SIP Trunking & Security. Dan York, CISSP VOIPSA Best Practices Chair

Similar documents
VoIP Security and Mitel IP Telephony Solutions. Dan York Chair, Mitel Product Security Team February 2006

Ingate SIParator /Firewall SIP Security for the Enterprise

Vulnerabilities in Dual-mode / Wi-Fi Phones

Modern IP Communication bears risks

Security for SIP-based VoIP Communications Solutions

Real-time Communications Security and SDN

Allstream NGNSIP Security Recommendations

Conducting an IP Telephony Security Assessment

Unified Communications Threat Management (UCTM) Secure Communications and Collaborations

IP Possibilities Conference & Expo. Minneapolis, MN April 11, 2007

Secure Telephony Enabled Middle-box (STEM)

Voysis Cloud Implementation

Voice Over IP. How technology has taken a step back?

Ingate Firewall & SIParator Product Training. SIP Trunking Focused

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

Patton Electronics Co Rickenbacker Drive, Gaithersburg, MD 20879, USA tel: fax:

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

Frequently Asked Questions (Dialogic BorderNet 500 Gateways)

Overview of the Session Initiation Protocol

VOIP. Technology, Security Threats & Countermeasures. Jaydip Sen. Innovation Lab Tata Consultancy Services, Kolkata

HOSTED VOIP Your guide to next-generation telephony

Unified Communications Manager Express Toll Fraud Prevention

NGN Security. Next Generation Nightmare? Emmanuel Gadaix Telecom Security Task Force. Dubai, HITB 2007

Configuring MediaPack 1288 Analog Gateway as Third-Party SIP Device (Advanced) in Cisco Unified Communications Manager Ver

Minnesota Microsoft Unified Communications User Group Welcome! March 26, 2009

Never Drop a Call With TecInfo SIP Proxy White Paper

Application Notes for Configuring CenturyLink SIP Trunking with Avaya IP Office Issue 1.0

WE SEE YOUR VOICE. SecureLogix We See Your Voice

Application Notes for Configuring Technicolor TB30 SIP Phones to interoperate with Avaya IP Office - Issue 1.0

DMP 128 Plus C V DMP 128 Plus C V AT. Avaya Aura Configuration Guide REVISION: 1.1 DATE: SEPTEMBER 1 ST 2017

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

Spectrum Enterprise SIP Trunking Service NEC Univerge SV8100 IP PBX Configuration Guide

EarthLink Business SIP Trunking. Allworx 6x IP PBX SIP Proxy Customer Configuration Guide

ZyXEL V120 Support Notes. ZyXEL V120. (V120 IP Attendant 1 Runtime License) Support Notes

SIP as an Enabling Technology

Application Notes for Configuring 2N Telekomunikace Helios IP to interoperate with Avaya IP Office Issue 1.0

EarthLink Business SIP Trunking. Toshiba IPEdge 1.6 Customer Configuration Guide

On-Site PBX Vs Hosted PBX

Application Notes for Configuring Computer Instruments e-ivr, as a SIP endpoint, with Avaya IP Office 500 V2 Issue 1.0

Application Notes for Configuring SIP Trunking between CenturyLink SIP Trunk (Legacy Qwest) Service and Avaya IP Office R8.0 (16) Issue 1.

VoIP Basics. 2005, NETSETRA Corporation Ltd. All rights reserved.

Voice over IP. What You Don t Know Can Hurt You. by Darren Bilby

EarthLink Business SIP Trunking. ShoreTel 14.2 IP PBX Customer Configuration Guide

Avaya Solution & Interoperability Test Lab Application Notes for configuring Ascom Myco V9.3 with Avaya IP Office Server Edition R Issue 1.

Telecommunications Glossary

EarthLink Business SIP Trunking. Asterisk 1.8 IP PBX Customer Configuration Guide

Media Communications Internet Telephony and Teleconference

Business Phone System Buyer s Guide

Application Notes for Configuring Tidal Communications tnet Business VoIP with Avaya IP Office using SIP Registration - Issue 1.0

Cisco Webex Cloud Connected Audio

Application Notes for Configuring Windstream SIP Trunking with Avaya IP Office - Issue 1.0

Application Notes for Avaya IP Office Release 8.0 with AT&T Business in a Box (BIB) over IP Flexible Reach Service Issue 1.0

Application Notes for Presence OpenGate with Avaya IP Office 9.0 Issue 1.0

Application Notes for Configuring Windstream using Genband G9 SIP Trunking with Avaya IP Office Issue 1.0

Application Notes for Computer Instruments eone with Avaya IP Office Server Edition - Issue 1.0

VoIP Security Threat Analysis

Curatrix. How can Curatrix Communications help your business? Communications. Connecting your Business

Application Notes for Configuring Cablevision Optimum Voice SIP Trunking with Avaya IP Office - Issue 1.1

VoIP Application Note:

atl IP Telephone SIP Compatibility

SBC Configuration Examples

Avaya Solution & Interoperability Test Lab Application Notes for Configuring Ascom i62 VoWiFi Handset with Avaya IP Office Issue 1.

What is SIP Trunking? ebook

Internet Telephony: Advanced Services. Overview

IP Telephony IP Telephony VOIP. IP Telephony. IP Telephony. IP Telephony

Virtual PBX Product Guide MODEL: SP-250 SP-500 SP-1000 SP-1500 SP-3000

Configuration Guide for Integration of Spectralink PIVOT with UNIVERGE 3C

DMP 128 Plus C V DMP 128 Plus C V AT. Avaya Aura Configuration Guide REVISION: DATE: MARCH 7 TH 2018

Application Notes for configuring Fijowave Business DECT with Avaya IP Office IP500 V2 R10.1 using a WAN connection Issue 1.0

Introduction to Networking

Siemens STI-884. SOCA Sales Small and Medium Businesses(R) (SMB)

Application Notes for IPC Alliance 16 with Avaya Modular Messaging 5.2 via Avaya Aura Session Manager 6.3 using SIP Trunks Issue 1.

SIP Trunking Seminar Introduction to SIP Trunking

Application Notes for Phonect SIP Trunk Service and Avaya IP Office 7.0 Issue 1.0

CompTIA Network+ Study Guide Table of Contents

Security Assessment Checklist

VoIP Application Note:

Application Notes for Spectralink DECT Server 2500/8000 with Avaya Aura Communication Manager and Avaya Aura Session Manager - Issue 1.

Glossary of Unified Communications Terms

Glossary of Unified Communications Terms. Provided by: Cloudtelephone.net

Dialogic PowerVille CC Cloud Centrex

Abstract. Avaya Solution & Interoperability Test Lab

examcollection.premium.exam.161q

GLOSSARY OF UNIFIED COMMUNICATIONS TERMS

Understanding Cisco Unified Communications Security

Dialogic Cloud Centrex

Firewall Control Proxy

Introduction. H.323 Basics CHAPTER

Application Notes for Configuring the ADTRAN NetVanta UC Server with Avaya IP Office 6.1 Issue 1.0

DMP 128 Plus C V DMP 128 Plus C V AT

NATO Communications and Information Systems School

SBC Site Survey Questionnaire Forms

Security and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California

Application Notes for Configuring EarthLink SIP Trunk Service with Avaya IP Office using UDP/RTP - Issue 1.0

Unified Communication Platform

Avaya Solution & Interoperability Test Lab Application Notes for configuring Ascom i62 Wireless Handsets with Avaya IP Office Issue 1.

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

Application Notes for BBX Technologies Vuesion Multimedia Contact Center Networking Module with Avaya IP Office 8.0 Issue 1.0

Transcription:

SIP Trunking & Security Dan York, CISSP VOIPSA Best Practices Chair September 2, 2009

Privacy Availability Compliance Confidence Mobility Cost Avoidance Business Continuity

TDM security is relatively simple... PSTN Gateways TDM Switch Voicemail Physical Wiring

VoIP security is more complex Operating Systems Standards Databases Firewalls Instant Messaging Desktop PCs Voicemail Voice over IP Network Switches Internet E-mail Systems Wireless Devices Physical Wiring Web Servers PSTN Gateways PDAs Directories

VoIP can be more secure than the PSTN if it is properly deployed.

VoIP Security Concerns

Security concerns in telephony are not new Image courtesy of the Computer History Museum

Nor are our attempts to protect against threats Image courtesy of Mike Sandman http://www.sandman.com/

Security Aspects of IP Telephony Media / Voice Manage ment TCP/IP Network Call Control PSTN Policy

The SIP Call Flow Proxy A SIP Proxy B SIP SIP Alice RTP Bob

The SIP Call Flow Proxy A Internet SIP or WAN Proxy B SIP SIP Alice RTP Bob

Media Eavesdropping Degraded Voice Quality Encryption Virtual LANs (VLANs) Packet Filtering

Signaling Denial of Service Impersonation Toll Fraud Encryption Encrypted Phone Software Proper Programming

Management Web Interfaces APIs! Phones! Encryption Change Default Passwords! Patches? We don t need...

PSTN

Geography

Internet LAN

SIP Trunking

The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN

SIP Trunking PSTN SIP Service Provider IP-PBX Carrier Network LAN

The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN

SIP Trunking - Business Continuity PSTN SIP Service Provider IP-PBX Internet SIP Service Provider LAN

SIP Trunking - Business Continuity PSTN SIP Service Provider IP-PBX Internet SIP Service Provider LAN SIP Service Provider

Cloud Computing

Geography

Moving Voice Applications into the Cloud Application Platform IP-PBX Internet / WAN LAN PSTN

Moving Telephony into the Cloud Hosted IP-PBX Firewall Internet / WAN LAN PSTN

Can you trust the Cloud to be there?

Questions for SIP Trunk Providers or Cloud Computing Platforms? What kind of availability guarantees / Service Level Agreements (SLAs) does the platform vendor provide? What kind of geographic redundancy is built into the underlying network? What kind of network redundancy is built into the underlying network? What kind of physical redundancy is built into the data centers? What kind of monitoring does the vendor perform? What kind of scalability is in the cloud computing platform? What kind of security, both network and physical, is part of the computing platform? Finally, what will the vendor do if there is downtime? Will the downtime be reflected in your bill?

Spam / SPIT

What about SPIT? ( SPam over Internet Telephony ) What does a traditional telemarketer need? Makes for great headlines, but not yet a significant threat Fear is script/tool that: Iterates through calling SIP addresses: 111@sip.company.com, 112@sip.company.com, Opens an audio stream if call is answered (by person or voicemail) Steals VoIP credentials and uses account to make calls Reality is that today such direct connections are generally not allowed This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls from any other IP endpoint) Until that time, PSTN is de facto firewall SPAM

Resources

What is the Industry Doing to Help? Security Vendors VoIP Vendors The Sky Is Falling! (Buy our products!) Don t Worry, Trust Us! (Buy our products!)

Voice Over IP Security Alliance (VOIPSA) www.voipsa.org 100 members from VoIP and security industries VOIPSEC mailing list www.voipsa.org/voipsec/ Voice of VOIPSA Blog www.voipsa.org/blog Blue Box: The VoIP Security Podcast www.blueboxpodcast.com VoIP Security Threat Taxonomy Best Practices Project underway now Security Research Market and Social Objectives and Constraints Classification Taxonomy of Security Threats Best Practices for VoIP Security Outreach Communication of Findings Security System Testing LEGEND Published Active Now Ongoing

www.voipsa.org/resources/tools.php

Tools, tools, tools... UDP Flooder IAX Flooder IAX Enumerator ohrwurm RTP Fuzzer RTP Flooder INVITE Flooder AuthTool BYE Teardown Redirect Poison Registration Hijacker Registration Eraser RTP InsertSound RTP MixSound SPITTER Asteroid enumiax iwar StegRTP VoiPong Web Interface for SIP Trace SIPScan SIPCrack SiVuS SIPVicious Tool Suite SIPBomber SIPsak SIP bot

Security Links VoIP Security Alliance - http://www.voipsa.org/ Threat Taxonomy - http://www.voipsa.org/activities/taxonomy.php VOIPSEC email list - http://www.voipsa.org/voipsec/ Weblog - http://www.voipsa.org/blog/ Security Tools list - http://www.voipsa.org/resources/tools.php Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com NIST SP800-58, Security Considerations for VoIP Systems http://csrc.nist.gov/publications/nistpubs/800-58/sp800-58-final.pdf Network Security Tools http://sectools.org/ Hacking Exposed VoIP site and tools http://www.hackingvoip.com/

VoIP can be more secure than the PSTN if it is properly deployed.

Q&eh? www.voipsa.org Dan York - dan.york@voipsa.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback