Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.

Published byShonda Holt Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen."— Presentation transcript:

1

2 Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen

3 Copyright Security-Assessment.com 2005 Different Types of VoIP There are many different implementations of IP telephony: – Skype – MSN – Firefly – Cisco Office – Asterix

4 Copyright Security-Assessment.com 2005 VoIP Technology Each type of VoIP uses different technology: – Skype – Proprietary – MSN – SIP – Firefly – IAX – Cisco – H.323, Skinny – Asterix – SIP, IAX2 – Others – MGCP Most of these do not have security built-in so rely on network controls

5 Copyright Security-Assessment.com 2005 Attacks Against VoIP Multiple attack avenues: – Standard traffic capture attacks – Traffic manipulation – Dynamic configuration attacks – Phone-based vulnerabilities – Management interface attacks

6 Copyright Security-Assessment.com 2005 Consequences of Attacks Eavesdropping and recording phone calls Active modification of phone calls Call Tracking Crashing phones Denying phone service – Slammer? VoIP Spamming Free calls Spoofing caller ID

7 Copyright Security-Assessment.com 2005 Capturing VoIP Data Ethereal has built-in support for some VoIP protocols Has the ability to capture VoIP traffic Can dump some forms of VoIP traffic directly to WAV files. Point and click hacking!

8 Copyright Security-Assessment.com 2005

9

10

11 Audio Capture

12 Copyright Security-Assessment.com 2005 VoIP Security Solutions You must protect the network traffic – Separate data and voice traffic – VLANs – Ensure IPSEC or other VPN technology used over WAN links – IDS monitoring on the network – ARP inspection – Host Security – VOIP enabled firewalls – Excellent guidelines in Cisco SAFE documentation Or wait for more secure protocols

13 Copyright Security-Assessment.com 2005 Skype – What Is It? Proprietary VOIP system for calls over the Internet Free and simple to use Developed by the creators of KaZaA Relies on P2P technology Over 29 million users worldwide Allows connections to regular phones through SkypeOut

14 Copyright Security-Assessment.com 2005 Skype Connection Details Listens on a random port, 80 and 443 Connects to known Supernodes stored in the registry Must establish connection with login server to authenticate NAT and Firewall traversal Any Skype client with an Internet IP address and suitable bandwith/CPU may become a Supernode

15 Copyright Security-Assessment.com 2005 Skype Architecture Ref: "An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol“ Salman A. Baset and Henning Schulzrinne

16 Copyright Security-Assessment.com 2005 Skype Call Security Skype claims to encrypt all voice traffic with 128- bit or better encryption The encryption implementation used is proprietary and closed-source It is unknown whether the Skype organisation has the ability to decrypt all voice traffic

17 Copyright Security-Assessment.com 2005 Other Skype Security Concerns Same developers as KaZaA, known for spyware Cannot stop client becoming a Supernode Client allows file transfer, even through firewalls, an access path for malicious code, information leakage Login server reliance

18 Copyright Security-Assessment.com 2005 Should You Use Skype? If you can answer yes to four questions: – Are you willing to circumvent the perimeter controls of your network? – Do you trust the Skype developers to implement security correctly (being closed-source)? – Do you trust the ethics of the Skype developers? – Can you tolerate the Skype network being unavailable?

19 Copyright Security-Assessment.com 2005 Other VoIP Issues – Commercial Caller ID Spoofing Multiple companies are now offering caller ID spoofing: - CovertCall- PI Phone - Star38- Us Tracers - Camophone- Telespoof Makes Social Engineering a lot easier Many systems authenticate on CID

20 Copyright Security-Assessment.com 2005 Other VoIP Issues – New Attack Tools New tools make finding vulnerabilities easier – SIP Bomber – PROTOS Test-Suite – SiVuS

21 Copyright Security-Assessment.com 2005

22 Good Sites For Learning More Some good links for learning more about VoIP – http://www.voip-info.org/tiki-index.php?page=voip- info.org – http://www.vopsecurity.org/index.php

Download ppt "Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen."

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.

BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
1 ZIP 4x5 The world’s most functional telephone. 2 PSTN Internet Dallas, TX Sunnyvale, CA VPN Outside callers dial a single extension - phone at the office.

1 ZIP 4x5 The world’s most functional telephone. 2 PSTN Internet Dallas, TX Sunnyvale, CA VPN Outside callers dial a single extension - phone at the office.
Skype & Network Management Taken from class reference : An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne.

Skype & Network Management Taken from class reference : An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne.
Voice over IP Skype.

Voice over IP Skype.
Review of a research paper on Skype

Review of a research paper on Skype
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, 2008 ~ndk/apanSIP.pdf.

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Copyright Security-Assessment.com 2005 Voice over IP What You Don’t Know Can Hurt You by Darren Bilby.

Copyright Security-Assessment.com 2005 Voice over IP What You Don’t Know Can Hurt You by Darren Bilby.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
More about Skype. Overview Any node with a public IP address having sufficient CPU, memory and network bandwidth is a candidate to become a super node.

More about Skype. Overview Any node with a public IP address having sufficient CPU, memory and network bandwidth is a candidate to become a super node.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Similar presentations

Ads by Google