Track A: Network Security 9AM-10AM May 6, 2004 Security And Next Generation VoIP George G. McBride Senior Manager, Security Practice Lucent Technologies.

Slides:

Advertisements

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Advertisements

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

CANTO – 2006 Information Security and Voice over IP (VoIP) Robert Potvin, CISSP VP - Strategic Consulting June 21st, 2006.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Voice over IP Fundamentals

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.

© 2006 Vigilar, Inc. All rights reserved worldwide. Contents are property of Vigilar, Inc. VoIP Penetration Testing: Lessons Learned, Tools.

System Security Scanning and Discovery Chapter 14.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.

By: Christopher Henderson.  What is VoIP?  How is it being used?  VoIP’s main Security Threats.  Availability of Service  Integrity of Service 

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

IT Expo SECURITY Scott Beer Director, Product Support Ingate

VoIP Security Assessment Service Mark D. Collier Chief Technology Officer

By: Colby Shifflett Dr. Grossman Computer Science /01/2009.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.

October 10-13, 2006 San Diego Convention Center, San Diego California Taking IP Security to the Next Level Real-time threat mitigation.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Towards a Scalable and Secure VoIP Infrastructure Towards a Scalable and Secure VoIP Infrastructure Lab for Advanced Networking Systems Director: David.

CSI32: Nov 15, 2005 Page 1 of Securing IP Telephony Networks Securing IP Telephony Networks George G. McBride Session TEC-8 November 15, :45 PM to.

1 A high grade secure VoIP using the TEA Encryption Algorithm By Ashraf D. Elbayoumy 2005 International Symposium on Advanced Radio Technologies Boulder,

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Risk Tolerance: Balancing Business Needs And Risk CALA Road Show Lucent Worldwide Services Security Practice George G. McBride Managing Principal Lucent.

Enterprise VoIP Security Threats  Agenda:  Introduction  Why worry?  What do we need to look at?  What have I seen in the past?  What can I do to.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Chapter 9 Cisco IOS Firewall. IOS Firewall  Stateful packet-filter firewall that runs on a router  Provides firewall capabilities and normal routing.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

Module 11: Designing Security for Network Perimeters.

Security fundamentals Topic 6 Securing the network infrastructure.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

CPT 123 Internet Skills Class Notes Internet Security Session B.

Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.

Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 11 – VoIP Hardware.

IS3220 Information Technology Infrastructure Security

Network Devices and Firewalls Lesson 14. It applies to our class…

Network Processing Systems Design

Fortinet VoIP Security June 2007 Carl Windsor.

CompTIA Security+ Study Guide (SY0-401)

The study and demonstration on SIP security vulnerabilities

CompTIA Security+ Study Guide (SY0-401)

Presentation transcript:

Track A: Network Security 9AM-10AM May 6, 2004 Security And Next Generation VoIP George G. McBride Senior Manager, Security Practice Lucent Technologies Professional Consulting Lucent Worldwide Services Security Practice

2 Lucent Technologies – Copyright 2004 Secure Network Infrastructure VoIP Security Issues: –As Dr. Bagchi and Mr. Thermos have illustrated, VoIP infrastructure is based on traditional data networks –The same issues that affect data networks will affect VoIP infrastructures –Total Vulnerabilities = Vulnerabilities(Data Network) + Vulnerabilities(VoIP) But there is hope!

3 Lucent Technologies – Copyright 2004 The vulnerabilities are real… Cisco 7900 Series phones running the default Skinny (SCCP) protocol for messaging, can be easily crashed by sending malformed messages. Cisco 1760 VoIP enabled router is also vulnerable by sending a message of 50,000 characters+ to port 2000 (the TCP port used by the router to communicate with the phones) to cause every VoIP phone on the network to reboot or lock-up, completely disrupting communications. Cisco 7900 is vulnerable to an ARP attack on a target phone which draws the RTP data stream through the attacker’s computer. As most conversations are transmitted in the clear, eavesdropping is trivial.

4 Lucent Technologies – Copyright 2004 Vulnerability Sources Human – Issues such as malicious insiders, the use of “hacker” tools on the corporate network, as well as corporate and end-user security policies are all part of the human factor. Physical – Often overlooked in network security vulnerability assessments, the physical security and protection of equipment, hosts, resources, back- up tapes, etc, all contribute to the VoIP infrastructure’s security posture. Network Infrastructure – Firewalls, network segmentation and isolation, Virtual Local Area Networks (VLAN)s, and network architecture are some of the issues that also affect security vulnerabilities. Equipment and Host Security – Systems, VoIP equipment, gateways, and other networked hosts contribute to overall security risk of VoIP. Protocols – While the VoIP protocols use TCP or UDP to transmit data and thus have all of the vulnerabilities associated with those protocols, other newer protocols can also contribute vulnerabilities to the VoIP architecture.

5 Lucent Technologies – Copyright 2004 Easy Steps to mitigate VoIP Risks Perform a thorough Risk Assessment including identification of critical assets and vulnerabilities Understand the new VoIP protocols. Make sure that the voice personnel know data and make sure that the data personnel know voice. Update all equipment (BIOS, Firmware, Applications) prior to deployment, and regularly afterwards.

6 Lucent Technologies – Copyright 2004 Mitigating Risks Enable the security functionality that you can. SIPS, H.235, SRTP, STRCP provide security enhancements to the VoIP infrastructure Segment networks to minimize the risk of compromise and to limit exposure when it does occur Enable SIP aware intrusion detection and network monitoring at each of the segments

7 Lucent Technologies – Copyright 2004 Mitigating Risk Utilize SIP aware firewalls. –Application Layer Gateways Fast, Easy to Deploy Encryption is difficult and ALG attacks not detected –Deep Packet Inspection (Stateful Inspection +) Detects Application Layer attacks and May impact performance, application specific –Proxy Based Firewalls Proven scalability, can detect Application Layer attacks Application specific and can provide encryption services

8 Lucent Technologies – Copyright 2004 Contact Information Please feel free to contact me with any questions or comments: Lucent Technologies Bell Labs Innovations Lucent Technologies Inc. Room 2N-611J 101 Crawfords Corner Road Holmdel, NJ Phone: George McBride, CISSP Security Practice Lucent Worldwide Services