Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Slides:



Advertisements
Similar presentations
Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
Advertisements

Caltech Proprietary VRVS 3.0 and VRVS AG GATEWAY Connect to AG Virtual Venues through VRVS from Anywhere World-Wide VRVS 3.0 and VRVS AG GATEWAY Connect.
June 4, 2002TERENA, Networking Conference Global Platform for Rich Media Conferencing and Collaboration Gregory DENIS California Institute of Technology.
Encrypting Wireless Data with VPN Techniques
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies
Chapter 12 Network Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World
Circuit & Application Level Gateways CS-431 Dick Steflik.
Caltech Proprietary Global Platform for Rich Media Conferencing and Collaboration VRVS 3.0 Philippe Galvez California Institute of Technology March 24,
5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.
Internet Protocol Security (IPSec)
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
NetComm Wireless VPN Functionality Feature Spotlight.
Cisco PIX 515E Firewall. Overview What a PIX Firewall can do Adaptive Security Algorithm Address Translation Cut-Through Proxy Access Control Network.
Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Course 201 – Administration, Content Inspection and SSL VPN
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)
Virtual Company Group 8 Presentation Date: June /04/2017
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.
IP Ports and Protocols used by H.323 Devices Liane Tarouco.
Users’ Authentication in the VRVS System David Collados California Institute of Technology November 20th, 2003TERENA - Authentication & Authorization.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Crossing firewalls Liane Tarouco Leandro Bertholdo RNP POP/RS.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
TCP/IP Protocols Contains Five Layers
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
1 Chapter 3: Multiprotocol Network Design Designs That Include Multiple Protocols IPX Design Concepts AppleTalk Design Concepts SNA Design Concepts.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Unleashing the Power of IP Communications™ Calling Across The Boundaries Mike Burkett, VP Products September 2002.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.
Caltech Proprietary Global Platform for Rich Media Conferencing and Collaboration VRVS 3.0 Philippe Galvez California Institute of Technology June 12th,
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Skype.
WARCS (Wide Area Remote Control for SPring-8)‏ A. Yamashita and Y.Furukawa SPring-8, Japan Control System Cyber-Security Workshop (CS)2/HEP Oct
Welcome To : Group 1 VC Presentation
Firewalls Purpose of a Firewall Characteristic of a firewall
Presentation transcript:

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of Technology March 25, 2003 ViDe 5 th Workshop

Caltech Proprietary Outline VRVS view on videoconferencing security VRVS view on videoconferencing security Security features in VRVS 3.0 and future Security features in VRVS 3.0 and future

Caltech Proprietary VRVS View of Videoconferencing Security A. Network level security (support videoconferencing over firewall, NAT) B. Global collaboration session security (user authentication/ authorization, media encryption)

Caltech Proprietary Current Industrial Solution Full Proxy Full Proxy Proxy IP call into 2 different call, private network call proxy and proxy call public network Application Level Gateways (ALG) Application Level Gateways (ALG) Programmed firewall with knowledge on specific IP protocol such as H.323 and SIP DMZ MCU DMZ MCU MCU in demilitarized zone Problem : very complex to implement and not scalable Problem : very complex to implement and not scalable

Caltech Proprietary VRVS Proposed Solution Allow any videoconferencing clients behind firewall/NAT to join world wide session Allow any videoconferencing clients behind firewall/NAT to join world wide session Highly scalable Highly scalable Easy or zero configuration for end user Easy or zero configuration for end user Minimize the influence on real-time performance Minimize the influence on real-time performance

Caltech Proprietary Security Features in VRVS 3.0 Network Security: Many VRVS reflectors are installed behind firewall or in DMZ Many VRVS reflectors are installed behind firewall or in DMZ Solution for private network with highest security firewall by initializing TCP connection from inside Solution for private network with highest security firewall by initializing TCP connection from inside Easy configuration. VRVS reflectors are based on peer-to- peer model, and communicate through one port Easy configuration. VRVS reflectors are based on peer-to- peer model, and communicate through one port Solution for host behind NAT Solution for host behind NAT

Caltech Proprietary Session security: User authentication : Each VRVS user need to registered with username/password linked to . User authentication : Each VRVS user need to registered with username/password linked to . Password is encrypted during transfer and within DB. Password is encrypted during transfer and within DB. Machine authentication: After user login, machine IP address is detected. If behind NAT, both outside IP and internal IP address is detected. Machine authentication: After user login, machine IP address is detected. If behind NAT, both outside IP and internal IP address is detected. Community level access control. Community level access control. Password protected Virtual Room. Password protected Virtual Room. Monitoring and enable/disable connected host. Monitoring and enable/disable connected host. All the participants in current session are list. All the participants in current session are list. Security Features in VRVS 3.0

Caltech Proprietary Proposed and Ongoing VRVS Security R&D To make all the VRVS client like Mbone, H.323, SIP work with encrypted media, VRVS assuming the host to first VRVS reflector is secure. Both are within secure private network. Or Light VRVS proxy is installed on all the VRVS client To make all the VRVS client like Mbone, H.323, SIP work with encrypted media, VRVS assuming the host to first VRVS reflector is secure. Both are within secure private network. Or Light VRVS proxy is installed on all the VRVS client Secure the communication between reflector: Encrypt the media packet with Data Encryption Standard (DES) or over VPN to avoid IP sniffing in the middle path Secure the communication between reflector: Encrypt the media packet with Data Encryption Standard (DES) or over VPN to avoid IP sniffing in the middle path Dynamically generate and exchange encryption keys between audio and video streams of the same sessions as well as between different sessions Dynamically generate and exchange encryption keys between audio and video streams of the same sessions as well as between different sessions Certificates on VRVS registered users Certificates on VRVS registered users Assign VRVS registered users with more delicate access control level on network resource Assign VRVS registered users with more delicate access control level on network resource