The leader in session border control. for trusted, first class interactive communications

Similar documents
Ingate SIParator /Firewall SIP Security for the Enterprise

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Security for SIP-based VoIP Communications Solutions

NETWORK THREATS DEMAN

Net-Net enterprise session border controller playbook

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

VPN-1 Power/UTM. Administration guide Version NGX R

Sonus Networks engaged Miercom to evaluate the call handling

What is SIP Trunking? ebook

Ingate Firewall & SIParator Product Training. SIP Trunking Focused

HP AllianceONE Services zl Module for Avaya Aura Session Border Controller powered by Acme Packet

Aeonix & Ingate. Role in Enterprise

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Cisco Self Defending Network

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

Building a Global VoIP Network. Michael Burrell, Senior Manager Orange Business Services. August 22, 2006

Virtual Private Networks (VPNs)

Unified Communications Threat Management (UCTM) Secure Communications and Collaborations

Multi-Layer Security Protection for Signaling Networks

Firewalls for Secure Unified Communications

Cisco Webex Cloud Connected Audio

Optimizing the Internet Quality of Service and Economics for the Digital Generation. Dr. Lawrence Roberts President and CEO,

Brochure. Dialogic BorderNet Session Border Controller Solutions

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Firewalls, Tunnels, and Network Intrusion Detection

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

Modern IP Communication bears risks

Cisco 5921 Embedded Services Router

Configuring Access Rules

Chapter 5. Security Components and Considerations.

DDoS: Evolving Threats, Solutions FEATURING: Carlos Morales of Arbor Networks Offers New Strategies INTERVIEW TRANSCRIPT

Changing the Voice of

ABC SBC: Securing the Enterprise. FRAFOS GmbH. Bismarckstr CHIC offices Berlin. Germany.

let your network blossom Orchid One Security Features

ABC SBC: Secure Peering. FRAFOS GmbH

Leveraging

Cisco Unified Border Element (SP Edition) for Cisco ASR 1000 Series

Broadband Internet Access Disclosure

Next Generation Networks MultiService Network Design. Dr. Ben Tang

FreeSWITCH as a Kickass SBC. Moises Silva Manager, Software Engineering

NGN: Carriers and Vendors Must Take Security Seriously

MULTICAST SECURITY. Piotr Wojciechowski (CCIE #25543)

Enabling FMC: Airvana Universal Access Gateway

Frequently Asked Questions (Dialogic BorderNet 500 Gateways)

Cisco 5921 Embedded Services Router

Network Security. Thierry Sans

Configuration Guide IP-to-IP Application

Configure Basic Firewall Settings on the RV34x Series Router

Security Assessment Checklist

Cbeyond s BeyondVoice TM with SIPconnect

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Never Drop a Call With TecInfo SIP Proxy White Paper

New and Current Approaches for Secure VoIP Service

EXAMGOOD QUESTION & ANSWER. Accurate study guides High passing rate! Exam Good provides update free of charge in one year!

PSTN Security. Sougat Ghosh Security Services Leader Asia, Nortel Delhi / September 29, 2008 BUSINESS MADE SIMPLE

Fundamentals of Network Security v1.1 Scope and Sequence

ORACLE ACME PACKET SBC FAMILY. Security Guide

We will divide the many telecom fraud schemes into three broad categories, based on who the fraudsters are targeting. These categories are:

Enabling Trusted Unified Communications. Steven J. Johnson President, Ingate Systems Inc.

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

CISCO EXAM QUESTIONS & ANSWERS

Avaya Session Border Controller Enterprise Implementation and Maintenance Exam

Coordinated Threat Control

The Voice over Mobile Broadband (VoMBB) Market:

Grandstream Networks, Inc. UCM6100 Security Manual

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

Company Introduction. May 2018

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

Investing in Broadband Communications. Presented by Andrew Kau General Partner

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

COMPLETE YOUR GO-TO-MARKET PLAN BUSINESS SOLUTIONS BARRY DERRICK PRODUCT MARKETING MANAGER

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Leveraging Wi-Fi Calling To Reduced Operator Costs and Improve the Customer Experience

Application Notes for Configuring CenturyLink SIP Trunking with Avaya IP Office Issue 1.0

CSC Network Security

Indicate whether the statement is true or false.

Session Border Controllers: A Primer

ALCATEL Edge Services Router

IFB No C032 Cloud Based VOIP System. December 28, 2016

White Paper. accelerateinnovation. Security Measures for Converged Networks June 2005 Author: Ramana Mylavarapu. security voice wireless

More companies are turning to technology to help boost their bottom line

Product Brief Nortel Switched Firewall 6000 Series

CTO PoV: Enterprise Networks (Part 2) Security for IoT & Cloud

Level 1 Technical Firewall Traversal & Security. Level 1 Technical. Firewall Traversal & Security. V2 Page 1 of 16

Spending on Service Provider Routers Begins to Grow in EMEA

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

Allot Corporate Presentation

Year of the Lync Migration to Microsoft Lync Voice Solutions

H.323-to-H.323 Interworking on CUBE

SBCs from Sangoma Flexibility, Ease of Use and an Unmatched ROI Simon Horton Director of Product Management

Acme Packet Net-Net 9200

Application Notes for Configuring Tidal Communications tnet Business VoIP with Avaya IP Office using SIP Registration - Issue 1.0

Common Components. Cisco Unified Border Element (SP Edition) Configuration Profile Examples 5 OL

Cisco IPS AIM Deployment, Benefits, and Capabilities

VoLTE Security in NG PRDs

Real-time Communications Security and SDN

Delivering the Full Potential of SIP

Cisco ASR 1000 Series Aggregation Services Routers: QoS Architecture and Solutions

Transcription:

The leader in session border control for trusted, first class interactive communications

VoIP security at the carrier network edge Kevin Mitchell Director, Solutions Marketing kmitchell@acmepacket.com

SIP Trunking Seminar - September 2007 3 in IP we don t trust anyone!

4 VoIP threats impacts & probabilities Security threat DoS & DDoS attacks Impact Overloads 9 Viruses & malware Probability Internet - free, anonymous 10 1 3-8 4 5 IMS /managed network Comments Service fraud 5 N/A 5 Requires technical sophistication Impact depends on business model Identity theft 2-5 8 6 Requires slightly more technical sophistication than SPIT Man-in-the-middle requires same degree of technical capabilities Information used for other attacks with various impacts Eavesdropping 2 5 2 3 5 3 Requires sophisticated attack capable of covering tracks Catastrophic - all subscribers are impacted Power outage prone areas susceptible Catastrophic - all subscribers impacted Impact varies based on service provider infrastructure, enterprise IP PBX or residential PC Requires technical sophistication and access to wiring closets SPIT 1 10 6 Requires little sophistication Annoying more than harmful

VoIP security concerns 5 SIP Trunking Seminar - September 2007 Accurate. Objective. Proven. User/device authentication and authorization 88% Security Concerns DoS attacks and overloads of next gen voice service infrastructure User privacy and confidentiality Performance impacted when defending against attack Identity theft Service topology exposure 67% 58% 50% 50% 50% Based on interviews with 24 service providers completed in Q2 2007 Service fraud 46% Illegal wiretapping/ eavesdropping 33% SPIT 17% 0% 20% 40% 60% 80% 100% Percent of Respondents Rating 6 or 7 Source: Infonetics Research, Service Provider Plans for VoIP & IMS: North America, Europe, Asia Pacific, Latin America-Caribbean 2007 5

IMS: Is Missing Security Security feature requirement IMS feature Security threat DoS attacks Traffic overloads Viruses/ malware Service fraud ID theft Eavesdropping SPIT ACL static Core IMS functions ACL dynamic Not addressed!!!!!! Topology hiding (NAPT at L3 & L5) I-BCF only, THIG!!! Authentication - subscriber & CSCF IPSec, SIP digest!!!!!! Authorization - subscriber HSS function!!! Signaling encryption IPSec!!!!!! Media encryption Not addressed!!! CAC - I/S-CSCF constraints CAC - network bandwidth constraints Not addressed PDF/RACS function CAC - user limits: sessions (#) Not addressed!!!!!! CAC - user limits: bandwidth Not addressed!!! SIP message & MIME attachment filtering/inspection Not addressed!!! Signaling rate monitoring & policing Not addressed!!!!!! Bandwidth monitoring & policing Not addressed!!! Call gapping - destination number Not addressed!!! Call gapping - source/dest. CSCF or UE Not addressed!!! QoS marking/mapping control Not addressed!!! Satisfied Not addressed Partially addressed SIP Trunking Seminar - September 2007 6

SIP Trunking Seminar - September 2007 7 How do I secure my network? 3. Protect the service Service Provider Peer Enterprise Access 2. Protect the service infrastructure 1. Protect the border IMS core Residential Access

SIP Trunking Seminar - September 2007 8 Border security framework SBC DoS/DDoS protection Protect against SBC DoS/DDOS attacks & overloads Access control Session-aware access control for signaling & media Topology hiding, privacy and VPN separation Complete service infrastructure hiding & user privacy support Support for L2 and L3 VPN services and security Viruses, malware & SPIT mitigation Deep packet inspection enables protection against malicious or annoying attachments/traffic Infrastructure DoS/DDoS prevention Prevent DoS/DDOS attacks on service infrastructure & subscribers Fraud prevention Prevent misuse & fraud Protect against service theft Monitoring and reporting Record attacks & attackers Provide audit trails Fraud prevention Infrastructure DoS prevention SBC DoS protection Viruses malware & SPIT mitigation Access control Topology hiding & privacy & VPN separation

SIP Trunking Seminar - September 2007 9 Best protection combines hardware and software Network processor (NPU) -based protection Layer 3/4 (TCP, SYN, ICMP, etc.) & signaling attack detection & prevention Dynamic & static ACLs (permit & deny) to SPU Trusted & untrusted paths to SPU with configurable bandwidth allocation & bandwidth policing per session Trusted devices - guaranteed signaling rates & access fairness Untrusted devices can access unused trusted bandwidth Separate queues for ICMP, ARP, telnet, etc. Signaling Reverse Path Forwarding (urpf) detection - signaling & media processor Overload prevention - 10 Gbps NPUs > 8 Gbps network interfaces Security processor Signaling processor (SPU) -based protection Overload protection threshold (% SPU) w/graceful call rejection Per-device dynamic trust-binding promotes/demotes devices Network processor Intelligent traffic manager Network processor

Cbeyond s SIP trunking service BeyondVoice with SIPconnect SIP Trunking Acme Seminar Packet confidential - September 2007 10 Direct IP peering between SIP IP PBXs and Cbeyond s VoIP network Reduces equipment cost, provides DID for small customers, enables advanced IP capabilities like HD Voice, network-based call features, etc. SBC improves reliability by handling application server fail-over on behalf of the PBX Acme Packet SBCs protect Cbeyond s network from attack, hide topology and allow secure traversal of enterprise inbound calls using HNT Secure SIP signaling via TLS (soon) PSTN Signaling Media TLS Enterprise

SIP Trunking Seminar - September 2007 11 Net-Net VoIP security threats are multi-dimensional and differ from data ones Focus on the threats degrees of risk and impact to network Free services High Internet-connected ITSP Facilities-based hosted services Service provider peering Low Dedicated security element at the border must protect itself and elements behind it

The leader in session border control for trusted, first class interactive communications

SIP Trunking Seminar - September 2007 13 Acme Packet at a glance Creator of Session Border Controller (SBC) category 56% market share (2006 revenue) and growing Over 420 customers in 81 countries Top tier customers worldwide 23 of top 25 76 of the top 100 6 of top 10 North American MSOs Premier distribution partners Alcatel- Lucent, Avaya, Ericsson, Italtel, Motorola, Nokia Siemens Networks, Nortel, Sonus 300+ employees in 22 countries Headquartered in Burlington, MA Public company (NASDAQ: APKT) w/ strong revenue growth, profits & balance sheet Annual/YTD revenue ($M) $3.3 $16.0 $36.1 $84.1 $52.1 2003 2004 2005 2006 H1 2007

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback