatures relating to VoIP Single User database simplifies management of user profiles Single GUI interface for setting up policies, reporting, and permissions Graphical depiction of application/network usage stats in real-time Application layer security - Secures mixed media VoIP and TDM network resources

 We have to secure both networks while we migrate  Security and Management of applications is key  Enterprises are suspicious of what they can’t control  They have been burned by the back-door modems  Can they be certain that you aren’t the next back-door?  Design apps for use with a CPE-based RTMM firewall  Even the great “killer app” needs security

Thank you!!!