Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Published byClementine Eaton Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes."— Presentation transcript:

1 Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes

2 2 Common threats and impacts ̶ Toll Fraud ̶ Telephony Denial of Service (TDoS) ̶ VOIP threats How the hacking process works ̶ Footprinting ̶ Scanning ̶ Enumeration Securing Unified Communications with SBC’s Agenda

3 3 Common Threats and Impacts

4 4 2013 Global Fraud Loss Estimate: $46.3 Billion (USD) annually VoIP systems make these kind of attacks much easier Top 5 Fraud Methods Reported by Surveyed Companies: Toll Fraud Impacts Source: 2013 CFCA Global fraud loss Survey Billion (USD)

5 5 The most damaging form of toll fraud The idea is to exploit an IP PBX and find a way to take an inbound call and hair-pin out to an international number Dial-Through Fraud (DTF) PBX ITSP / Internet Enterprise users Attacker sells access to users who dial in and back out Many calls generated to long distance or international destinations 1 2 3 4

6 6 One Ring and Cut (Wangiri) Fraud PBX ITSP / Internet Enterprise users the enterprise will incur the charge of connecting to the premium number 1 2 3 4 Users who receive these calls are often tricked into calling back The attacker sets up a call to unsuspecting users from a premium number, the call rings once and then cut off 5 High cost Destination Attacker

7 7 Telephony denial of service attacks (TDoS) are increasing in severity and frequency Unauthorized users flood the system with bogus access requests and prevent legitimate users from accessing the system Keeping these calls active for long duration, the attacker prevents voice network resources from being used by legitimate callers TDoS - Telephony Denial of Service ITSP / Internet PBX TDoS Attacker Agents Customers cannot reach the agents

8 8 Increased convergence ̶ Transition from dedicated networks to converged approaches that can include extensions to trusted third parties such as: SIP Trunking providers UCaaS Multiple device support ̶ Users want to integrate their bring your own device (BYOD) strategies with the enterprise UCC solution Communications-enabled applications ̶ VoIP is increasingly embedded directly into applications ̶ WebRTC integrating voice directly into CRM, ERP and contact center ̶ It is becoming more difficult to isolate voice onto their own networks Security threats to VoIP traffic have become prevalent

9 9 ThreatResult Call FloodingAn attacker floods valid or invalid heavy traffic (signals or media) to a target system and drops the performance significantly or breaks down the system Malformed Messages (Protocol Fuzzing) An attacker sends malformed messages to the target server or client for the purpose of service interruption. A malformed message is a protocol message with wrong syntax. Spoofed MessagesAn attacker may insert fake (spoofed) messages into a certain VoIP session to interrupt the service, or insert them to steal the session. The typical examples are "call teardown" and "toll fraud." Registration Hijacking A SIP registration hijack works by a hacker disabling a valid user’s SIP registration, and replacing it with the hacker’s IP address instead EavesdroppingAn attacker is able to monitor the entire signaling and/or data stream between two or more VoIP endpoints VoIP Threats

10 10 Registration Hijacking IP-PXIP-PBX Enterprise LAN Attacker Internet ITSP Customer Agents The call is forwarded to the attacker instead of the enterprise user The attacker registered to the PBX after breaking one of the enterprises user’s password 1 An inbound call is made to this enterprise user 2 3

11 11 How the hacking process works

12 12 Before any attack can take place against a company, hackers need to go through three phases: Collection of Information about the Target FootPrintingScanningEnumeration

13 13 The first step is to gather information about the infrastructure of a target network Extension numbers, IP addresses, network address ranges, remote access capabilities etc… ̶ From the company’s website ̶ IP ranges registered to the company as reported by ARIN (American Registry for Internet Numbers) The hacker makes a footprint about the target Analyzes it Picks the most appropriate methods and tools to hack the system Footprinting

14 14 The hacker needs to get more information about the target He needs to probe and communicate with the target ̶ Using OPTIONS There are four commonly encountered scanning objectives: ̶ Determining whether system is alive ̶ Discovering open ports ̶ Identifying network services ̶ Detecting system type (user-agent) Scanning

15 15 The next and last step in information gathering is enumeration It involves probing the identified services for known weaknesses There are several methods which rely on studying the error messages returned ̶ SIP REGISTER, OPTIONS and INVITE Exposing valid usernames/passwords ̶ Extensions without password ̶ Extensions with easy password: Pass: 1234 Ext: 4000, pass: 4000 Enumeration

16 16 How to secure Unified Communications?

17 17 Using Session Border Controllers Monitoring and Reporting Data Confidentiality and Privacy Protection against Unauthorized Access Protection against Attacks and Threats Robust Management Security Gartner recommendation for securing enterprise voice: “Implement session border controllers (SBCs) to control and log the security policies between the specific security zone for real-time voice and video communication and the other security zones.” E-SBC provides an extensive set of features to protect an enterprise voice network:

18 18 The service provider SBC is there to protect themselves from their enterprise customers The core SBC is not located at the enterprise demarcation and therefore can only provide limited protection E-SBCs provide the necessary security enterprises need to protect their VoIP communication networks ̶ Similar to the firewalls enterprises use to enforce their data network security E-SBCs ̶ Enforce enterprise’s unique security policies ̶ Allow secure remote connections: mobile clients, remote agents ̶ Provide complete network topology hiding Doesn’t expose internal network and employee names to SP Why do I need an SBC when the SP has one?

19 19 Conventional data firewalls were not designed with real time communications in mind ̶ Leaving enterprises vulnerable to security threats AudioCodes E-SBC can help businesses protect their UC infrastructure and service ̶ Mitigating financial losses and legal exposure Summary

20 20 Thank You

Download ppt "Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer 651.796.7043

SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
TANDBERG Video Communication Server March 2008. TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.

TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
CounterPath Corporation William Khris Kendrick: – Director of Business Development and Channel Marketing – www.counterpath.com www.counterpath.com –

CounterPath Corporation William Khris Kendrick: – Director of Business Development and Channel Marketing – –
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Lindsay Kintner VP Product Management Tadiran Telecom SIP Trunking Case Study.

1 Lindsay Kintner VP Product Management Tadiran Telecom SIP Trunking Case Study.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Similar presentations

Ads by Google