VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

Slides:

Advertisements

Similar presentations

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Advertisements

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

Presented By:- Yash Jariwala Paras Patel Deep Amrutiya.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.

1 MITP 458 : Information Security and Assurance VOIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

VoIP – Security Considerations An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.

VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.

SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.

1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.

Voice over Internet Protocol (VoIP) Training and Development.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

October 6 University Faculty of Information Systems & Computer Science.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

IT Expo SECURITY Scott Beer Director, Product Support Ingate

Voice over IP Fundamentals M. Arvai NEC Senior Technical Eng. 1.

Voice & Data Convergence Network Services January 11, 2001.

October 10-13, 2006 San Diego Convention Center, San Diego California Taking IP Security to the Next Level Real-time threat mitigation.

Ingate & Dialogic Technical Presentation SIP Trunking Focused.

What is internet telephony?  IP telephony uses the Internet to send audio, video, fax etc between two or more users in real time, so the users can converse.

Agenda Voice Security Architecture VoIP Risk VoIP threats Service disruption Design Consideration Attacks.

Service Oriented VoIP (SOVoIP): True Convergence of Data and Voice Networks Presented By Mohammed Jubaer Arif Supervisors Dr Shanika Karunasekera and Dr.

VoIP Voice over Internet Protocol

1 A high grade secure VoIP using the TEA Encryption Algorithm By Ashraf D. Elbayoumy 2005 International Symposium on Advanced Radio Technologies Boulder,

By Will Peeden.  Voice over Internet Protocol  A way to make phone calls over the internet.  A way to bypass the standard phone company and their charges.

VoIP Technology Briefing

Applied Communications Technology Voice Over IP (VOIP) nas1, April 2012 How does VOIP work? Why are we interested? What components does it have? What standards.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Introduction to SIP Based ENUM IP Telephony Infrastructure 資策會網路及通訊實驗室 Conference over IP Team 楊政遠博士

Emerging Technologies. Emerging Technology Overview  Emerging technologies are those which are just beginning to be adopted or are at the initial acceptance.

Hemant Sengar, George Mason University

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

Sridhar Ramachandran Chief Technology Officer Core Session Controller.

VOICE OVER INTERNET PROTOCOL. INTRODUCTION SCENARIOS IN INTERNET TELEPHONY VOIP GATEWAYS IMPORTANCE OF VOICE OVER IP BENEFITS & APPLICATIONS ADVANTAGES.

ACM 511 Introduction to Computer Networks. Computer Networks.

Voice over IP by Rahul varikuti course instructor: Vicky Hsu.

Future ICT Landscapes – Security and Privacy Challenges & Requirements Simone Fischer-Hübner IVA Workshop, Stockholm 24th May 2012.

What is SIGTRAN?. SIGTRAN Signaling Transport (SIGTRAN) is an Internet Engineering Task Force (IETF) standard for transporting Public-Switched Telephone.

Voice over IP B 林與絜.

Softswitch SIP Proxy Server Call Manager IP Telephony Router Tablet PC IP PBX Class 5 Switch Class 4 Switch PBX Access Gateway Broadband Router Voice Gateway.

Voice Over IP (VoIP): Internet Telephony Dr. Najla Al-nabhan 1.

Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 1 – Introduction to VoIP.

1 Internet Telephony: Architecture and Protocols an IETF Perspective Authors:Henning Schulzrinne, Jonathan Rosenberg. Presenter: Sambhrama Mundkur.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

3/10/2016 Subject Name: Computer Networks - II Subject Code: 10CS64 Prepared By: Madhuleena Das Department: Computer Science & Engineering Date :

“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies

SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.

Voice Over IP (VoIP): Internet Telephony. Chapter Objectives.

Presented by Maria Shah. Road Map  VoIP Benefits  VoIP Protocols  VoIP Analysis  Advantages  Disadvantages  Implementing  Security  Summary.

سمینار تخصصی What is PSTN ? (public switched telephone network) تیرماه 1395.

Voice Over Internet Protocol Nelson Kattula Computer Science, Masters.

Prepared by: Hansa shingrakhia M.E.(CSE-I) Roll no.:20 Exam no.5018

VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.

By Asma Hamad Alharbi.

MISY 3312: Introduction to Telecommunications Summer 2012 VoIP

IP Telephony (VoIP).

Protocols and the TCP/IP Suite Overview and Discussion

The study and demonstration on SIP security vulnerabilities

Introduction to Networking

Lecture 5: Voice Over IP (VoIP): Internet Telephony

Presentation transcript:

VoIP security : Not an Afterthought

OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design and implementation Conclusion

What is VoIP? VoIP is Voice over internet protocol, is a technology allows voice conversations to be carried over the Internet. VoIP exchanges voice information in digital form, in discrete packets rather than by using the traditional circuit-committed protocols of the Public Switched Telephone Network (PSTN).

Difference between PSTN and VoIP. In PSTN (Public Switched Telephone Network) the control is rested at switch. In VoIP the resource control is at deeper part of network.

Why VoIP? Price Flexibility Protocols Implementation Service

VoIP Security threats Security threats Viruses impacting servers. Denial of service attacks. Logical attacks on SIP. Subscription fraud and non-payment. Call eavesdropping.

Security concerns Preserve the availability: By network/service access control Preserve integrity: Prevent malicious activities by encryption techniques. Prevent theft of the VoIP service. Prevent fraudulent use of VoIP services Preserve the confidentiality: By encryption techniques.

Preserve Authentication by login password. Preserve authorization by access control, role based authentication

Is VoIP Security Different? VoIP services are real-time. VoIP services are target of voice specific malicious activities such as toll fraud, service theft, voice spam and identity theft. VoIP services are extremely sensitive to delay, packet loss and jitter caused by worms, viruses and DoS attacks. VoIP services are impacted by the existing security devices such as firewalls/NAT, encryption engines and IDS/IPS.

An Approach to VoIP Security Open source security Prevention Protection Reducing the risks VoIP Infrastructure

Design and implementation Major concerns for VoIP software development are 1)Software stability. 2)Robustness. 3)Interoperability. For implementation of VoIP its should have separate voice transport, signaling, service creation from one another.

VoIP protocols The two most widely used protocols for VoIP are the ITU standard H.323 and the IETF standard SIP. Both are signaling protocols that set up, maintain and terminate a VoIP call. In addition, the Media Gateway Control Protocol (MGCP) provides a signaling and control protocol between VoIP gateways and traditional PSTN (Public Switched Telephone Network) gateways. ITU-T, H.323 is a comprehensive protocol under the ITU-T specifications for sending voice, video and data across a network. The H.323 specification includes several sub-protocols:

1. H.225 for specifying call controls (e.g. call setup and teardown), 2. H.235 for specifying the security framework for H.323 and the call setup. 3. H.245 for specifying media paths and parameter negotiations such as terminal capabilities. 4. H.450 for specifying supplementary services such as call hold and call waiting.

Conclusion VoIP presents a number of interesting security challenges that differ substantially from those of traditionally telephony. In addressing these challenges, we might consider the roles of the vendor, service provider, and implementer communities.

References Voip security : not an afterthought by Douglas C.Sicker and Tomlookabaugh

Thank you