Download presentation
Presentation is loading. Please wait.
Published byShawn McCormick Modified over 9 years ago
1
VoIP security : Not an Afterthought
2
OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design and implementation Conclusion
3
What is VoIP? VoIP is Voice over internet protocol, is a technology allows voice conversations to be carried over the Internet. VoIP exchanges voice information in digital form, in discrete packets rather than by using the traditional circuit-committed protocols of the Public Switched Telephone Network (PSTN).
4
Difference between PSTN and VoIP. In PSTN (Public Switched Telephone Network) the control is rested at switch. In VoIP the resource control is at deeper part of network.
5
Why VoIP? Price Flexibility Protocols Implementation Service
6
VoIP Security threats Security threats Viruses impacting servers. Denial of service attacks. Logical attacks on SIP. Subscription fraud and non-payment. Call eavesdropping.
7
Security concerns Preserve the availability: By network/service access control Preserve integrity: Prevent malicious activities by encryption techniques. Prevent theft of the VoIP service. Prevent fraudulent use of VoIP services Preserve the confidentiality: By encryption techniques.
8
Preserve Authentication by login password. Preserve authorization by access control, role based authentication
9
Is VoIP Security Different? VoIP services are real-time. VoIP services are target of voice specific malicious activities such as toll fraud, service theft, voice spam and identity theft. VoIP services are extremely sensitive to delay, packet loss and jitter caused by worms, viruses and DoS attacks. VoIP services are impacted by the existing security devices such as firewalls/NAT, encryption engines and IDS/IPS.
10
An Approach to VoIP Security Open source security Prevention Protection Reducing the risks VoIP Infrastructure
11
Design and implementation Major concerns for VoIP software development are 1)Software stability. 2)Robustness. 3)Interoperability. For implementation of VoIP its should have separate voice transport, signaling, service creation from one another.
12
VoIP protocols The two most widely used protocols for VoIP are the ITU standard H.323 and the IETF standard SIP. Both are signaling protocols that set up, maintain and terminate a VoIP call. In addition, the Media Gateway Control Protocol (MGCP) provides a signaling and control protocol between VoIP gateways and traditional PSTN (Public Switched Telephone Network) gateways. ITU-T, H.323 is a comprehensive protocol under the ITU-T specifications for sending voice, video and data across a network. The H.323 specification includes several sub-protocols:
13
1. H.225 for specifying call controls (e.g. call setup and teardown), 2. H.235 for specifying the security framework for H.323 and the call setup. 3. H.245 for specifying media paths and parameter negotiations such as terminal capabilities. 4. H.450 for specifying supplementary services such as call hold and call waiting.
14
Conclusion VoIP presents a number of interesting security challenges that differ substantially from those of traditionally telephony. In addressing these challenges, we might consider the roles of the vendor, service provider, and implementer communities.
15
References http://www.voip-info.org/ Voip security : not an afterthought by Douglas C.Sicker and Tomlookabaugh
16
Thank you
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.