Presentation is loading. Please wait.

Presentation is loading. Please wait.

VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 3 VoIP Issues.

Published byJacob Jenkins Modified over 9 years ago

Similar presentations

Presentation on theme: "VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 3 VoIP Issues."— Presentation transcript:

1

2 VoIP Security Sanjay Kalra Juniper Networks

3 September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 3 VoIP Issues Enterprise VoIP Service Provider IP PBX Services Other Carrier SOHO/Residential Softswitch Media Gateway Application Server Media Server OSS Softswitch Media Gateway 10.1 20.1 SIP/H.323 Phones H.323/SIP Endpoints IP PBX Router SIP/H.323 Phones Data FW/NAT Cable/DSL Modem MGCP IAD POTS Phone Wireless IP Phone Mobile Phone Wireless/ Mobile Base Station Wireless/Mobile Internet or IP NW Hosted IP CentrexVoice Over Broadband (Cable, DSL) IP Network SME Router Class 5 Switch POTS Wholesale VoIP Carrier to EnterpriseCarrier to SOHO/Residential Carrier to Carrier Peering SS7 IN Network Security  DoS attacks  Service theft  Fraud  SPIT & Vishing  Protocol Vulnerabilities Address Translation  Conversion of private/public IP addresses  Firewalls challenged by small signaling/media packets  VoIP protocols not understood by all firewall’s Service Assurance  Quality of service  Admission enforcement  Lack of reporting Regulatory Compliance  E-911  Lawful intercept  CALEA support

4 September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 4 VoIP Attack Examples Vishing – Spam email from Paypal asking users to leave credit card number. Toll Fraud – 2 people convicted to toll fraud using brute force. Resold minutes stolen from VOIP carriers. DOS – Buffer Overflow in Asterisk. DOS – Session Border Controller of a carrier compromised as could not provide security

5 September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 5 VoIP security risks en detail Enterprise VoIP Service Provider IP PBX Services Other Carrier SOHO/Residential Softswitch Media Gateway Application Server Media Server OSS Softswitch Media Gateway 10.1 20.1 SIP/H.323 Phones H.323/SIP Endpoints IP PBX Router SIP/H.323 Phones Data FW/NAT Cable/DSL Modem MGCP IAD POTS Phone Wireless IP Phone Mobile Phone Wireless/ Mobile Base Station Wireless/Mobile Internet or IP NW Hosted IP CentrexVoice Over Broadband (Cable, DSL) IP Network SME Router Class 5 Switch POTS Wholesale VoIP Carrier to EnterpriseCarrier to SOHO/Residential Carrier to Carrier Peering SS7 IN Network Infrastructure (D)DoS attacks Route poisoning Traffic padding IP and ARP spoofing Session hijacking/replay VoIP protocol vulnerabilities VoIP infrastructure Server OS vulnerabilities Registration DoS attacks Invite overflows Excessive call setup rate Billing fraud Malformed protocol messages Man-in-the middle attacks DHCP/ARP spoofing VoIP content Call intercept Confidentiality issues Vishing Unwanted content Spambots collecting VoIP addresses Route server hacks can redirect calls Illegal call intercept Recording of conversations through accessing infrastructure (Ethereal records VoIP traffic as audio file)

6 September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 6 VoIP Security Mitigation IP PBX DoS or Hacking Attacks H.323 and SIP ALGs dynamically open and close FW ports to keep network secure Back door to corporate network Combination of ALGs, firewall and zone capabilities keep data network secure Voice call intercept Encrypt VoIP connections with site- to-site VPN (DES, 3DES, AES) to prevent eavesdropping All LAN segments have voice access Zones enable separation of VoIP network elements to ensure appropriate policies are applied

7 September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 7 Tiered Approach to security Integrated control between layers of the network Filter at the edge –Use equipment that can be controlled to filter at the edge –Don’t allow unwanted traffic into the network Provide Topology hiding at the edge –Hide all the internal network Centralised Management –Alerts come to a central place –Operator can be involved in the process Threat risk reduced by layers –If one layer misses the threat another catches it

8 September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 8 VoIP Security Toolkit IDP to mitigate VoIP attacks Zone Based Architecture Security through Firewall ALGs Voice Eavesdropping Prevention through encryption Unauthorized Use Prevention with Policy access control Resilient VPN Connectivity with Dynamic Tunnel Failover

9 September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 9 Defense Against VoIP Security Threats VoIP Security ThreatRamificationsDefense Technology Unauthorized access to PBX or voice mail system All voice communications fail FW with SIP attack protection IDP with SIP sigs/protocol anom DoS attack on PBX, IP Phone or gateway Hacker listens to voice mails, accesses call logs, company directories, etc. Zones, ALGs, policy-based access control Toll fraud Hacker utilizes PBX for long-distance calling, increasing costs VPNs, encryption (IPSec or other) Eavesdropping or man-in-the-middle attack Voice conversations unknowingly intercepted and altered Worms/trojans/viruses on IP phones, PBX Infected PBX and/or phones rendered useless, spread problems throughout network IDP with SIP protocol anomaly and stateful signatures SPIT (VoIP SPAM) and Vishing Lost productivity, annoyance and financial Loss ALGs, SIP attack prevention, SIP source IP limitations, UDP Flood Protection, Authentication

Download ppt "VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 3 VoIP Issues."

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.

IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Broadband and Wide Area Network Services Carrier Gigabit Ethernet Multi Protocol Label Switching Vs. IP VPNs T-1 & T-3 SIP Trunks Security Network Topology.

Broadband and Wide Area Network Services Carrier Gigabit Ethernet Multi Protocol Label Switching Vs. IP VPNs T-1 & T-3 SIP Trunks Security Network Topology.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
Session border control applications

Session border control applications
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World

Similar presentations

Ads by Google