Hack.LU 2006 In SPace Nobody Can Hear You Scream Nicolas FISCHBACH Senior Manager, Network Engineering Security, COLT Telecom -

Slides:

Advertisements

Similar presentations

The leader in session border control for trusted, first class interactive communications.

Advertisements

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Integrated Management for the Next Generation Network

IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

An Implementable NGN Architecture and Its Capabilities

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Saif Bin Ghelaita Director of Technologies & Standards TRA UAE

Open Standards: Communications at Your Desktop SmartCity Summit, April 29 th, 2003 Anne L. Coulombe Head of SIP-Based Solutions, Mitel Networks

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

SIP & SS7 (SIP-02) Monday - 09/10/07, 10:00-10:45am.

GMI 2006 Carrier-Driven Interoperability February 2006.

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Secure Network Infrastructure.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)

All rights reserved © 2006, Alcatel Benefits of Distributed Access Border Gateway in the Access  Benoît De Vos Alcatel, May 29 th 2006.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

SIP Trunking and the SMB Jason Walker Cbeyond. Cbeyond Solution Productivity Enhancing Applications for Entrepreneurial Business –Voice & Broadband –Mobile.

SBC in NGN Architectures Jonathan Cumming. Copyright © 2006 Data Connection Limited All Rights Reserved.2 SBC in NGN Architectures NGN Standardisation.

CanSecWest/core07 NGN – Next Generation Nightmare ? What telco 2.0 really means Nicolas FISCHBACH Senior Manager, Network Engineering Security, COLT Telecom.

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.01 Infrastructure.

Enterprise Infrastructure Solutions for SIP Trunking

Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.

VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.

Colombo, Sri Lanka, 7-10 April 2009 Multimedia Service Delivery on Next Generation Networks Pradeep De Almeida, Group Chief Technology Officer Dialog Telekom.

IT Expo SECURITY Scott Beer Director, Product Support Ingate

© 2009 AudioCodes Ltd. All rights reserved. AudioCodes CPE Carrier Applications.

AdvOSS Service Delivery Products AdvOSS Service Delivery Innovative, State-of the art SIP & IMS Offerings SBC Session Border Controller Serves as Network.

Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.

January 23-26, 2007 Ft. Lauderdale, Florida Integrating Your IP PBX with an ITSP Leveraging SIP Trunking for Broadband Services John Blasko Vice President.

1 Leveraging SS7 to Deliver IP Services Carl Bergstrom Director – IN & IP Services VeriSign Telecommunication Services Internet Telephony Conference, February.

Ingate & Dialogic Technical Presentation SIP Trunking Focused.

Communications Recap Duncan Smeed. Introduction 1-2 Chapter 1: Introduction Our goal: get “feel” and terminology more depth, detail later in course.

BlackHat Briefings USA 06 Carrier VoIP Security Nicolas FISCHBACH Senior Manager, Network Engineering Security, COLT Telecom -

Towards a Scalable and Secure VoIP Infrastructure Towards a Scalable and Secure VoIP Infrastructure Lab for Advanced Networking Systems Director: David.

CHAPTER 14 PSTN and VoIP Interworking. Cisco Packet Telephony: Connection Control Call Control Services.

Introduction to IMS (IMS-01) IP Media Servers in IMS: MRF and MRFP Garland Sharratt VP Partner Development & Chief Architect Carrier.

CanSecWest/core06 Carrier VoIP Security Nicolas FISCHBACH Senior Manager, Network Engineering Security, COLT Telecom -

June 2006 Roles of Session Border Controllers in IMS Networks CANTO - June 2006.

Peering & Routing Designs Using Session Controllers & Media Gateways James Rafferty Voice Peering Forum March 8, 2007.

2 VoIP Mobility & Security Scott Poretsky Director of Quality Assurance Reef Point Systems Securing Fixed-Mobile and Wireless VoIP Convergence Services.

Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.

Copyright  StarVox, Inc, - All Rights Reserved- Services Platform Requirements for for Next Generation Networks Next Generation.

Voice over IP Are we there yet ? Presented by: Mark Caswell, Empire Technologies, LLC. Voice over IP.

Sridhar Ramachandran Chief Technology Officer Core Session Controller.

1 TOT to NGN By Dr. Kamthon Waithayakul EVP, Office of Engineering TOT Plc.

Strategies towards Telecommunications Convergence Ray Adensamer Senior Manager, Product Marketing RadiSys Session IMS-12: Intro to Fixed Mobile Convergence.

FOR INTERNAL USE ONLY [Your business] exceeds with COLT Network Response to DDoS attacks – TNC 2006 Nicolas FISCHBACH Senior Manager, Network Engineering.

Adoption of IP in the Next Generation Contact Center Rupesh ChokshiGautham NatarajanDirector, AT&T.

Architecture Issues in 4G Networks Mauricio Arango Sun Microsystems Laboratories Tel: (954)

SIP Trunking As a Managed Service Why an E-SBC Matters By: Alon Cohen, CTO Phone.com.

PTCL Training & Development

Softswitch SIP Proxy Server Call Manager IP Telephony Router Tablet PC IP PBX Class 5 Switch Class 4 Switch PBX Access Gateway Broadband Router Voice Gateway.

Enhance Security of IP Network using New Architecture of Address Validation Xiaodong Duan China Mobile.

Steps towards an IMS Strategy Ray Adensamer Senior Manager, Product Marketing RadiSys Session IMS-02: Business Case for IMS September 11, 2007.

To Rent or Buy the IP PBX? Maybe it’s Both…. Building a VoIP Solution That Enables Both.

Open your mind to a beating heart of IP Herman Abel Product Manager Aculab (stand 515) Phone:

© 2007 Level 3 Communications, LLC. All Rights Reserved. 1 Beyond SIP Trunking What’s Next ? September 11, 2007 Michael Remacle.

Delivering high-quality SIP applications and services Jim Hourihan VP Marketing & Product Management.

Session border control: CONTROL for service providers to make money from IP IC services Kevin Klett VP, Product Management.

1 Session Controllers Micaela Giuhat AVP Product Management Netrake

Improving Enterprise Service Solutions with IMS Architectures Ray Adensamer Senior Manager, Product Marketing RadiSys Session IMS-03: IMS in the Enterprise.

SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.

Eric Osborne ARNOG 2016 NFV (and SDN). Introduction About me: 20+ years in Internet networking: startup, Cisco, Level(3) Currently a principal architect.

© ITT Educational Services, Inc. All rights reserved. IS3120 Network Communications Infrastructure Unit 7 Layer 3 Networking, Campus Backbones, WANs, and.

Network Research at CTI

Network Research at CTI

VoIP—Voice over Internet Protocol

VoIP Signaling Protocols Framework

Presentation transcript:

Hack.LU 2006 In SPace Nobody Can Hear You Scream Nicolas FISCHBACH Senior Manager, Network Engineering Security, COLT Telecom - v1

Hack.LU Internet-wide Security Issues ● What kept us up at night :) ● SNMP ● SQL Slammer (and friends) ● Cisco wedge bug ● BGP TCP window [not really actually] ● Botnets and DDoS

Hack.LU Internet-wide Security Issues ● What have we done about it ? A lot. Too much maybe ? ● Route/prefix filtering ● DDoS detection: Netflow ● DDoS mitigation: BGP (+ MPLS (+ Cleaning)) ● xACLs and MPLS Core hiding ● QoS and Control Plane Policing (CoPP) ● BGP TTL trick (GTSM) and BGP TCP md5 ● Unicast RPF (uRPF) ● Router security 101

Hack.LU Carrier Backone cr tr ccr cr ar cpe cr cpe Edge Core Access Customer (access) Customer (transit) Router “types” ISPy ISPa ISPb tr ISPm ISPk ppr ISPm ISPy ISPj ixpr Transit Peering (IX or private) Access (/30) Link “types”

Hack.LU Carrier Backbone Security Edge Core Access Customer receive ACLs [rACL] / CoPP infrastructure ACLs [iACL] transit ACLs edge [tACLe] transit ACLs access [tACLa] Router “types” BGP (md5 / TTL) QoS uRPF

Hack.LU Carrier Backbone DDoS Detection ● Netflow (src/dst IP/port, protocol, ToS, interface - no payload, BPS/PPS/Time) Edge Access Router “types” NOC tr ccr ar tr ppr ixpr (Sampled) Netflow Aggregated Netflow Flows (SNMP) Alerts collector controller

Hack.LU DDoS Attack Mitigation internet Server ircd/p2p peering edge Deep Packet Inspection Sampled Netflow access layer core Network Level Mitigation Data Center Level Mitigation

Hack.LU Carrier Backbone DDoS Mitigation Edge Access Router “types” “Attack” traffic “Good” traffic Flows “Bad” traffic cr tr ccr cr ar cr tr ppr ixpr ar inspection VoIP Core

Hack.LU Internet-wide Security Issues ● What has really changed ? ● Route filtering : quite relax still ● DDoS detection, but weak mitigation : DDoS == background noise ● QoS : not for security, but for NGN ● CoPP : not widely deployed ● uRPF : not widely deployed ● BGP : md5 common (but useful ?), TTL-trick (the exception)

Hack.LU Internet-wide Security Issues ● Have we learned the lesson ? ● IPv6 ● Lots of security features in software (not in hardware) ● Will we ever see SoBGP / Secure BGP ? Do we need it ? ● Going up the stack, no mitigation at network level anymore (everything on top of 80/tcp, DNS attacks, etc)

Hack.LU Security Features ● What's the driver ? ● How to get those features across product ranges and vendors ● Shift of features towards edge, access, last/first mile ● But these features are not (often) security features ● Devices that never “saw” the “bad” Internet ● Features vs power vs cooling ● Hardware limitations (FPGA, ASIC, NP)

Hack.LU Security – which future ? ● No “big” “nation-wide” “critical infrastructure” issue recently ● IP/Data network infrastructure has become a commodity (until it's down) ● No focus on infrastructure security anymore (but the wake up call will be “funny”) ● So where do people put security research and resources into ?

Hack.LU NGN (Next Generation Networks)

Hack.LU NGNs ● Next Generation Networks ● VoIP and IMS ● Ethernet/DSL services ● Converged Networks ● Moving up and down the stack at the same time

Hack.LU 2006 Internet 15 PBX Trunking over IP FWFW PRI (ISDN over E1) TDM PSTN Voice Switch TDM PSTN Voice Switch H.323(/MGCP)/RTP No NAT Softswitch MGW CPE PBX H.323(/MGCP) MGCP RTP PBX POTS VoIP/ToIP No NAT T.38 (FAX) 64kUR (PBX Mgmt) DTMF

Hack.LU 2006 TDM PSTN Internet 16 Wholesale Voice over IP PRI (ISDN over multiple E1s or STM-1s) TDM PSTN Voice Switch TDM PSTN Voice Switch SIP/RTP Softswitch MGW SIP MGCP RTP POTS VoIP/ToIP Voice Switch MGW H.323/RTP Other Carrier VoIP Core SBCSBC

Hack.LU Security challenges ● VoIP protocols – No, VoIP isn't just SIP – SIP is a driver for IMS services and cheap CPEs – H.323 and MGCP (still) rock the carrier world ● Security issues – VoIP dialects – Only a couple of OEM VoIP stacks (think x-vendor vulnerabilities) – FWs / SBCs: do they solve issues or introduce complexity ? – Are we creating backdoors into customer networks ? – CPS and QoS

Hack.LU Session Border Controller ● What the role of an SBC ? – Security – Hosted NAT traversal (correct signalling / IP header) – Signalling conversion – Media Conversion – Stateful RTP pin-holing based on signalling ● Can be located at different interfaces: Customer/Provider, inside customer LAN, Provider/Provider (VoIP peering) ● What can be done on a FW with ALGs ?

Hack.LU IMS services ● IMS = IP Multimedia Subsystem ● Remember when the mobile operators built their WAP and 3G networks ? – Mostly “open” (aka terminal is trusted) – Even connected with their “internal”/IT network ● IMS services with MVNOs, 3G/4G: overly complex architecture with tons of interfaces ● Large attack surface: registration/tracking servers, application servers, etc ● Firewalling: complex if not impossible

Hack.LU IMS Future Threats ● FMC: Attack Fixed Mobile handover (GSM WiFi) ● “Vishing” (VoIP Phishing): risks associated with IVR ● Abusing IN systems

Hack.LU MSP and IP DSLAM ● Multi-Service Platform aka Carrier Ethernet ● IP/Ethernet DSLAMs ● Remember all the “LAN only” layer 2 attacks ? ● dsniff is not dead ;-) ● VLANs, TCAM, etc. ● Basic IP features DSLAMs

Hack.LU Conclusion ● Last 5 years : infrastructure security ● Next 5 years : NGN security ● In a couple of years : learn the hard way that NGN needs stable and secure underlying infrastructure