Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Published byFernando Sermon Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University."— Presentation transcript:

1 Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University

2 What is VoIP? VoIP (Voice over Internet Protocol), VoIP (Voice over Internet Protocol), sometimes referred to as Internet telephony, is a method of digitizing voice, encapsulating the digitized voice into packets and transmitting those packets over a packet switched IP network.

3 VoIP enables people to use the Internet as the transmission medium for telephone calls. For users who have free, or fixed-price, Internet access, Internet telephony software essentially provides free telephone calls anywhere in the world. To date, however, Internet telephony does not offer the same quality (easy target of security attacks) of telephone service as direct telephone connections. Overview of VoIP(1)

4 Overview of VoIP(2) VoIP: yet another Internet service (Telephone, Radio, Video) over IP Services: email/web/calendar integration, emergency services, call scheduling, Interactive Voice Response (IVR), instant messaging, personal mobility…

5 VoIP Protocols Most implementations use H.323 protocol – Same protocol that is used for IP video. – Uses TCP for call setup – Traffic is actually carried on RTP (Real Time Protocol) which runs on top of UDP. SIP defines a distributed architecture for creating multimedia applications, including VoIP VoIP = Transport + QoS + Signaling Transport : RTP QoS : RTCP (Real-Time Transport Protocol) Signaling: H.323, SIP, MGCP/Megaco

6 Internet telephony protocol stack

7 H.323 Signaling and Media Channels H.225.0/RAS Channel RAS(Registration, Admission & Status) control between Endpoints (terminals, gateways, MCUs) and its Gatekeeper H.225.0 Call Signaling Channel Call remote endpoint Establish H.245 address H.245 Control Channel Open control channel; Terminal capability negotiation Open/close logical channels Establish UDP ports for A/V RTP/RTCP Logical Channels for Media Stream Carry media (audio, video, data, etc.) data within logical channels

8 H.323 VoIP Components H.323 defines four logical components Terminals, Terminals, Gateways, Gateways, Gatekeepers and Gatekeepers and Multipoint Control Units (MCUs). Multipoint Control Units (MCUs). Terminals, gateways and MCUs are known as endpoints.

9 Call Control Call Setup Media Exchange Call Signaling (RAS) Call Processing PSTN IP telephony Public Switched Telephone Network Gateway IP PBX

10

11 VoIP requires…. HandsetsSoftphonesGatewaysGatekeepers Conference Bridge IP PBX H.323, SIP, MGCP/Megaco

12 SOFTPHONES IP PBX PSTN GATEWAY MCU PSTN Gatekeeper VoIP requires….(Cont.)

13

14 Security Threats and Defense Mechanisms Denial-of-service (DOS) - Separation of the voice and data segments using VPNs Call interception (Invasion of privacy) - Encrypt VOIP traffic where possible - Lawful interception

15 Call Interception - Example

16 Security Threats and Defense Mechanisms(2) Theft of service (Traditional fraud) - Getting free service or free features - Use strong authentication - Call-processing Manager will not allow unknown phones to be configured Signal protocol tampering -capture the packets that set up the call. -user could manipulate fields in the data stream and make VOIP calls without using a VOIP phone.

17 Other Security Threats and Defense Mechanisms  Masquerading/Man-in-the-middle attacks  Endpoint authentication  Spoofing/connection hijacking  User/message authentication and integrity  Message manipulation  Message authentication  Virus and Trojan-horse applications -Host based virus scanning  Repudiation - Call-processing manager

18 Scope of H.235 AV applications Terminal control and management RTCP H.225.0 Terminal To GK Signaling (RAS) H.225.0 Call Signaling (Q.931) H.245 Call Control Transport Security (TLS) Audio G.xxx Video H.26x Encryption Auth.RTP Unreliable Transport/UDP, IPX Reliable Trans./TCP Network Layer/IP, Network Security/IPsec Link Layer Physical Layer

19 Challenges for IP Telephony NAT/Firewall Traversal Problem NAT= Network Address translation IP Telephony uses UDP as transmission protocol IP Telephony uses dynamic port address For these protocols to pass the firewall, the specific static and the range of dynamic ports must be opened for all traffic. IP addresses are embedded in the payload NAT only handles outgoing connections

20 NAT/Firewall Traversal Issue X Signaling & Control In-bound Media and RTP Out-bound Media Capabilities and RTP Transient Ports

21 Firewall/NAT Solutions (1) Proxies (Multimedia Gateway) Proxies (Multimedia Gateway) - Designed to handle real-time communications Gateways Gateways - Converts from IP to PSTN voice - Converts from IP to PSTN voice Application Level Gateways (ALG) - Firewalls programmed to understand IP Protocols Demilitarized Zone (DMZ) - Overcomes problem by placing a MCU

22 Multimedia Gateway (Proxy)

23 Virtual Private Network (VPN) A secure connection between two points across the Internet Tunneling The process by which VPNs transfer information by encapsulating traffic in IP packets and sending the packets over the Internet Firewall/NAT Solutions (2)

24

25 Conclusion VoIP just adds - more assets, more threat locations, more vulnerabilities – to the data network, because of new equipment, protocols, and processes on the data network To increase security and performance it’s recommended to use VPNs to separate VoIP from data traffic. Instead of using VPN segmentation, users may consider using a multimedia gateway or reverse proxy.

Download ppt "Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University."

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
VoIP PRESENTATION BY HÜSEYİN SAVRAN 220702044. OUTLINE PSTN an brief history of telephone.

VoIP PRESENTATION BY HÜSEYİN SAVRAN OUTLINE PSTN an brief history of telephone.
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Microsoft ISA Server H.323 Gateway and Gatekeeper Overview of IP Telephony, H.323, and ISA Server H.323 Support.

Microsoft ISA Server H.323 Gateway and Gatekeeper Overview of IP Telephony, H.323, and ISA Server H.323 Support.
H. 323 Chapter 4.

H. 323 Chapter 4.
A Presentation on H.323 Deepak Bote. Email, IM, blog…

A Presentation on H.323 Deepak Bote. , IM, blog…
Speaker: Yi-Lei Chang Advisor: Dr. Kai-Wei Ke 2012/11/28 H.323 Packet-based multimedia communications systems 1.

Speaker: Yi-Lei Chang Advisor: Dr. Kai-Wei Ke 2012/11/28 H.323 Packet-based multimedia communications systems 1.
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
H.323 Recommended by ITU-T for implementing packet-based multimedia conferencing over LAN that cannot guarantee QoS. Specifying protocols, methods and.

H.323 Recommended by ITU-T for implementing packet-based multimedia conferencing over LAN that cannot guarantee QoS. Specifying protocols, methods and.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Voice over IP Fundamentals

Voice over IP Fundamentals
© 2004, NexTone Communications. All rights reserved. Introduction to H.323.

© 2004, NexTone Communications. All rights reserved. Introduction to H.323.
Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H.323 4. Terminal.

Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H Terminal.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.

24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.
VoIP EE 548 Ashish Kapoor. Characteristics – Centralized and Distributed Control H.323 pushes call control functionality to the endpoint, while still.

VoIP EE 548 Ashish Kapoor. Characteristics – Centralized and Distributed Control H.323 pushes call control functionality to the endpoint, while still.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Similar presentations

Ads by Google