Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.

Slides:



Advertisements
Similar presentations
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Advertisements

BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
IUT– Network Security Course 1 Network Security Firewalls.
1 ZIP 4x5 The world’s most functional telephone. 2 PSTN Internet Dallas, TX Sunnyvale, CA VPN Outside callers dial a single extension - phone at the office.
Skype & Network Management Taken from class reference : An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne.
Voice over IP Skype.
Review of a research paper on Skype
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Copyright Security-Assessment.com 2005 Voice over IP What You Don’t Know Can Hurt You by Darren Bilby.
Wireless and Switch Security NETS David Mitchell.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
More about Skype. Overview Any node with a public IP address having sufficient CPU, memory and network bandwidth is a candidate to become a super node.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Skype & its protocol Aaron Loar CPE 401. Introduction Skype’s Background Topology 3 Node Types Questions.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 Enabling Secure Internet Access with ISA Server.
Copyright Security-Assessment.com 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005.
SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
What is FORENSICS? Why do we need Network Forensics?
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby.
Skype P2P Kedar Kulkarni 04/02/09.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 11: Remote Access Fundamentals
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Skype Pros and Cons In peer-to-peer networking, a supernode works as one of that network's relayers and proxy servers, handling data flow and connections.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Remote Connectivity and VoIP Hacking
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.
© 2006 Cisco Systems, Inc. All rights reserved. 3.5: Implementing QoS with Cisco AutoQoS.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
An analysis of Skype protocol Presented by: Abdul Haleem.
Voice over IP B 林與絜.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
Security fundamentals Topic 10 Securing the network perimeter.
Chapter 6: Securing the Local Area Network
Chapter 6 Remote Connectivity and VoIP Hacking Last modified
Unit 2 Personal Cyber Security and Social Engineering Part 2.
A special acknowledge goes to J.F Kurose and K.W. Ross Some of the slides used in this lecture are adapted from their original slides that accompany the.
HOW TO GUIDE: INEXPENSIVE INTERNET PROTOCOL TELEPHONY SOLUTION Created by: Cameron Adkisson Eastern Kentucky University
Security fundamentals
Fortinet VoIP Security June 2007 Carl Windsor.
Module 3: Enabling Access to Internet Resources
Instructor Materials Chapter 5 Providing Network Services
100% Exam Passing Guarantee & Money Back Assurance
Backdoor Attacks.
Introduction to Networking
Configuring TMG as a Firewall
Security of a Local Area Network
What’s New in Fireware v12.1.1
Remote Connectivity and VoIP Hacking
2018 Real CompTIA N Exam Questions Killtest
UNM Enterprise Firewall
Computer Security Firewalls November 19, 2018 ©2004, Bryan J. Higgs.
Presentation transcript:

Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen

Copyright Security-Assessment.com 2005 Different Types of VoIP There are many different implementations of IP telephony: – Skype – MSN – Firefly – Cisco Office – Asterix

Copyright Security-Assessment.com 2005 VoIP Technology Each type of VoIP uses different technology: – Skype – Proprietary – MSN – SIP – Firefly – IAX – Cisco – H.323, Skinny – Asterix – SIP, IAX2 – Others – MGCP Most of these do not have security built-in so rely on network controls

Copyright Security-Assessment.com 2005 Attacks Against VoIP Multiple attack avenues: – Standard traffic capture attacks – Traffic manipulation – Dynamic configuration attacks – Phone-based vulnerabilities – Management interface attacks

Copyright Security-Assessment.com 2005 Consequences of Attacks Eavesdropping and recording phone calls Active modification of phone calls Call Tracking Crashing phones Denying phone service – Slammer? VoIP Spamming Free calls Spoofing caller ID

Copyright Security-Assessment.com 2005 Capturing VoIP Data Ethereal has built-in support for some VoIP protocols Has the ability to capture VoIP traffic Can dump some forms of VoIP traffic directly to WAV files. Point and click hacking!

Copyright Security-Assessment.com 2005

Audio Capture

Copyright Security-Assessment.com 2005 VoIP Security Solutions You must protect the network traffic – Separate data and voice traffic – VLANs – Ensure IPSEC or other VPN technology used over WAN links – IDS monitoring on the network – ARP inspection – Host Security – VOIP enabled firewalls – Excellent guidelines in Cisco SAFE documentation Or wait for more secure protocols

Copyright Security-Assessment.com 2005 Skype – What Is It? Proprietary VOIP system for calls over the Internet Free and simple to use Developed by the creators of KaZaA Relies on P2P technology Over 29 million users worldwide Allows connections to regular phones through SkypeOut

Copyright Security-Assessment.com 2005 Skype Connection Details Listens on a random port, 80 and 443 Connects to known Supernodes stored in the registry Must establish connection with login server to authenticate NAT and Firewall traversal Any Skype client with an Internet IP address and suitable bandwith/CPU may become a Supernode

Copyright Security-Assessment.com 2005 Skype Architecture Ref: "An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol“ Salman A. Baset and Henning Schulzrinne

Copyright Security-Assessment.com 2005 Skype Call Security Skype claims to encrypt all voice traffic with 128- bit or better encryption The encryption implementation used is proprietary and closed-source It is unknown whether the Skype organisation has the ability to decrypt all voice traffic

Copyright Security-Assessment.com 2005 Other Skype Security Concerns Same developers as KaZaA, known for spyware Cannot stop client becoming a Supernode Client allows file transfer, even through firewalls, an access path for malicious code, information leakage Login server reliance

Copyright Security-Assessment.com 2005 Should You Use Skype? If you can answer yes to four questions: – Are you willing to circumvent the perimeter controls of your network? – Do you trust the Skype developers to implement security correctly (being closed-source)? – Do you trust the ethics of the Skype developers? – Can you tolerate the Skype network being unavailable?

Copyright Security-Assessment.com 2005 Other VoIP Issues – Commercial Caller ID Spoofing Multiple companies are now offering caller ID spoofing: - CovertCall- PI Phone - Star38- Us Tracers - Camophone- Telespoof Makes Social Engineering a lot easier Many systems authenticate on CID

Copyright Security-Assessment.com 2005 Other VoIP Issues – New Attack Tools New tools make finding vulnerabilities easier – SIP Bomber – PROTOS Test-Suite – SiVuS

Copyright Security-Assessment.com 2005

Good Sites For Learning More Some good links for learning more about VoIP – info.org –