Presentation is loading. Please wait.

Presentation is loading. Please wait.

Veraz Networks Proprietary and Confidential

Published byGabriel Todd Modified over 10 years ago

Similar presentations

Presentation on theme: "Veraz Networks Proprietary and Confidential"— Presentation transcript:

1 Veraz Networks Proprietary and Confidential
* Veraz proprietary information notice: This document and the contents therein are the property of Veraz Networks Inc. Any duplication, reproduction, or transmission to unauthorized parties without prior written permission of Veraz Networks Inc. is prohibited. The recipient of this document, by its retention and use, agrees to protect the information contained herein from loss, theft, or transfer to third parties. Veraz Networks Proprietary and Confidential

2 Security - The Big Challenge of IP Telephony
Yaron Oppenheim Director – Product Marketing February 2003

3 Agenda The Problem Why is it critical ?
It should be protected & it can be protected Vulnerability points Security strategy and measures MG Control Switch Control protocol - MGCP Inter Control Switch communication The voice itself Management activity Veraz Networks Proprietary and Confidential

4 Veraz – An introduction
Veraz is a privately held company formed by the merger of ECI-NGTS and Nexverse Networks Global provider of end-to-end, carrier-grade Packet Telephony solutions Best-in-Class Integrated Solution Open, Best-of-Breed Softswitch & Media Gateway platforms Driving some of the largest softswitch-based VoIP deployments in the market Market leader for carrier-class Digital Compression Multiplexing Equipment (DCME) Over $2B installed base Over 700 carrier customers in 140 countries Current & on-going revenue stream Global Presence and Track Record 20 years of experience in delivering solutions to carriers worldwide 100% ownership of advanced DSP technology Global sales & support infrastructure Veraz Networks Proprietary and Confidential

5 The Problem Attacks on the Internet Fraud on the Internet
38% of the organization’s Web sites suffered unauthorized access or misuse within the last 12 months Government Web site – thousands of attacks per day Fraud on the Internet The main obstacle to e-commerce Money that is lost Money that is invested in securing IT installations Growing segment in a recessionary period Is IP Telephony much different ? Veraz Networks Proprietary and Confidential

6 ANSI/ETSI/ITU/UK/Japan SS7 ISUP/TCAP
IP Telephony network Feature Server Feature Server SIP/H.323/ XML/JCC SIP/H.323/ XML/JCC ControlSwitch SS7/ SCP/STP/ HLR SS7 ISUP/TCAP ANSI/ETSI/ITU/UK/Japan SS7 ISUP/TCAP SS7/ SCP/STP IS-41 I-Gate 4000 MGCP MGCP I-Gate 4000 MGCP MGCP SIP SIP Wireless PSTN (MSCs) SIP H.323 PSTN IP/ATM Network Enterprise PBX IAD H.323 Gateway Gatekeeper Broadband Local services enable providers to offer existing Class 5 voice services in addition to the new, integrated communications services we can only imagine today. A simple graphical user interface delivers the customized management and control of existing and new services that today's digitally empowered users demand. These Broadband Local services will be delivered to users that are always connected. 3G Mobile PDA IAD SIP SIP Proxy/ Feature Server SIP Devices Enterprise Residence/ Branch/SMB Veraz Networks Proprietary and Confidential

7 Potential Threats to Network Security
Intranet and Internet Most of the intruders – from within the organization Internal threats Disgruntled employees Social engineering Former employees External threats Hackers Hacking by mistake Veraz Networks Proprietary and Confidential

8 Typical Security Attacks
Unauthorized access Denial of Service - DOS Eavesdropping Masquerade Modification of information Content modification Sending the information at another time Information theft Veraz Networks Proprietary and Confidential

9 Why is it critical ? Because : A lot of money can be lost
The image of the company is a high priority Veraz Networks Proprietary and Confidential

10 It should be protected & it can be protected
IP Telephony will not be widely deployed without a reasonable security solution ! Veraz Networks Proprietary and Confidential

11 Security – you have to protect 360o
The hacker needs only one vulnerability point. Feature Server Feature Server SIP/H.323/ XML/JCC SIP/H.323/ XML/JCC ControlSwitch SS7/ SCP/STP/ HLR SS7 ISUP/TCAP ANSI/ETSI/ITU/UK/Japan SS7 ISUP/TCAP SS7/ SCP/STP IS-41 I-Gate 4000 MGCP MGCP I-Gate 4000 MGCP MGCP SIP SIP Wireless PSTN (MSCs) SIP H.323 PSTN IP/ATM Network Enterprise PBX IAD H.323 Gateway Gatekeeper 3G Mobile PDA IAD SIP SIP Proxy/ Feature Server SIP Devices Enterprise Residence/ Branch/SMB Veraz Networks Proprietary and Confidential

12 Vulnerability points HTTP SNMP CMI CMI IP Network MGCP RTP VerazView
Internet/ Internet/ Intranet Intranet CDR HTTP SNMP CMI EC CMI RE CCP/SG IP Network MGCP I-Gate 4000 Pro RTP I-Gate 4000 I-Gate 4000 Veraz Networks Proprietary and Confidential

13 You have to protect them all
Call Control Element (CCE) Signaling Gateway (SG) Routing engine (RE) Event Collector (EC) CDR Manager Management Media Gateway (I-Gare 4000/PRO) Management System (VerazView) Links between elements Veraz Networks Proprietary and Confidential

14 Defense strategy Access to the IP Telephony Network Element is allowed by using the MANAGEMENT SYSTEM only The Management System should be highly secured ALL the information traveling from NE to NE (and from the MS to NE) should be encrypted and authenticated. Veraz Networks Proprietary and Confidential

15 MG security The only way to access the Media Gateway is by using the management system. Blocking unnecessary protocols HTTP, Telnet, etc… Protecting the MG from unauthorized access Firewall functionality Predefined list of IP's Predefined protocols Application (MGCP) aware Location of the Firewall IP Network I-Gate 4000 Pro I-Gate 4000 Veraz Networks Proprietary and Confidential

16 Control Switch elements
Unix-based elements RE EC CDR CCP SG EMS Access to the IP Telephony Network Element is allowed by using the MANAGEMENT SYSTEM only Block unnecessary protocols Access control Firewall Veraz Networks Proprietary and Confidential

17 MG – Call Control Platform channel
MGCP, H.248 IPSEC – the de facto standard – Provides protection (encryption & authentication) to each IP packet Authentication, Integrity, Confidentiality IPSEC – Authentication Header (AH) IPSEC – Encapsulation Security Payload (ESP) IKE – Internet Key Exchange (RFC 2409) Session Key Long-term key VerazView Internet/ Internet/ Intranet Intranet CDR EC CCP /SG IP Network RE I-Gate 4000 MGCP I-Gate 4000 Pro I-Gate 4000 Veraz Networks Proprietary and Confidential

18 IPsec implementation External Boxes Embedded Implementation
Check Point Symantec Cisco Embedded Implementation Pros & cons Vulnerability Cost Management Veraz Networks Proprietary and Confidential

19 Control Switch elements comm.
IPsec CMI communication CCP - EC CCP - SG CCP - RE EC - CDR manager EMS Internet/ Internet/ Intranet Intranet CDR EC CCP /SG RE IP Network I-Gate 4000 Pro I-Gate 4000 Veraz Networks Proprietary and Confidential

20 Voice - RTP SRTP IPsec IP Network
Veraz Networks Proprietary and Confidential

21 Management System Security
The Management System is the gate to the system… Veraz Networks Proprietary and Confidential

22 MS Architecture Management System Server WBM Client Management server
Database server Hi-Availability WBM Client Operating System independent Web browser Graphical User Interface Does not require installation PC with Web Browser (Client) PC with Web Browser (Client) PC with Web Browser (Client) WAN VerazView Server I-Gate 4000 I-Gate 4000 Control Switch elements Veraz Networks Proprietary and Confidential

23 Vulnerability Points Management System – Network Elements channel
Eavesdropping Information Theft MS Server Intrusion D.O.S. Masquerade Modification of Information MS WBM client and connection Internet/ Intranet SG IP Network I-Gate 4000 Control SW Mgmt. System Server - VerazView WBM client - - - Vulnerability at one of the VoIP elements can harm the entire IP Telephony network Veraz Networks Proprietary and Confidential

24 Access Control Prevent repetitive intrusion attempts
User ID and Password – much more than that ! Validity of user IDs Password generation Password validity rules Length Structure Time to Live Password History Forced password change Prevent repetitive intrusion attempts Inform the user of the previous login time User’s access levels Etc. etc… Veraz Networks Proprietary and Confidential

25 Security Administrator
Who are the active users ? Force Logout Suspend What are the users doing ? Veraz Networks Proprietary and Confidential

26 Web-Based Management All you need is a Web browser Low bandwidth
OS independent HW independent Can be shared with other applications Low bandwidth WBM – Openness and Vulnerability Mgmt. System WBM client SG SG Internet/ Internet/ Intranet Intranet IP Network IP Network Control SW Mgmt. System Server - VerazView I-Gate 4000 Veraz Networks Proprietary and Confidential - - -

27 WBM Encryption SSL – Secured Socket Layer
Provides encryption, authentication & integrity of data stream. Encryption of the Management Information SSL is the most popular method to secure Internet transport Used by Web browsers and servers The protocol that incorporates SSL and HTTP is HTTPS Powerful encryption method Internet/ Internet/ Intranet Intranet IP Telephony Internet/ network Intranet SSL Veraz Networks Proprietary and Confidential

28 Separating Internet Server from MS
To secure the IP Network from hackers: Internet Server separated from the MS Server MS Internet Server located in demilitarized zone (DMZ) MG WBM Mgmt Server Internet IP NETWORK Secured Protocol The Media Gateway Protection from hackers: Secured Protocol Firewall Control SW Control SW Veraz Networks Proprietary and Confidential

29 Disaster Recovery MS Servers at two remote locations RAID Array Disk
Web Client MS Servers at two remote locations RAID Array Disk No single point of failure Main Location Alternate Location Main Location Veraz Networks Proprietary and Confidential

30 Questions?

31 Yaron Oppenheim – Director
Veraz Networks Proprietary and Confidential

Download ppt "Veraz Networks Proprietary and Confidential"

Similar presentations

1 © 2004 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID The spoken words remain IP and Video Telephony Recording from TC & C Anthony.

1 © 2004 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID The spoken words remain IP and Video Telephony Recording from TC & C Anthony.
Computer Networks TCP/IP Protocol Suite.

Computer Networks TCP/IP Protocol Suite.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.

IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
International Telecommunication Union Plenary Session on ITU-T Standards 15th Biennial TDI International Conference – Las Vegas, Nevada, USA Total Conversation.

International Telecommunication Union Plenary Session on ITU-T Standards 15th Biennial TDI International Conference – Las Vegas, Nevada, USA Total Conversation.
Thema: Menü Ansicht, Master, Folien-Master 1 ITU - IP Telephony Workshop June 2000 9.5.2000 Standards for IP-telephony P.A.Probst, External Relations Swisscom.

Thema: Menü Ansicht, Master, Folien-Master 1 ITU - IP Telephony Workshop June Standards for IP-telephony P.A.Probst, External Relations Swisscom.
Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Ivan Gaboli, Virgilio Puglia.

Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Ivan Gaboli, Virgilio Puglia.
Communicating over the Network

Communicating over the Network
Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.

Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.
Network Security.

Network Security.
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Figure 7-1 Softswitch Components Signaling Gateway Feature Server Softswitch Universal Media Gateway SGCP SIP MGCP MGCP (Media Gateway Control Protocol)

Figure 7-1 Softswitch Components Signaling Gateway Feature Server Softswitch Universal Media Gateway SGCP SIP MGCP MGCP (Media Gateway Control Protocol)
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer 651.796.7043

SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Application Server Based on SoftSwitch

Application Server Based on SoftSwitch
Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.

Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Introduction to Computer Administration Introduction.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Introduction to Computer Administration Introduction.

Similar presentations

Ads by Google