Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)

Similar presentations


Presentation on theme: "Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)"— Presentation transcript:

1 Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP) security PacSec.JP/core04

2 © 2004 Nicolas FISCHBACH PacSec.JP/core04 2 Introduction » Voice over IP and IP telephony » Network convergence >Telephone and IT >PoE (Power over Ethernet) » Mobility and Roaming » Telco >Switched -> Packet (IP) >Closed world -> Open world » Vendors and Time to Market » Security and privacy >IPhreakers >VoIP vs 3G

3 © 2004 Nicolas FISCHBACH PacSec.JP/core04 3 Architecture : protocols » Signaling >User location >Session -Setup -Negotiation -Modification -Closing » Transport >Encoding, transport, etc.

4 © 2004 Nicolas FISCHBACH PacSec.JP/core04 4 Architecture : protocols » SIP >IETF /5061 (TLS) - “HTTP-like, all in one” >Proprietary extensions >Protocol becoming an architecture >“End-to-end” (between IP PBX) -Inter-AS MPLS VPNs -Transitive trust >IM extensions (SIMPLE) » H.323 >Protocol family >H.235 (security), Q.931+H.245 (management), RTP, CODECs, etc. >ASN.1

5 © 2004 Nicolas FISCHBACH PacSec.JP/core04 5 Architecture : protocols » RTP (Real Time Protocol) >5004/udp >RTCP >No QoS/bandwidth management >Packet reordering >CODECs -old: G.711 (PSTN/POTS - 64Kb/s) -current: G.729 (8Kb/s)

6 © 2004 Nicolas FISCHBACH PacSec.JP/core04 6 Architecture : network » LAN >Ethernet (routers and switches) >xDSL/cable/WiFi >VLANs (data/voice+signaling) » WAN >Internet >VPN -Leased line -MPLS

7 © 2004 Nicolas FISCHBACH PacSec.JP/core04 7 Architecture : network » QoS (Quality of service) >Bandwidth >Latency ( ms) and Jitter (<<150ms) >Packet loss (1-3%)

8 © 2004 Nicolas FISCHBACH PacSec.JP/core04 8 Architecture : systems » Systems >SIP Proxy >Call Manager/IP PBX -User management and reporting (HTTP, etc) -Off-path with IP >H.323: GK (GateKeeper) >Authentication server (Radius) >Billing servers (CDR/billing) >DNS, TFTP, DHCP servers

9 © 2004 Nicolas FISCHBACH PacSec.JP/core04 9 Architecture : systems » Voice Gateway (IP-PSTN) >Gateway Control Protocols >Signaling: SS7 interface -Media Gateway Controller.Controls the MG (Megaco/H.248).SIP interface -Signaling Gateway.Interface between MGC and SS7.MxUA, SCTP - ISUP, Q.931 >Transport -Media Gateway: audio conversion

10 © 2004 Nicolas FISCHBACH PacSec.JP/core04 10 Architecture : firewall/VPN » Firewall >“Non-stateful” filtering >“Stateful” filtering >Application layer filtering (ALGs) >NAT / “firewall piercing” -(H.323 : 2xTCP, 4x dynamic UDP ,1720) -(SIP : 5060/udp) » Encrypted VPN >SSL/TLS >IPsec >Where to encrypt (LAN-LAN, phone-phone, etc) ? » Impact on QoS » What is IPv6 going to change ?

11 © 2004 Nicolas FISCHBACH PacSec.JP/core04 11 Architecture : phones » IP phones >Softphone or Hardphone ? >“Toaster” -Updates/patches -Intelligence >Intelligence removed from the network and put on the end device >Flows between the phone and other systems -SIP -RTP -(T)FTP -CRL -etc.

12 © 2004 Nicolas FISCHBACH PacSec.JP/core04 12 Architecture : example internet LAN IP VPN (MPLS) PSTN SIP POTS SIP IP PBX VGW GSM IP PBX SIP voice signaling

13 © 2004 Nicolas FISCHBACH PacSec.JP/core04 13 Other phone networks » POTS/PSTN [TDM] » “Wireless”/DECT phone » GSM » Satellite » Signaling (SS7)

14 © 2004 Nicolas FISCHBACH PacSec.JP/core04 14 Attacks » IPhreakers >IP knowledge >Known weaknesses >Evolution 2600Hz -> voic /int’l GWs -> IP telephony >Internal or external threat ? >Targets: home user, enterprise, government, etc ? » Protocol implementations >PROTOS » The human element

15 © 2004 Nicolas FISCHBACH PacSec.JP/core04 15 Attacks : denial of service » Denial of service >Network >Protocol (SIP INVITE) >Systems / Applications >Phone » Availability (BC/DR) >Requires: power >Alternatives (Business Continuity/Disaster Recovery) ? >E911 (laws and technical aspect) >GSM >PSTN-to-GSM

16 © 2004 Nicolas FISCHBACH PacSec.JP/core04 16 Attacks : fraud » Call-ID spoofing » User rights takeover >Fake authentication server » Effects >Access to voic >Value added numbers >Social engineering >Replay

17 © 2004 Nicolas FISCHBACH PacSec.JP/core04 17 Attacks: interception » Interception >Discussion >“Who talks with who” -Network sniffing -Servers (SIP, CDR, etc) » LAN >Physical access to the LAN >ARP attacks >Unauthenticated devices (phones and servers) >Different layers (MAC address, user, physical port, etc)

18 © 2004 Nicolas FISCHBACH PacSec.JP/core04 18 Attack: interception » Where to intercept ? >Where is the user located ? >Networks crossed ? » Lawful Intercept >CALEA >ETSI standard >Architecture and risks

19 © 2004 Nicolas FISCHBACH PacSec.JP/core04 19 Attacks : systems » Systems >Mostly none is hardened by default >Worms, exploits, Trojan horses

20 © 2004 Nicolas FISCHBACH PacSec.JP/core04 20 Attacks : phone » (S)IP phone >Startup -DHCP, TFTP, etc. >Physical access -Hidden configuration tabs >TCP/IP stacks >Firmware/configuration >Trojan horse/rootkit

21 © 2004 Nicolas FISCHBACH PacSec.JP/core04 21 Defense » Signaling: SIP >Secure SIP vs SS7 (physical security) » Transport: Secure RTP (with MiKEY) » Network: QoS [LLQ] (and rate-limit) » Firewall: application level filtering » Phone: signed firmware » Identification: TLS >Clients by the server >Servers by the client » 3P: project, security processes and policies

22 © 2004 Nicolas FISCHBACH PacSec.JP/core04 22 Conclusion » Conclusion » Other presentations >Backbone and Infrastructure Security -http://www.securite.org/presentations/secip/ >(Distributed) Denial of Service -http://www.securite.org/presentations/ddos/ » Q&A Image:


Download ppt "Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)"

Similar presentations


Ads by Google