Presentation is loading. Please wait.

Presentation is loading. Please wait.

Common Misconceptions Alan D. Percy Director of Market Development The Truth of Enterprise SIP Security.

Published byMervyn Small Modified over 9 years ago

Similar presentations

Presentation on theme: "Common Misconceptions Alan D. Percy Director of Market Development The Truth of Enterprise SIP Security."— Presentation transcript:

1

2 Common Misconceptions Alan D. Percy Director of Market Development Alan.percy@audiocodes.com The Truth of Enterprise SIP Security

3 3 Threat is widely recognized “Security Is IP Networking's Downside” Gartner Report, 2006 “SIP is not an easy protocol to secure.” RFC 3261 “T.J. Max theft is believed largest hack ever” AP Newswire, March 30, 2007 “…SIP is vulnerable to certain attacks.” RFC 3329

4 4 Known Threats Known SIP Security Threats: –Theft of services (unauthorized use of your network) –Recording and eavesdropping –Call Detail Capturing (tracking who you call and for how long) –Spoofing and Man-in-the-middle (Phone Phishing) –Denial of Service Attacks –Registration Flooding –Malformed Messages –Unsolicited incoming calling (SPIT) –Trojan horse devices –Viruses and Worms –and more.

5 5 Three Misconceptions about Security

6 6 Misconception #1 Eavesdropping VoIP is easy

7 7 IP-PBX SIP Architecture Media Gateway LAN Switch PST N SIP SIP Phones SIP T1/E1 Secure Facility Secured with SIP/TLS SRTP IP-PBX

8 8 Points of Risk Signaling Media IP Management SIP/ TLS SRTP HTTPS

9 9 Misconception #2 SIP Trunking is easy to secure with a SIP Firewall

10 10 SIP Trunking is at Risk SIP Trunking without correct protection is open to DoS attack, theft of service and other threats too!

11 11 Protecting Against DoS Attacks One of two approaches: 1.Use PSTN Trunking Cannot execute a DoS attack over a PSTN circuit Media gateway insulates enterprise from outside world Enterprise uses PSTN as a “moat” around SIP Island 2.Secure SIP Trunks with SBC Firewalls do not fully protect against DoS Many SIP Security devices don’t support SIP/TLS or SRTP Protect with an Enterprise-class Session Border Controller

12 12 SBC – Includes DoS Filtering and Rate Limiting ICMP ARP Request ARP Response DTMF SIP - Invite SIP - Register SIP- Response SIP - Unknown SIP - Other SIP - Register SIP - Other DoS Filters Un-Solicited SIP Traffic Established SIP Signaling “Pinholes” nRT - HI nRT - LO Best Effort Port SIP App Server Traffic Management/Shaping maintain per queue rate, size and discard policy RADIUS VRRP Dispatcher Rate Limiting & Prioritization Application Intelligence

13 13 Misconception #3 Security is very expensive

14 14 AudioCodes Solutions with Security Mediant 2000 Scalable Digital Media Gateway Mediant 1000 Modular Media Gateway MediaPack MP-11x Analog Media Gateway All support HTTPS, SIP/TLS, and SRTP Mediant 1000 MSBG with Integrated SBC

15 15 Good Security Practices for Enterprises  Deploy encryption security (SIP/TLS and SRTP)  Secure the front door (trunk lines)  PSTN Trunking or Enterprise SBC  Secure the back door (set and manage the passwords)  Control access  Manage software on all the devices in the system  Eliminate WiFi access  Keep an audit trail

16 16 Q/A and More Information www.audiocodes.com or Alan.percy@audiocodes.com

Download ppt "Common Misconceptions Alan D. Percy Director of Market Development The Truth of Enterprise SIP Security."

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Building Applications with SIP Conferencing / Collaboration Alan D. Percy Director, Market Development AudioCodes.

Building Applications with SIP Conferencing / Collaboration Alan D. Percy Director, Market Development AudioCodes.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, 2008 ~ndk/apanSIP.pdf.

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Similar presentations

Ads by Google