Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Voice Security Company Kirk Vaughan Product Director –VoIP SIP Application Security.

Published byRobert Tyler Modified over 9 years ago

Similar presentations

Presentation on theme: "The Voice Security Company Kirk Vaughan Product Director –VoIP SIP Application Security."— Presentation transcript:

1 The Voice Security Company Kirk Vaughan Product Director –VoIP kvaughan@securelogix.com SIP Application Security

2 VoIP security is a big deal Why? Fear of the Unknown Everyone talks about VoIP security threats DoS Attacks Eavesdropping Theft-of-service These are the obvious ones! And they are manageable. Theft-of-identity

3 What is scary is what is around the corner that we can’t see Hacker’s hate Billy Gates….will John Chambers be next? Disgruntled employees can wreak havoc with internal access IT security “Best Practices” Stay off of Billy’s platforms Secure Backdoors Enterprises are easy targets – too little voice security Some current VoIP Security Recommendations help Strict Authentication

4 Enterprises are not early adopters Business case is necessary Proven reliability and security ROI calculation includes cost of management Build applications with this in mind from day one Data Networking History taught us  Network security requires lots of tools – not one single answer - Firewalls - IPS/IDS - Anti-viral software  Modem and fax lines create a huge security backdoor - Some enterprises have hundreds which are unmonitored thus creating an insecure voice and data network!

5 LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voicemail TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voicemail TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voicemail TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voicemail TelephonesFax Unauthorized Modems After hours scanning – 2%-4% of phone lines have unauthorized modems. Unauthorized Modem Attack

6 LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voicemail TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voicemail TelephonesFax Unauthorized Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voicemail TelephonesFax Unauthorized Modems Employees use a modem to dial around the Firewall and IDS. Hacker “piggybacks” off ISP connection to access the Data Network. ISP Modem Attack ISP Modem Attack

7 LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voicemail TelephonesFax Modems LAN Servers Workstations Internet Central Office ISP Intruder PSTN IDS Firewall PBX Voicemail TelephonesFax Modems Telecom Firewall Mgmt Server Blocked! Alert! Unauthorized calls are blocked by a Security Appliance called a Telecom Firewall The Solution The Solution

8 The backdoor modem is the Data Security Manager’s “Achilles Heel” My message to the SIP Application Development world…. Don’t become the Achilles Heel to the VoIP world

9 Before you write 1 line of code, ask how the operations manager will.. - Have Visibility and Control of user behavior on your service - Simply and effectively manage the service Configuration of applications User database Security policy - Authorize use of approved applications (hopefully yours!) - Accurately account and report on performance, usage and charging - Guarantee the security of the application Are you in the business of writing applications for enterprise users?

10 Integrated voice service platforms (MS RTC Server - Greenwich) SIP-enabled web applications Embedded services via API Don’t be naïve – enterprises won’t allow new communication services into their networks without appropriate management, visibility and security Enterprise use of Public IM services (MS Messenger, AIM, Yahoo) Created market for IM gateways Access to SIP services over the internet (VONAGE, FWD) Application Layer Gateways and VoIP-aware Firewalls

11 LAN Servers Workstations Internet Central Office ISP PSTN IDS Firewall PBX Voicemail TelephonesFax Modems Telecom Firewall VoIP Security Manager Mgmt. Server Router IP Phone Accept the fact that you will be monitored and managed….. 3 rd Party AS

12 VoIP Security Manager secures the data and voice network external threats over the internet or WAN TDM Security (Telecom Firewall) secures the data and voice network external threats over unmonitored analog modem and fax lines internal threats from trusted or unknown sources Both devices provide management, reporting, and security policy tools No need for two separate management and security tools… Combine them!!

13 LAN Servers Workstations Internet Central Office ISP PSTN IDS Firewall PBX Voicemail TelephonesFax Modems Mgmt. Server Router IP Phone The CPE providing TDM and VoIP security becomes one….. 3 rd Party AS RTMM Firewall Real-Time Mixed Media Firewall

14 The Real-Time Mixed Media Firewall - Provides real-time Visibility and Control of user behavior - Combines the security and monitoring features of several platforms Application-Layer Gateway Telecom Firewall Call-Accounting System IM Gateway Client Registrar (DHCP) Presence Manager Security policy manager with reporting Bandwidth and routing policy manager - Manages access to both on-net and off-net VoIP services Simplifies the management of mixed media application platforms and secures the entire network!!! - Secures TDM Voice Network against attack and misuse

15 The Real-Time Mixed Media Firewall - Aids in the management and provisioning of SIP Services Secures backdoor modem threats Restricts use of unapproved rogue clients and applications Prevents hacker attacks by controlling content across network borders Detects signaling anomalies and IPS signatures relating to VoIP Single User database simplifies management of user profiles Single GUI interface for setting up policies, reporting, and permissions Graphical depiction of application/network usage stats in real-time Application layer security - Secures mixed media VoIP and TDM network resources

16  We have to secure both networks while we migrate  Security and Management of applications is key  Enterprises are suspicious of what they can’t control  They have been burned by the back-door modems  Can they be certain that you aren’t the next back-door?  Design apps for use with a CPE-based RTMM firewall  Even the great “killer app” needs security

17 Thank you!!!

Download ppt "The Voice Security Company Kirk Vaughan Product Director –VoIP SIP Application Security."

Similar presentations

Aspire Vertical Markets Banking, Finance and Insurance.

Aspire Vertical Markets Banking, Finance and Insurance.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
2N Telekomunikace a.s. VoIP Products.

2N Telekomunikace a.s. VoIP Products.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
TANDBERG Video Communication Server March 2008. TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.

TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, 2008 ~ndk/apanSIP.pdf.

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
Overview:  Manufacturer of Media Gateways, Enterprise Session Border Controllers, Media Servers, IP Phones, Mobility Technologies  20 years of Operations,

Overview:  Manufacturer of Media Gateways, Enterprise Session Border Controllers, Media Servers, IP Phones, Mobility Technologies  20 years of Operations,
TeleWall, TeleSweep Secure, TeleAudit, TeleVPN, ETM, TeleView, TeleBridge, TeleIDS, TeleWall NET, SecureLogix, SecureLogix Corporation and the SecureLogix.

TeleWall, TeleSweep Secure, TeleAudit, TeleVPN, ETM, TeleView, TeleBridge, TeleIDS, TeleWall NET, SecureLogix, SecureLogix Corporation and the SecureLogix.
SIP Trunking and the SMB Jason Walker Cbeyond. Cbeyond Solution Productivity Enhancing Applications for Entrepreneurial Business –Voice & Broadband –Mobile.

SIP Trunking and the SMB Jason Walker Cbeyond. Cbeyond Solution Productivity Enhancing Applications for Entrepreneurial Business –Voice & Broadband –Mobile.
ETM, TeleWall, TeleAudit, TeleView, TeleVPN, TeleIDS, TeleWatch Secure, TWSA, SecureLogix, SecureLogix Corporation, and the ETM, TeleWall, TeleAudit, TeleView,

ETM, TeleWall, TeleAudit, TeleView, TeleVPN, TeleIDS, TeleWatch Secure, TWSA, SecureLogix, SecureLogix Corporation, and the ETM, TeleWall, TeleAudit, TeleView,
Separate Domains of IT Infrastructure

Separate Domains of IT Infrastructure
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Copyright © 2006 VoEX, Inc. All Rights Reserved1.

Copyright © 2006 VoEX, Inc. All Rights Reserved1.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
© 2004, SS8 Networks, Inc. Remote Office/Branch Office IP Telephony Solutions Sean Kent – Director Architecture/Technology V18.

© 2004, SS8 Networks, Inc. Remote Office/Branch Office IP Telephony Solutions Sean Kent – Director Architecture/Technology V18.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Similar presentations

Ads by Google