Next Genera*on Tex*ng, Video Calling and Network Management October 2012 IPSTA Conference

Size: px
Start display at page:

Download "Next Genera*on Tex*ng, Video Calling and Network Management October 2012 IPSTA Conference"

Transcription

1 Next Genera*on Tex*ng, Video ing and Network Management October 2012 IPSTA Conference Copyright Assure911.net, LLC 2012 All Rights Reserved 1

2 Barbara Kemp, Assure911 IIT 911 Task Force Chairperson IIT ICE5 Project Manager CSI Consultant Brian Knueppel, Acme Packet Systems NENA ICE5 Co- chair David Staub, Assure911 IIT Lab Project Mentor Welcome 2

3 Topics Purpose NG Flow NENA ICE5 at IIT RTCL ESInet Security NG System Reliability Network Management Path Forward

4 Purpose Public Safety MigraTon to NG Experience Public Safety Legal Financial Managerial Challenges Maintenance General Overload Event Related Overload

5 NG Flow Full text on

6 ICE 5 Event at IIT RTCL Test Breadboard

7 ICE 5 Event at IIT RTCL 9/12/12 7

8 Security Brian Knueppel Acme Packet Goal: Protect the Next GeneraTon Network against Denial of Service A[acks and Overloads NENA definiton of a Border Control FuncTon (BCF) Product: Session Border Controller (SBC) more than a firewall 8

9 Where are Risks/VulnerabiliTes VoIP protocols and applications Operating system Supporting services Network protocol Physical Toll fraud, fuzzing, message floods, hijacking, eavesdropping, MITM call modification, media injection Buffer overflows, malware, DoS, configuration issues Resource exhaustion, account manipulation, covering tracks UDP/TCP floods, ICMP vectors, fuzzing, D/DoS Physical access compromise, reboot Policies and procedures Weak passwords, abuse of services 9

10 Threat Landscape Threat Example Result Reconnaissance scan Man-in-the-middle Address or port scan used to footprint network topology Attacker intercepts session to impersonate (spoof) caller Targeted denial of service, fraud, theft of service Targeted denial of service, breach of privacy, fraud, theft Eavesdropping Attacker sniffs session Breach of privacy, fraud, theft Session hijacking Session overloads Protocol fuzzing Media injection Attacker compromises valuable information by re-routing call Excessive signaling or media (malicious, non-malicious) Malformed packets, semantically or syntactically incorrect flows Attacker inserts unwanted or corrupt content into messages Breach of privacy, fraud, theft Denial of service Denial of service Denial of service, fraud 10

11 Border Control FuncTon (BCF) A BCF sits between external networks and the ESInet and between the ESInet and agency networks. All traffic from external networks transits a BCF. The BCF comprises several distnct elements pertaining to network edge control and SIP message handling. Border Firewall Access control Protect from malware a[acks Session Border Control PrevenTon DetecTon ReacTon 11

12 Session Border Control (SBC) ProtecTng live global IP communicatons networks FuncTonal element within BCF DOS/DDOS protecton, overload, resource admission control SIP normalizaton Resolve NAT issues Open/close pinholes B2BUA IPV4- IPV6 interworking VPN bridging Transport and encrypton: signaling and/or media QoS marking, priority, reportng detail records Transcoding 12

13 NENA Reference Documents Requirements, standards, procedures, practces Reference NG- SEC AudiTng, and assessing levels of security and risk to NG enttes, assets or elements, and excepton approval / risk acceptance process in the case of non- compliance to these guidelines Network Reference NID InformaTon that will assist in developing the requirements for and/or designing ESInets capable of meetng the requirements of an NG system FuncTonal Elements Reference NENA i Describes the detailed functonal elements and interfaces to those functonal elements 13

14 Secure Text Demo with alert Cellular network origination (SMS) Using test number (not 911) 4G/IMS->i3 ESInet (secured) Event sent in parallel(keyword bomb ) GPS Event Mobile Device Cell / SMS Assure911 IMS 4G/IMS Internet BCF ESInet FE s Text Device Text IIT Posi*on 14

15 Secure Video Demo Android device Over the top 4G/LTE ESInet (secured) 4G/LTE Network IMS Data Internet BCF ESInet FE s Over the top Smart Phone Video, Voice IIT Posi*on 15

16 Secure Video Demo with broadcast Android device Over the top 4G/LTE ESInet (secured) 4G/LTE Network IMS Data Internet Over the top BCF ESInet BCF Web Smart Phone Video, Voice Device with browser 16

17 NG System Reliability TesTng at IIT funded by Assure911 Performed by Joe Cusimano and Kbrom Tewoldu Dual Data Center ConfiguraTon Duplex ESInets: Primary/Master- Standby/Slave Resiliency to and ESRP Failures Including use of IIT UCARP program for IP address resiliency Security: Access Control Performance Under Load

18 IIT RTCL ESInet Test Architecture ConfidenTal Use with permission of CSI only 18 ConfidenTal Use with permission of CSI only

19 IIT RTCL ESInet Test Architecture Public ECRF SIP proxy SIP er PSTN er PSTN er SIP er Public ECRF SIP proxy Data Center A Data Center B BCF Acme Packet BCF Acme Packet Private ECRF ESRP LPG LPG ESRP Private ECRF A E911 B E911 Copyright Assure911.net, LLC 2012 All Rights Reserved 19

20 IIT Lab Testing - Typical SIP Public ECRF SIP proxy SIP er PSTN er PSTN er SIP er Public ECRF SIP proxy Data Center A Data Center B BCF Acme Packet BCF Acme Packet Private ECRF ESRP LPG LPG ESRP Private ECRF A E911 B E911 Copyright Assure911.net, LLC 2012 All Rights Reserved 20

21 Failure Public ECRF SIP proxy SIP er PSTN er PSTN er SIP er Public ECRF SIP proxy Data Center A Data Center B BCF Acme Packet BCF Acme Packet Private ECRF ESRP LPG LPG ESRP Private ECRF X A E911 B E911 Copyright Assure911.net, LLC 2012 All Rights Reserved 21

22 Partial Failure ( s can register to B) Public ECRF SIP proxy SIP er PSTN er PSTN er SIP er Public ECRF SIP proxy Data Center A Data Center B BCF Acme Packet BCF Acme Packet Private ECRF ESRP LPG LPG ESRP Private ECRF X A E911 B E911 Copyright Assure911.net, LLC 2012 All Rights Reserved 22

23 - Layer 1 and Layer 2 Resiliency - UCARP Program running in Background for Test - Remove RJ45 from ESInet Primary System Switches from Primary Master to Backup IP Address Re- Register - IniTate Test and Observe Invite Message in the Wire Shark Trace for conformance ConfidenTal Use with permission of CSI only 23

24 Server Failure - IP address taken over by backup Public ECRF SIP proxy SIP er PSTN er PSTN er SIP er Public ECRF SIP proxy Data Center A Data Center B BCF Acme Packet BCF Acme Packet Private ECRF ESRP LPG LPG ESRP Private ECRF X A E911 B E911 Copyright Assure911.net, LLC 2012 All Rights Reserved 24

25 ESRP Resiliency - Layer 5 SIP Message RouTng Geographic Redundancy - Acme Packet Session Border Controller (SBC) Configured to hunt to Alternate ESInet ESRP on failure - Remove RJ45 from Primary ESRP - IniTate test call and observe Wire Shark Trace - Invite message indicates routng to alternate ESRP - The SBC can be configured to also route invite messages alternately between both ESRPs (Round Robin) ConfidenTal Use with permission of CSI only 25

26 ESRP Failure Public ECRF SIP proxy SIP er PSTN er PSTN er SIP er Public ECRF SIP proxy Data Center A Data Center B BCF Acme Packet BCF Acme Packet Private ECRF X ESRP LPG LPG ESRP Private ECRF A E911 B E911 Copyright Assure911.net, LLC 2012 All Rights Reserved 26

27 Data Center Failure Public ECRF SIP proxy SIP er PSTN er PSTN er SIP er Public ECRF SIP proxy Data Center A Data Center B Private ECRF X BCF Acme Packet ESRP LPG LPG BCF Acme Packet ESRP Private ECRF A E911 B E911 Copyright Assure911.net, LLC 2012 All Rights Reserved 27

28 - Once configured with an IP address only addresses on the list are allowed access - Configure System Access List Using IP Addresses and Laptop LAN Address Netmask Access Session Border Controller Management Port Remove Security: System Access List - Access SBC a 2 nd Tme connecton is refused ConfidenTal Use with permission of CSI only 28

29 Performance - Using the MU to initate multple invites to the ESInet simulate DDoS - Session Border Controller System Control List configured to restrict allowable session invites - Access System Control List and set MU peer IP address Thresholds set for 5 - Observe Wire Shark Traces to view allowed invite messages ConfidenTal Use with permission of CSI only 29

30 Network Management End to End Network Management DemonstraTon for Public Safety

31 NG Systems are multi-provider NG911 Data Center A I3 NG System Access Traffic Router Router I3 ESInet Router Router NG System EMS= Element Management System NG911 Data Center A OSS = OperaTons Support System I3 = Current version of NENA NG SpecificaTon Copyright Assure911.net, LLC 2012 All Rights Reserved SS7= Signaling System 7 CAMA= Centralized AutomaTc Message AccounTng MF = MulT Frequency = Legacy Network Gateway = Public Safety Answering Point SIP = Session IniTaTon Protocol 31

32 Each provider has their own solution for surveillance IP Transport OSS Element Manager Carrier OSS VSP OSS Element Manager NG911 Data Center A I3 NG System Access Traffic Router Router I3 ESInet Router Router NG System EMS= Element Management System NG911 Data Center A OSS = OperaTons Support System I3 = Current version of NENA NG SpecificaTon Copyright Assure911.net, LLC 2012 All Rights Reserved SS7= Signaling System 7 CAMA= Centralized AutomaTc Message AccounTng MF = MulT Frequency = Legacy Network Gateway = Public Safety Answering Point SIP = Session IniTaTon Protocol 32

33 Highly reliable networks are proactively watched end-to-end IP Transport OSS Element Manager Carrier OSS VSP OSS Element Manager NG911 Data Center A I3 NG System Access Traffic Router Router I3 ESInet Router Router NG System EMS= Element Management System NG911 Data Center A OSS = OperaTons Support System I3 = Current version of NENA NG SpecificaTon Copyright Assure911.net, LLC 2012 All Rights Reserved SS7= Signaling System 7 CAMA= Centralized AutomaTc Message AccounTng MF = MulT Frequency = Legacy Network Gateway = Public Safety Answering Point SIP = Session IniTaTon Protocol 33

34 End to End Monitoring Carrier OSS VSP OSS Data Collec*on Client NG FEs Logging Service BCF: Acme Packet EMS= Element Management System OSS = OperaTons Support System I3 = Current version of NENA NG SpecificaTon SS7= Signaling System 7 CAMA= Centralized AutomaTc Message AccounTng MF = MulT Frequency = Legacy Network Gateway = Public Safety Answering Point SIP = Session IniTaTon Protocol ISDN = Integrated Services Digital Network PRI = Primary Rate Interface Copyright Assure911.net, LLC 2012 All Rights Reserved 34

35 Mobile Alerting: Border Control Function Event Reporting (Demo App on Google Play ) Text Message Originates Here GPS Mobile Device Text Device Event Reported to System Mgr IMS 4G/IMS Assure911 Cell / SMS Internet BCF ESInet NG911 FE s Text Session with NG911 Posi*on

36 Mobile Network Management App 36

37 In Network Assurance when you marry the network-wide view with the ability of the BCF to monitor the content stream 37

38 38

39 39

40 40

41 Assure911 TM Patented, End- to- End NG Status System Assure911 is a registered trademark of Network Expert Sojware Systems, Inc. Used with permission. Copyright Assure911.net, LLC 2012 All Rights Reserved 41

NG : Reliability a0er Design

NG : Reliability a0er Design NG 9-1- 1: Reliability a0er Design Design and Reliability Solu2ons for Emergency Services Networks David Staub dbs@assure911.net (860) 620 7735 1 Assure911.net Contracted to design ESInet for CounCes of

More information

Ingate SIParator /Firewall SIP Security for the Enterprise

Ingate SIParator /Firewall SIP Security for the Enterprise Ingate SIParator /Firewall SIP Security for the Enterprise Ingate Systems Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?... 3 3

More information

AT&T ESInet Customer Presentation

AT&T ESInet Customer Presentation AT&T ESInet Customer Presentation TM The best of today built for tomorrow. Table of Contents Introduction AT&T Emergency Services IP Network (AT&T ESInet TM ) Overview National Emergency Number Association

More information

NG9-1-1 Call Flow. Handout Roundtable April 2, Figure 1- Call Flow Diagram

NG9-1-1 Call Flow. Handout Roundtable April 2, Figure 1- Call Flow Diagram NG9-1-1 Call Flow Handout Roundtable April 2, 2012 Figure 1- Call Flow Diagram The Standard NG9-1-1 Network has the same Functional Elements (FEs) in each Data Centers for redundancy. The acronyms are

More information

NG9 1 1 Industry Collaboration Event 2 Planning Committee Charter

NG9 1 1 Industry Collaboration Event 2 Planning Committee Charter NG9 1 1 Industry Collaboration Event 2 Planning Committee Charter The Steering Committee for the NG9 1 1 Industry Collaboration Events (ICE) has approved commencement of planning for the second event.

More information

Next Generation Emergency Communications Intelligent Migration

Next Generation Emergency Communications Intelligent Migration 2010 Texas NENA Conference Next Generation Emergency Communications Intelligent Migration A Well-Managed Path from Enhanced 9-1-1 to Integrated Next Generation 9-1-1 Services Mart D. Nelson Consulting

More information

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Protecting Against Online Fraud. F5 EMEA Webinar August 2014 Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture

More information

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:

More information

Real-time Communications Security and SDN

Real-time Communications Security and SDN Real-time Communications Security and SDN 2016 [Type here] Securing the new generation of communications applications, those delivering real-time services including voice, video and Instant Messaging,

More information

Modern IP Communication bears risks

Modern IP Communication bears risks Modern IP Communication bears risks How to protect your business telephony from cyber attacks Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure

More information

HP AllianceONE Services zl Module for Avaya Aura Session Border Controller powered by Acme Packet

HP AllianceONE Services zl Module for Avaya Aura Session Border Controller powered by Acme Packet HP AllianceONE Services zl Module for Avaya Aura Session Border Controller powered by Acme Packet Data sheet Product overview The HP AllianceONE Services zl Module for Avaya Aura Session Border Controller

More information

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points WHITE PAPER Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS Starting Points...1 The Four Essentials...2 The Business Case for SIP Trunks...3 To benefit from the latest

More information

Allstream NGNSIP Security Recommendations

Allstream NGNSIP Security Recommendations Allstream NGN SIP Trunking Quick Start Guide We are confident that our service will help increase your organization s performance and productivity while keeping a cap on your costs. Summarized below is

More information

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA) security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, 29.03.2006, Atlanta, GA (USA) 2006 SWITCH Content and Firewall and NAT Privacy / Encryption SpIT / Authentication Identity General

More information

Jay English Director Comm. Center & Services APCO International. 2013; all rights reserved

Jay English Director Comm. Center & Services APCO International. 2013; all rights reserved Jay English Director Comm. Center & 9-1-1 Services APCO International 2013; all rights reserved Topics to Cover NG9-1-1 What it means may vary Technical Basics New Terminology Issues that need to be on

More information

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model 1. Description of Services. 1.1 SIP SBC with Field Trial Endpoint Deployment Verizon will assist

More information

Security for SIP-based VoIP Communications Solutions

Security for SIP-based VoIP Communications Solutions Tomorrow Starts Today Security for SIP-based VoIP Communications Solutions Enterprises and small to medium-sized businesses (SMBs) are exposed to potentially debilitating cyber attacks and exploitation

More information

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came Victoria Ellsworth Dr. Ping Li ICTN 4040 04/11/17 Internet of Things (IoT) Attacks The Internet of Things (IoT) is based off a larger concept; the Internet of Things came from idea of the Internet of Everything.

More information

VoIP Security Threat Analysis

VoIP Security Threat Analysis 2005/8/2 VoIP Security Threat Analysis Saverio Niccolini, Jürgen Quittek, Marcus Brunner, Martin Stiemerling (NEC, Network Laboratories, Heidelberg) Introduction Security attacks taxonomy Denial of Service

More information

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

PrepAwayExam.   High-efficient Exam Materials are the best high pass-rate Exam Dumps PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-541 Title : VPN and Security Cisco SAFE Implementation Exam (CSI) Vendors : Cisco

More information

ESInet Building Blocks for NG Mark Titus Lead Product Marketing Manager AT&T Public Safety

ESInet Building Blocks for NG Mark Titus Lead Product Marketing Manager AT&T Public Safety Mark Titus Lead Product Marketing Manager AT&T Public Safety Agenda Agenda slide Why NG9-1-1 is Important ESInet Functional Benefits Is the time right for ESInet? Summary 2 ESInet Building Blocks for Why

More information

Ken Agress, Senior Consultant PlanNet Consulting, LLC.

Ken Agress, Senior Consultant PlanNet Consulting, LLC. Elements of a Vulnerability Assessment Ken Agress, Senior Consultant PlanNet Consulting, LLC. Defining a Vulnerability Assessment Agenda Types of Vulnerability Assessments Are You Ready for an Assessment?

More information

Brochure. Dialogic BorderNet Session Border Controller Solutions

Brochure. Dialogic BorderNet Session Border Controller Solutions Dialogic BorderNet Session Border Controller Solutions Dialogic BorderNet Solutions Supercharge Connections between Networks, Services and Subscribers with Ease and Scale The BorderNet family of session

More information

ABC SBC: Secure Peering. FRAFOS GmbH

ABC SBC: Secure Peering. FRAFOS GmbH ABC SBC: Secure Peering FRAFOS GmbH Introduction While an increasing number of operators have already replaced their SS7 based telecommunication core network with a SIP based solution, the interconnection

More information

Security Assessment Checklist

Security Assessment Checklist Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment

More information

Endpoint Security - what-if analysis 1

Endpoint Security - what-if analysis 1 Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File

More information

The leader in session border control. for trusted, first class interactive communications

The leader in session border control. for trusted, first class interactive communications The leader in session border control for trusted, first class interactive communications VoIP security at the carrier network edge Kevin Mitchell Director, Solutions Marketing kmitchell@acmepacket.com

More information

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

White Paper. SIP Trunking: Deployment Considerations at the Network Edge SIP Trunking: Deployment Considerations at the Network Edge at the Network Edge Executive Summary The move to Voice over IP (VoIP) and Fax over IP (FoIP) in the enterprise has, until relatively recently,

More information

Comparative table of the call capacity of KMG 200 MS: Number of SBC calls Maximum TDM channels Total calls Bridge**

Comparative table of the call capacity of KMG 200 MS: Number of SBC calls Maximum TDM channels Total calls Bridge** LOW DENSITY MEDIA GATEWAY WITH MODULAR INTERFACES AND SBC Main Characteristics Modular, with 1 or 2 internal E1/T1 + 2 external modules * Integrated SBC Option with BNC or RJ45 connectors Up to 60 TDM

More information

Feb 28 Mar, 7 Raleigh, NC

Feb 28 Mar, 7 Raleigh, NC NCC National Coordinating Center for Communications Gerald Jay English, ENP Public Safety Program Manager US Dept. of Homeland Security National Communications & Cybersecurity Information Center (NCCIC)

More information

Emergent Communications NG9-1-1 Software Solutions for Call Routing and PSAP Call Takers April 2017

Emergent Communications NG9-1-1 Software Solutions for Call Routing and PSAP Call Takers April 2017 Emergent Communications NG9-1-1 Software Solutions for Call Routing and PSAP Call Takers April 2017 www.emergentcomm.com Introduction Emergent Communications offers the first totally built from the ground

More information

Ingate Firewall & SIParator Product Training. SIP Trunking Focused

Ingate Firewall & SIParator Product Training. SIP Trunking Focused Ingate Firewall & SIParator Product Training SIP Trunking Focused Common SIP Applications SIP Trunking Remote Desktop Ingate Product Training Common SIP Applications SIP Trunking A SIP Trunk is a concurrent

More information

FreeSWITCH as a Kickass SBC. Moises Silva Manager, Software Engineering

FreeSWITCH as a Kickass SBC. Moises Silva Manager, Software Engineering FreeSWITCH as a Kickass SBC Moises Silva Manager, Software Engineering FreeSWITCH as a Kickass SBC Moises Silva Manager, Software Engineering Moises Silva

More information

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment

More information

The Case for Secure Communications

The Case for Secure Communications Whitepaper The Case for Secure Communications The tapping of voice communications has occurred virtually as long as electronic communication has been in existence. In the early days of electronic communications,

More information

Florida 911 Coordinator s Spring 2015 Meeting

Florida 911 Coordinator s Spring 2015 Meeting NENA i3 and Next Generation 9-1-1 Florida 911 Coordinator s Spring 2015 Meeting May - 2015 Mike Nelson Intrado, Senior Technical Officer Intrado Proprietary Selective Routers were designed In the 70 s

More information

Unified Communications Threat Management (UCTM) Secure Communications and Collaborations

Unified Communications Threat Management (UCTM) Secure Communications and Collaborations Secure Cloud Communication and Collaboration. Overview The emergence of IP Voice, Video, Unified Communication and Collaborations (UC&C) technology and applications are causing a fundamental shift in the

More information

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control

More information

H.323-to-H.323 Interworking on CUBE

H.323-to-H.323 Interworking on CUBE This chapter describes how to configure and enable features for H.323-to-H.323 connections on CUBE. Configuring H.323-to-H.323 connections on a CUBE opens all ports by default. If CUBE has a public IP

More information

Application Note. Microsoft OCS 2007 Configuration Guide

Application Note. Microsoft OCS 2007 Configuration Guide Application Note Microsoft OCS 2007 Configuration Guide 15 October 2009 Microsoft OCS 2007 Configuration Guide Table of Contents 1 MICROSOFT OCS 2007 AND INGATE... 1 1.1 SIP TRUNKING SUPPORT... 2 2 INGATE

More information

Secure Telephony Enabled Middle-box (STEM)

Secure Telephony Enabled Middle-box (STEM) Report on Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen 04/14/2003 Dr. Mark Stamp - SJSU - CS 265 - Spring 2003 Table of Content 1. Introduction 1 2. IP Telephony Overview.. 1 2.1 Major Components

More information

ARP Inspection and the MAC Address Table for Transparent Firewall Mode

ARP Inspection and the MAC Address Table for Transparent Firewall Mode ARP Inspection and the MAC Address Table for Transparent Firewall Mode This chapter describes how to customize the MAC address table and configure ARP Inspection for bridge groups. About ARP Inspection

More information

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Exam : Title : Security Solutions for Systems Engineers. Version : Demo Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized

More information

Secure Communications on VoIP Networks

Secure Communications on VoIP Networks Mediatrix Multi-service Gateways v. 2.0.41.762 2017-12-21 Table of Contents Table of Contents Internet Telephony Network Security 4 Authentication 4 X-509 Certificates 4 Transport Layer Security (TLS)

More information

Bank Infrastructure - Video - 1

Bank Infrastructure - Video - 1 Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation

More information

North Carolina ESInet Conceptual Design document

North Carolina ESInet Conceptual Design document North Carolina ESInet Conceptual Design document March 2016 Proprietary Notice This NC NG9-1-1 Conceptual Design document, its contents, and appendices are proprietary to the state of North Carolina and

More information

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide 28 May 2009 3Com VCX Connect Solution SIP Trunking Table of Contents 1 3COM VCX CONNECT AND INGATE... 1 1.1 SIP TRUNKING SUPPORT...

More information

HIGH DENSITY MEDIA GATEWAY WITH MODULAR INTERFACES AND SBC. Comparative table for call capacities of the KMG SBC 750:

HIGH DENSITY MEDIA GATEWAY WITH MODULAR INTERFACES AND SBC. Comparative table for call capacities of the KMG SBC 750: HIGH DENSITY MEDIA GATEWAY WITH MODULAR INTERFACES AND SBC Main Characteristics Modular composition: 8 telephony modules compatible with E1/T1, FXO, FXS and/or GSM technologies. Integrated SBC: o Up to

More information

NG112 Transition Models - Implementation Activities

NG112 Transition Models - Implementation Activities EENA NG112 Technical Committee Document NG112 Transition Models Implementation Activities Title: NG112 Transition Models - Implementation Activities Version: 2.0 Revision Date: 15/07/2015 Status of the

More information

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet

More information

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network 10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity

More information

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial

More information

Conducting an IP Telephony Security Assessment

Conducting an IP Telephony Security Assessment Conducting an IP Telephony Security Assessment Mark D. Collier Chief Technology Officer mark.collier@securelogix.com www.securelogix.com Presentation Outline Ground rules and scope Discovery Security policy

More information

Cisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p.

Cisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p. Cisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p. 6 Networking Basics p. 14 Wireless LANs p. 22 Cisco Hardware

More information

NGN: Carriers and Vendors Must Take Security Seriously

NGN: Carriers and Vendors Must Take Security Seriously Research Brief NGN: Carriers and Vendors Must Take Security Seriously Abstract: The next-generation network will need to provide security on many levels. A comprehensive set of standards should be in place

More information

Emergent Communications Software Solutions for Call Routing and Delivery

Emergent Communications Software Solutions for Call Routing and Delivery Emergent Communications 9-1-1 Software Solutions for Call Routing and Delivery Technical White Paper May 2017 Introduction Emergent Communications offers the first totally built from the ground up NENA

More information

EN-1000 Quick Configuration Guide

EN-1000 Quick Configuration Guide Part Number 17655.0000 Version A.5, December 2017 2017 Encore Networks, Inc. All rights reserved. EN-1000 Quick Configuration Guide CAT-1 LTE T he EN-1000 is a high-performance, low-cost VPN router designed

More information

MIVOICE BORDER GATEWAY PLATFORM

MIVOICE BORDER GATEWAY PLATFORM MITEL MIVOICE BORDER GATEWAY PLATFORM MiVoice Border Gateway Remote Phone Configuration Guide JANUARY, 2017 RELEASE 9.4 MBG - Remote IP Phone Configuration Guide NOTICE The information contained in this

More information

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

PracticeDump.   Free Practice Dumps - Unlimited Free Access of practice exam PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

Advanced Diploma on Information Security

Advanced Diploma on Information Security Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic

More information

White Paper Session Border Controllers: Rationalizing the Border of the Network

White Paper Session Border Controllers: Rationalizing the Border of the Network Session Border Controllers: Rationalizing the Border of the Network To find out more about Dialogic, visit us at: www.dialogic.com Executive Summary: As service providers transform their networks more

More information

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145

More information

Next Generation Intelligent Migration SM. A Well-Managed Path from Enhanced to Next Generation Services

Next Generation Intelligent Migration SM. A Well-Managed Path from Enhanced to Next Generation Services Next Generation 9-1-1 Intelligent Migration SM A Well-Managed Path from Enhanced 9-1-1 to Next Generation 9-1-1 Services 1 How Do We Know When We Have Achieved NG9-1-1? From a NENA September, 2008 paper

More information

CCVP CIPT2 Quick Reference

CCVP CIPT2 Quick Reference Introduction...3...4 Centralized Call Processing Redundancy...11 CCVP CIPT2 Quick Reference Bandwidth Management and Call Admission Control...17 Applications for Multisite Deployments...21 Security...31

More information

MOBILE THREAT LANDSCAPE. February 2018

MOBILE THREAT LANDSCAPE. February 2018 MOBILE THREAT LANDSCAPE February 2018 WHERE DO MOBILE THREATS COME FROM? In 2017, mobile applications have been a target of choice for hackers to access and steal data, with 86% of mobile threats coming

More information

Technical White Paper for NAT Traversal

Technical White Paper for NAT Traversal V300R002 Technical White Paper for NAT Traversal Issue 01 Date 2016-01-15 HUAWEI TECHNOLOGIES CO., LTD. 2016. All rights reserved. No part of this document may be reproduced or transmitted in any form

More information

Network Configuration Guide

Network Configuration Guide Cloud VoIP Network Configuration PURPOSE This document outlines the recommended VoIP configuration settings for customer provided Firewalls and internet bandwidth requirements to support Mitel phones.

More information

West AT&T TXT Power Service Guide

West AT&T TXT Power Service Guide West AT&T TXT29-1-1 Power Service Guide Table of Contents 1. Introduction... 2 2. Service Features... 2 2.1. Service Overview... 2 3. ITS... 3 3.1. Service Use Cases... 3 3.2. Customer Provided Public

More information

Chapter 4. Network Security. Part I

Chapter 4. Network Security. Part I Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid

More information

Gigabit SSL VPN Security Router

Gigabit SSL VPN Security Router As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the

More information

Sonus Networks engaged Miercom to evaluate the call handling

Sonus Networks engaged Miercom to evaluate the call handling Key findings and conclusions: Lab Testing Summary Report September 2010 Report 100914B Product Category: Session Border Controller Vendor Tested: Sonus SBC 5200 successfully registered 256,000 user authenticated

More information

Understanding Cisco Unified Communications Security

Understanding Cisco Unified Communications Security Cisco Support Community Presents Tech-Talk Series Understanding Cisco Unified Communications Security Akhil Behl Solutions Architect, akbehl@cisco.com Author of Securing Cisco IP Telephony Networks 2010

More information

Configuring Hosted NAT Traversal for Session Border Controller

Configuring Hosted NAT Traversal for Session Border Controller Configuring Hosted NAT Traversal for Session Border Controller The Cisco IOS Hosted NAT Traversal for Session Border Controller Phase-1 feature enables a Cisco IOS Network Address Translation (NAT) Session

More information

Mobile Security Fall 2013

Mobile Security Fall 2013 Mobile Security 14-829 Fall 2013 Patrick Tague Class #4 Telecom System Security General Vulnerabilities Service interruption vulnerabilities Due to increased capacity offered by high speed communication

More information

Patton Trinity esbc SmartNode with BroadCloud UC & SIP Trunking. May 2018 Document Version 1.0

Patton Trinity esbc SmartNode with BroadCloud UC & SIP Trunking. May 2018 Document Version 1.0 Patton Trinity esbc SmartNode with BroadCloud UC & SIP Trunking May 2018 Document Version 1.0 Table of Contents 1 About this Guide...3 2 General Information...4 2.1 Patton SmartNode esbc Series Overview...

More information

GDPR Update and ENISA guidelines

GDPR Update and ENISA guidelines GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure

More information

CS System Security 2nd-Half Semester Review

CS System Security 2nd-Half Semester Review CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This

More information

Digital Advisory Services Professional Service Description SIP Centralized IP Trunk with Field Trial Model

Digital Advisory Services Professional Service Description SIP Centralized IP Trunk with Field Trial Model Digital Advisory Services Professional Service Description SIP Centralized IP Trunk with Field Trial Model 1. Description of Services. 1.1 SIP Centralized IP Trunk with Field Trial Verizon will assist

More information

The Telephony Denial of Service (TDoS) Threat

The Telephony Denial of Service (TDoS) Threat The Telephony Denial of Service (TDoS) Threat An Analysis of the TDoS Threat in Voice Network Security A Whitepaper From SecureLogix Corporation Telephony Denial-of-Service (TDoS) and The Public Voice

More information

Wireless LAN Security (RM12/2002)

Wireless LAN Security (RM12/2002) Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For

More information

Computer Network Vulnerabilities

Computer Network Vulnerabilities Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like

More information

Session Border Controller

Session Border Controller CHAPTER 14 This chapter describes the level of support that Cisco ANA provides for (SBC), as follows: Technology Description, page 14-1 Information Model Objects (IMOs), page 14-2 Vendor-Specific Inventory

More information

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013 Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive

More information

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:

More information

AT&T IP Flexible Reach And IP Toll Free Cisco Unified Communication Manager H.323 Configuration Guide. Issue /3/2008

AT&T IP Flexible Reach And IP Toll Free Cisco Unified Communication Manager H.323 Configuration Guide. Issue /3/2008 AT&T IP Flexible Reach And IP Toll Free Cisco Unified Communication Manager H.323 Configuration Guide Issue 2.17 3/3/2008 Page 1 of 49 TABLE OF CONTENTS 1 Introduction... 4 2 Special Notes... 4 3 Overview...

More information

SIP as an Enabling Technology

SIP as an Enabling Technology SIP as an Enabling Technology SIP and VoIP Fundamentals Mike Taylor - CTO spscom.com 888.777.7280 Strategic Products and Services / 300 Littleton Road / Parsippany, NJ 07054 Agenda What is SIP? Acceptance

More information

Multi-Layer Security Protection for Signaling Networks

Multi-Layer Security Protection for Signaling Networks Multi-Layer Security Protection for Signaling Networks All-IP Invites Innovation, but also More Vulnerabilities O R A C L E W H I T E P A P E R J A N U A R Y 2 0 1 6 Table of Contents Introduction 2 Access

More information

E911 Presentation FAQ Pierce County Council Public Safety, Human Service and Budget Committee April 23, 2018

E911 Presentation FAQ Pierce County Council Public Safety, Human Service and Budget Committee April 23, 2018 E911 Presentation FAQ Pierce County Council Public Safety, Human Service and Budget Committee April 23, 2018 Q-1 What do all those acronyms stand for? A-1 *See comprehensive glossary at the bottom of this

More information

Use NAT to Hide the Real IP Address of CTC to Establish a Session with ONS 15454

Use NAT to Hide the Real IP Address of CTC to Establish a Session with ONS 15454 Use NAT to Hide the Real IP Address of CTC to Establish a Session with ONS 15454 Document ID: 65122 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Topology

More information

Application Note Asterisk BE with SIP Trunking - Configuration Guide

Application Note Asterisk BE with SIP Trunking - Configuration Guide Application Note Asterisk BE with SIP Trunking - Configuration Guide 23 January 2009 Asterisk BE SIP Trunking Table of Contents 1 ASTERISK BUSINESS EDITION AND INGATE... 1 1.1 SIP TRUNKING SUPPORT... 2

More information

ARP Inspection and the MAC Address Table

ARP Inspection and the MAC Address Table This chapter describes how to customize the MAC address table and configure ARP Inspection for bridge groups. About, page 1 Default Settings, page 2 Guidelines for, page 2 Configure ARP Inspection and

More information

2. Firewall Management Tools used to monitor and control the Firewall Environment.

2. Firewall Management Tools used to monitor and control the Firewall Environment. Firewall Review Section 1 FIREWALL MANAGEMENT & ADMINISTRATION Common management practices with regard to administering the (company) network should be in accordance with company policies and standards.

More information

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS) Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized

More information

Industrial Control System Security white paper

Industrial Control System Security white paper Industrial Control System Security white paper The top 10 threats to automation and process control systems and their countermeasures with INSYS routers Introduction With the advent of M2M (machine to

More information

Unified Communications Manager Express Toll Fraud Prevention

Unified Communications Manager Express Toll Fraud Prevention Unified Communications Manager Express Toll Fraud Prevention Document ID: 107626 Contents Introduction Prerequisites Requirements Components Used Conventions Overview Internal vs. External Threats Toll

More information

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

Information Technology Enhancing Productivity and Securing Against Cyber Attacks Information Technology Enhancing Productivity and Securing Against Cyber Attacks AGENDA Brief Overview of PortMiami Enhancing Productivity Using Technology Technology Being Using at the Port Cyber Attacks

More information

SESSION BORDER CONTROLLERS

SESSION BORDER CONTROLLERS SESSION BORDER CONTROLLERS Architected for distributed signaling & media Integrated, co-located and distributed options Flexible hardware/software deployment models Designed to sustain high SIP message

More information

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:

More information

UTM. (Unified Threat Manager) Support for signatures from Snort VRT and Emerging Threat.

UTM. (Unified Threat Manager) Support for signatures from Snort VRT and Emerging Threat. UTM (Unified Threat Manager) Intrusion Prevention based Snort 2.9. Support for signatures from Snort VRT and Emerging Threat. HTTP/SSL Web Proxy based on Squid 3.1.20 URL Filtering with Internet DB from

More information