Presentation is loading. Please wait.

Presentation is loading. Please wait.

April 12, 2004 H.323: Hardware and Software Vulnerabilities 1 H.323 Hardware and Software Vulnerabilities Jeremy Freeman Brian Leger Robert Muller.

Published byDwight Rakes Modified over 9 years ago

Similar presentations

Presentation on theme: "April 12, 2004 H.323: Hardware and Software Vulnerabilities 1 H.323 Hardware and Software Vulnerabilities Jeremy Freeman Brian Leger Robert Muller."— Presentation transcript:

1 April 12, 2004 H.323: Hardware and Software Vulnerabilities 1 H.323 Hardware and Software Vulnerabilities Jeremy Freeman Brian Leger Robert Muller

2 April 12, 2004 H.323: Hardware and Software Vulnerabilities 2 Agenda H.323 and Convergence Software Vulnerabilities Hardware Vulnerabilities Wrap Up

3 April 12, 2004 H.323: Hardware and Software Vulnerabilities 3 Convergence and H.323

4 April 12, 2004 H.323: Hardware and Software Vulnerabilities 4 Convergence “The capability of one public network to carry all types of traffic – voice, data, and video – as packets.” - The Essential Guide to Telecommunications, 3 rd Edition. Annabel Z. Dodd.

5 April 12, 2004 H.323: Hardware and Software Vulnerabilities 5 Voice over IP Started in 1995 PC to PC A few companies using proprietary software – Net2Phone – VocalTec – Dialpad

6 April 12, 2004 H.323: Hardware and Software Vulnerabilities 6 Voice over IP Significant savings to businesses – Less expensive moves, adds and changes (MACs) – Reduced personnel – Lower infrastructure and management costs Significant savings for everyone – Lower long distance charges, especially overseas 

7 April 12, 2004 H.323: Hardware and Software Vulnerabilities 7 Voice over IP Growth of International VoIP traffic

8 April 12, 2004 H.323: Hardware and Software Vulnerabilities 8 Interoperability The issue is whether to cling to incompatible proprietary systems OR To embrace universal standards? The answer is clear: H.323 (ITU-T) SIP (IETF)

9 April 12, 2004 H.323: Hardware and Software Vulnerabilities 9 H.323 H.323 is an umbrella protocol used to transmit real time multimedia over packet- based networks. Its goal is to provide reliable quality of service and delivery over an IP network that does not guarantee either.

10 April 12, 2004 H.323: Hardware and Software Vulnerabilities 10 H.323 Security: H.235 Specifies security requirements for (H.323 and H.245-based) multimedia terminals. Four security services are covered: – Authentication – Integrity – Privacy – Non-repudiation

11 April 12, 2004 H.323: Hardware and Software Vulnerabilities 11 H.323 Entities Terminals Gateways Multipoint control units (MCUs) Gatekeepers

12 April 12, 2004 H.323: Hardware and Software Vulnerabilities 12 H.323 Terminal Endpoint in the H.323 network Multimedia PC Stand-alone device Even a simple telephone

13 April 12, 2004 H.323: Hardware and Software Vulnerabilities 13 H.323 Gateway Gateway provides: Control signaling translation Audio/video codec translation Data format translation Call setup/termination functionality on both sides of the network

14 April 12, 2004 H.323: Hardware and Software Vulnerabilities 14 H.323 MCU Multipoint control units (MCUs) Mediates multi-party (3 or more endpoints in an H.323 network Required only if multiparty conferences are desired

15 April 12, 2004 H.323: Hardware and Software Vulnerabilities 15 H.323 Gatekeeper The “brains” of an H.323 network Manages a single ‘zone’ All of the devices in that zone must register with the gatekeeper: – terminals, – gateways – MCUs – routers

16 April 12, 2004 H.323: Hardware and Software Vulnerabilities 16 H.323 Network

17 April 12, 2004 H.323: Hardware and Software Vulnerabilities 17 Software Vulnerabilities

18 April 12, 2004 H.323: Hardware and Software Vulnerabilities 18 CERT Bulletin CERT Advisory CA-2004-01 – Multiple H.323 Message Vulnerabilities – January 2004 Submitted by U.K.’s National Infrastructure Security Coordination Centre (NISCC) Exploitation of Vulnerabilities – DoS – Execution of Malicious Code

19 April 12, 2004 H.323: Hardware and Software Vulnerabilities 19 H.225.0 Call Setup Phase

20 April 12, 2004 H.323: Hardware and Software Vulnerabilities 20 H.225.0 Call Setup Phase End Points listen on port 1720 for incoming calls. No security at this point. Malformed messages will cause the receiver to either hang or crash. OUSPG testing suite.

21 April 12, 2004 H.323: Hardware and Software Vulnerabilities 21 OUSPG Test Suite Oulu University Secure Programming Group (OUSPG) – Finland, January 2004 – Also developed test suite for SNMP in 2002. PROTOSTest Suite c07-h2250v4 Developed to expose vulnerabilities in the H.323 protocol (specifically H.225.0) Exercises all of the fields in the H.225.0 protocol 4500+ test cases. http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4

22 April 12, 2004 H.323: Hardware and Software Vulnerabilities 22 Microsoft January 2004 Security bulletin MS04-001 Buffer overflow in ISA Server 2000 Firewall Service Crashes the system!! Workarounds – Access lists for port 1720 – Block 1720 Cuts off VoIP to the outside world!

23 April 12, 2004 H.323: Hardware and Software Vulnerabilities 23 Cisco “Security Advisory: Vulnerabilities in H.323 Message Processing” Internetwork Operating System (IOS) software Same issues as MS – Buffer overflow Cisco recommends Upgrade!!! ASAP!! – Blocking 1720 and access list will work too.

24 April 12, 2004 H.323: Hardware and Software Vulnerabilities 24 Mitigating These Problems Code Reviews Spiral Methodology Time to release and schedule pressures cut into testing extreme cases.

25 April 12, 2004 H.323: Hardware and Software Vulnerabilities 25 Hardware Vulnerabilities

26 April 12, 2004 H.323: Hardware and Software Vulnerabilities 26 Hardware Vulnerabilities Firewalls Vendor products I blame software!

27 April 12, 2004 H.323: Hardware and Software Vulnerabilities 27 Firewalls Both ends need to be configured for H.323 “Phase I: H.323 terminal (A) starts by sending a “Setup message” to another H.323 terminal (B) containing its destination address. Terminal (B) responds by sending a Q.931 “Alerting message” followed by a “Connect message” if the call is accepted. During this first phase of call signaling, the only port used for communication is TCP port 1720. If the destination terminal accepts the call, the second phase of negotiations using the H.245 protocol begin. Phase II: During the H.245 negotiations, both terminals will exchange their terminal capabilities. The terminal capabilities include media type, codec choices, and multiplex information. Each terminal will respond with a “terminal Capability Set Ack message”. The terminals’ capabilities may be resent at any time during the call.

28 April 12, 2004 H.323: Hardware and Software Vulnerabilities 28 Firewalls Phase III: the final phase of the call setup deals with the master/slave relating between the two terminals. The master/slave relationship is used to resolve any conflict that may arise between the two terminals during the duration of the call. Once the call setup process is complete, the audio and video channels are opened and the video conference call begins.”

29 April 12, 2004 H.323: Hardware and Software Vulnerabilities 29 Firewalls Phase II & III – ports dynamically assigned. Which ports will be used…hard to configure rules when you don’t know? Leaving ports open and alone creates big hole in firewall.

30 April 12, 2004 H.323: Hardware and Software Vulnerabilities 30 Solutions Cisco – One zone w/inside equipment – One zone w/outside (Internet) – Each zone has router/gatekeeper – Inside stuff registers w/inside gatekeeper – Outside stuff registers w/outside gatekeeper – One port for H.323 traffic

31 April 12, 2004 H.323: Hardware and Software Vulnerabilities 31 Solutions Aravox – Filter device between firewall and ISP – All traffic goes through firewall – H.323 traffic filtered and sent – Other traffic goes through firewall

32 April 12, 2004 H.323: Hardware and Software Vulnerabilities 32 Vendor products w/problems TandBerg, Cisco, Polycom, and Intel to name a few. Products are/should be to standard, BUT that doesn’t mean different vendors’ products play nice together. DoS: CPU 100% utilized, service degrades; calls can drop; no new calls. Have to reboot.

33 April 12, 2004 H.323: Hardware and Software Vulnerabilities 33 What To Do? Upgrade to latest software/firmware (highly recommended) Use a firewall (good idea, but has its own problems) Block ports (cool if you don’t want to ever use it again) Create access list of trusted addresses

34 April 12, 2004 H.323: Hardware and Software Vulnerabilities 34 Conclusion H.323 has vulnerabilities Exploiting these cause DoS Hardware and Software to blame. Buffer overflows should’ve been accounted for during development. Constant upgrading keeps network safe.

35 April 12, 2004 H.323: Hardware and Software Vulnerabilities 35 Questions?

Download ppt "April 12, 2004 H.323: Hardware and Software Vulnerabilities 1 H.323 Hardware and Software Vulnerabilities Jeremy Freeman Brian Leger Robert Muller."

Similar presentations

www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
CAUSES & CURE OF LATENCY IN THE INTERNET TELEPHONY DR. OLUMIDE SUNDAY ADEWALE Dept of Industrial Math & Computer Science Federal University of Technology.

CAUSES & CURE OF LATENCY IN THE INTERNET TELEPHONY DR. OLUMIDE SUNDAY ADEWALE Dept of Industrial Math & Computer Science Federal University of Technology.
Presented By:- Yash Jariwala Paras Patel Deep Amrutiya.

Presented By:- Yash Jariwala Paras Patel Deep Amrutiya.
Microsoft ISA Server H.323 Gateway and Gatekeeper Overview of IP Telephony, H.323, and ISA Server H.323 Support.

Microsoft ISA Server H.323 Gateway and Gatekeeper Overview of IP Telephony, H.323, and ISA Server H.323 Support.
Evan Roggenkamp VoIP/IP Telephony.  Designed for ISDN networks originally  Tuned to work over TCP/IP  Protocol Suite Built With: (some of them)  H.

Evan Roggenkamp VoIP/IP Telephony.  Designed for ISDN networks originally  Tuned to work over TCP/IP  Protocol Suite Built With: (some of them)  H.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
H. 323 Chapter 4.

H. 323 Chapter 4.
A Presentation on H.323 Deepak Bote. Email, IM, blog…

A Presentation on H.323 Deepak Bote. , IM, blog…
Video Conferencing Global Dialing Scheme (GDS) Zeeshan Aamir.

Video Conferencing Global Dialing Scheme (GDS) Zeeshan Aamir.
Speaker: Yi-Lei Chang Advisor: Dr. Kai-Wei Ke 2012/11/28 H.323 Packet-based multimedia communications systems 1.

Speaker: Yi-Lei Chang Advisor: Dr. Kai-Wei Ke 2012/11/28 H.323 Packet-based multimedia communications systems 1.
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
MVTS & PortaBilling Integration between MVTS (Mera VoIP Transit Softswitch) and PortaBilling100 Vancouver, BC July 2004 Porta Software

MVTS & PortaBilling Integration between MVTS (Mera VoIP Transit Softswitch) and PortaBilling100 Vancouver, BC July 2004 Porta Software
H.323 Recommended by ITU-T for implementing packet-based multimedia conferencing over LAN that cannot guarantee QoS. Specifying protocols, methods and.

H.323 Recommended by ITU-T for implementing packet-based multimedia conferencing over LAN that cannot guarantee QoS. Specifying protocols, methods and.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Voice over IP Fundamentals

Voice over IP Fundamentals
© 2004, NexTone Communications. All rights reserved. Introduction to H.323.

© 2004, NexTone Communications. All rights reserved. Introduction to H.323.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H.323 4. Terminal.

Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H Terminal.
H.323 Recommendation published by ITU Ties together a number of protocols to allow multimedia transmission through an unreliable packet-based network 1996:

H.323 Recommendation published by ITU Ties together a number of protocols to allow multimedia transmission through an unreliable packet-based network 1996:
24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.

24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.

Similar presentations

Ads by Google