3Review: What are our goals in Security? The “CIA” of securityConfidentialityIntegrityAvailability(authentication)(nonrepudiation)
4Computer Security Operational Model Protection =Prevention+ (Detection + Response)Access ControlsEncryptionFirewallsIntrusion DetectionIncident HandlingTextbook uses Prevention, Detection and Remediation
5Is an ROI from Security Possible? Security as an ROIImproved Security ROISecurity that provides savings in the budgetSecurity that provides additional revenue
6Switching Systems - Manual Early telephone switchboards used flexible lines with plugs on each end to connect two jacks.To make a connection:The operator picked up a cord and plugged it into the jack for the person making the callThe operator obtained the name or number from the caller for who they wanted to connect toThe operator then plugged the other end of the cord into the correct jack to complete the connection.The plug had a couple parts referred to as the “tip” and “ring”, terms later used to denote the different wires in a pair of phone wires (the “tip” wire was connected to the tip of the plug, the “ring” to the ring)
13Why are no men/young men working the switchboards? From “Information Warfare and Security” by Dorothy Denning, pg. 44:“In 1878 – long before the invention of digital computers – AT&T hired teenage boys to answer switchboards and handle office chores. It did not take long, however, before the company realized that putting boys in charge of the phone system was like putting a rabbit in charge of the lettuce. Bell’s chief engineer characterized them as ‘Wild Indians.’ In addition to being rude to customers and taking time off without permission, the boys played pranks with switchboard plugs. They disconnected calls and crossed lines so that people found themselves talking to strangers. A similar phenomenon took place in the United Kingdom. A British commentator remarked, ‘No doubt boys in their teens found the work not a little irksome, and it is also highly probable that under the early conditions of employment the adventurous and inquisitive spirits of which the average healthy boy of that age is possessed, were not always conducive to the best attention being given to the wants of the telephone subscribers.’”
14Tip and Ring Newton’s Telecom Dictionary Telephone terminologyOld fashioned way of saying “plus” and “minus” or ground and positive in electrical circuitsDerive their names from the operator’s cordboard plugThe tip wire was connected to the tip of the plugThe ring wire was connected to the slip ring around the jackToday, tip refers to the first wire in a pair of phone wires, ring is the second wire. Together they constitute the circuit that carries speech or data.
16Switching Systems – Step-by-step The Step-by-step (or Strowger, the name of the undertaker who invented the switch) switch connects pairs of telephone wires by progressive step-by-step operation of a series of switches.Replaced the manual switchboardRequired frequent maintenance and generated large amounts of electrical and mechanical noise
17Almon B. Strowger – the legend Strowger moved into telephony from the undertaking business because, as the near-legend has it, he was convinced that some local telephone operators, their power over him having gone to their heads, were deliberately giving wrong numbers and busy signal reports to his customers in order to drive him out of business. Strowger determined to find a way to rid the world of those pesky operators, once and for all.The first Strowger office could serve only 99 telephones, used buttons instead of a dial and each telephone needed a strong battery and five wires to connect it to the central office. During the next few years, however, these and other problems were solved. In 1896 the first system, this time using a dial, was built by the Automatic Electric Company of Chicago, based on Strowger's patents. It went into operation at the City Hall in Milwaukee, Wisconsin.From
19Switching Systems – Crossbar Works on principle of Common ControlA method of switching in which the control equipment is responsible for routing calls through the network (as opposed to step device responsible only for the next step in the connection).Depends on a crossing or intersection of two points to make a connection. The switching matrix, or crosspoint array, depends on energizing a vertical line and a horizontal line and the point where they intersect represents the connection made.
21Switching - Electronic The next evolutionary step in switching technology was the electronic switching system (ESS).Early electronic switches were still analog (the “reed switch”), now replaced with digital switches.Use stored program control as the next step to common control. Systems are much more fault tolerant.Tremendous increase in speed of switching with the new digital switches.
22Private Branch Exchange (PBX) A privately owned (usually scaled-down) switching system for a company.A phone company central office was originally referred to as a public exchange thus a PBX is just a small version of the phone company’s larger central switching office.May also be called a Private Automatic Branch Exchange (PABX)Original PBX’s were manual, then systems introduced without the need for an operator – you would simply dial a ‘9’ for an outside line. Thus the term automatic was added to PBX. Today this distinction is obsolete.
23Transmission Two broad categories of transmission media: ConductedCopper wire, coax, fiber opticRadiatedMicrowave, satelliteNumerous considerations when discussing transmission media:Distance a signal will travel on a media, speed, requirement of line of sight, delay, susceptibility to interference/noise, cost, reliability, and of course, security
24Transmission Media (cont.) Conducted MediaCopper WireTwisted pairCoaxial CableFiber OpticsRadiated MediaMicrowaveSatellite
25Encoding and DecodingSince voice is inherently analog, there is a conversion process that must take place to change the signal from analog to digital (and back).Pulse Code Modulation (PCM) is the most common method of encoding an analog voice signal into a digital bit stream.The amplitude is first sampled and then coded (quantized), and then converted into a binary number.Based on Nyquist theorem, sampling should be at a rate twice the highest frequency on the channel to be effective.Thus, since highest frequency on voice channel is 4kHz, sampling should be done 8,000 times per second.
27Encoding and DecodingSampling – records the voltage level in time intervals along an analog wave.Quantizing – rounding to the nearest discrete valueEncoding – Converting the numeric amplitude voltage levels into binary 8-bit codeDecoding – Converting the 8-bit code into the voltage levelReconstruction – reproduces the original analog wave from the voltage levelsFiltering – strips noise out.
28MultiplexingThe process of combining many signals into one composite signal – thus several calls can be transmitted at once over a single line.Three types of multiplexing in useFrequency Division Multiplexing (FDM)Time Division Multiplexing (TDM)Statistical Time Division Multiplexing (STDM)
29FDM Frequency Division Multiplexing The oldest method of multiplexing Limited to analog transmissionsPossible when useful bandwidth exceeds the required bandwidth of signals to be transmittedSplits bandwidth into multiple smaller pieces of bandwidth.e.g. 14,400 Hz can be divided into 6 channels of 2,400 HZ
30TDM Time Division Multiplexing Can be used to transmit digital signals Uses time not frequency to achieve greater utilization of lineAllocates a time slot for each device on the line transmittingSimilar to timesharing in an operating system
31FDM –vs- TDM Data and Computer Communications by Stallings, p. 186
32STDM Statistical Time division multiplexing Variation of TDM Also known as asynchronous TDM and intelligent TDMVariation of TDMIn TDM, if time slot not used, it is idle and wastedSTDM assigns time slots dynamically, if time slot for one device is idle it can be used for anotherRequires address information to assure proper delivery
33Some other ”phun phone sounds” Call TracePlease Deposit…Quarter tone2600 tone
342600 Hz tone“Until the late 1960’s, America’s telephone network was run 100% by AT&T and used 100% in-band signaling, whereby the circuit you talked over was the circuit used for signaling. For in-band signaling to work there needs to be a way to figure when a channel is NOT being used. You can’t have nothing on the line, because that “nothing” might be a pause in the conversation. So, in the old days, AT&T put a tone on its vacant long distance lines, those between its switching offices. That tone was 2600 Hertz. If its switching offices heard a 2600 Hz, it knew that that line was not being used.”From Newton’s Telecom Dictionary, 15th ed
35Blue Boxes“Blue boxes are nothing more then a device to generate pairs of tones, and a single 2600 Hz tone. They had 12 keys, plus a single button (or a key). Each key was numbered 0 - 9, and had a "KP" key and "ST"key. The button emitted a pure 2600 Hz tone. A toll free number is dialed, and just as the number is ringing, the 2600 Hz tone is sent to clear or "Blow off" the call. A "Ker-chink" sound is heard, which is the switch signaling back indicating its ready to receive the tones. A "KP" is sent, followed by the 10 digit number, and ending with an "ST" tone. Call goes through, and the only indication was that an 800 number was dialed. This was how it was done more than 15 years ago. Since then, all of the American and Canadian phone companies have all but ditched this older "in-band" signaling equipment.”From:
36Voice Over Network Newton’s Telecom Dictionary Several potential benefits to moving voice over a data networkYou may save some moneyYou may achieve some benefits of managing a voice and data network as one networkIf you have IP phones, moves, adds, and changes will be easier and cheaperAdded, and integrated, new services includingIntegrated messagingBandwidth on demandVoice s
37intranet, Internet, VPNs IP Telephony OverviewH.323 ArchitectureRouterMCUGatekeeperGatekeeperPacket-switchedIP Networkintranet, Internet, VPNsH.323 TerminalEthernet PhoneEthernet PhoneH.323 TerminalGatewayMCU – Multipoint control unit, used in support of multipoint communicationGatekeeper – provides terminal and gateway registration, address resolution, bandwidth control, etc…RouterGatewayPBX-std. PhonePBXStandard PhonePBXCircuit-switchedNetworksPSTN, ISDN, wirelessFrom: “Security Requirements and Constraints of VoIP” by Mika Marjalaakso
38H.323 ComponentsTerminal – a terminal, or a client, is an endpoint where H.323 data streams and signaling originate and terminate. It may be a multimedia PC with a H.323 compliant stack or a standalone device such as a USB (universal serial bus) IP telephone. A terminal must support audio communication; video and data communication support is optional.Gateway – a gateway is an optional component in a H.323-enabled network. When communication is required between different networks a gateway is needed at the interface. It provides data format translation, control signaling translation, audio and video codec translation, and call setup and termination functionality on both sides of the network.
39H.323 Components (cont.)Gatekeeper – a gatekeeper is a very useful, but optional, component of an H.323-enabled network. Gatekeepers are needed to ensure reliable, commercially feasible communications. When a gatekeeper exists all endpoints (terminals, gateways, and MCUs) must be registered with it.A gatekeeper provides several services to all endpoints in its zone. These services include:Address translationAdmission and access control of endpointsBandwidth managementRouting capability
40H.323 Components (cont.)MCU – a multipoint control unit (MCU) enables conferencing between three or more endpoints. Although the MCU is a separate logical unit it may be combined into a terminal, gateway, or gatekeeper. The MCU is an optional component of an H.323-enabled network. The multipoint controller provides a centralized location for multipoint call setup. Call and control signaling are routed through the MC so that endpoints capabilities can be determined and communication parameters negotiated.
41H.323 for IP Telephony Standards for IP Telephony Video Audio Control From: IP Telephony, by Goralski & KolonVideoAudioControlDataUnreliable Transport (UDP)Reliable Transport (TCP)H.261H.263(videoCoding)G.711G.722G.723G.728G.729RTPRTCPH.225Terminal togatekeepersignalingCallH.245T.120(Multipointdata transfer)
42H.225 and H.245 H.225 performs the signaling for call control uses H.245 to establish and terminate individual logical channels for communicationFive phases of signaling processCall setupInitial communications and capability exchangeEstablishment of audiovisual communicationCall servicesCall termination
43Convergence & VoIPApril 03, 2000, Issue: 807,Cisco Pushes VoIP To The Fore –Merrill Lynch, TI seek cost savings in new convergence productsCHUCK MOOZAKISCisco last week beefed up its voice and data convergence arsenal with new enterprise-oriented voice-over-IP products.The new hardware and software, bundled under Cisco's Architecture for Voice, Video and Integrated Data (AVVID) nameplate, is an outgrowth of Cisco's plans to mesh its voice and data products under a single architecture.Both Merrill Lynch and Texas Instruments Inc. have been testing various components of AVVID for the past several months."There are clear advantages to be gained in deploying this platform," said Don McFarlane, system architect at Merrill Lynch."We expect costs to be reduced as we deploy unified messaging and have a uniform troubleshooting capability" for administering a single voice and data conduit, he said.Texas Instruments is using VoIP to link its overseas offices to trim telecommunications costs. The company is also using Cisco VoIP products as part of a trial with Expand Networks Inc. to push VoIP traffic over connections linking TI offices in Texas with remote facilities maintained by the company in Mexico.
44VoIP (cont.)Among the products rolled out by Cisco were enhanced call processing management software, second-generation IP phones, more advanced support of VoIP in its Catalyst 6000 line of switches, as well as a new media serversupporting converged voice/data networks.The products will be available later this spring. Among the new products: the and 7960 IP phones are priced from $145 to $495; the Cisco MCS server, an NT platform that supports transmission of voice, video and data across Ciscoswitches and routers, is priced at $14,995.CallManager software, which runs on the server, is offered free to existing customers and is preinstalled on the MCS server. The latest version of the software, compatible with Windows 2000, is capable of handling up to 100,000users in a cluster made up of up to five media servers."Cisco's move is a further endorsement of IP telephony within the enterprise,“ said analyst Tere Bracco of Current Analysis."With a player like Cisco aiming products at large companies, it's telling IT managers that VoIP isn't a toy anymore; it's an inducement for businesses to take a look at this technology.What Will Drive VoIP?Still, Bracco said convergence isn't necessarily what will drive enterprises to sample VoIP."It's the management that will drive deployment," she said. "Managing these IP devices is much simpler and can help a company save a lot of money for moves, adds and changes."
46Why Converge?$ SavingsEliminate long distance toll chargesEliminate duplicate infrastructuresIncreased competition in the industryEnhancement of current applications and development of new applicationsCollaborative toolsThe industry has been heading there for a while now anyway…
47Communication Networks Switched Networks – data transferred through series of intermediate nodesCircuit-switched networksPacket-switched networksBroadcast networks – no intermediate switching nodes, each station communicates over a shared mediumPacket radio networksSatellite networksLocal networksE.g. bus or ring
48Circuit SwitchingBasic premise is that an uninterrupted connection exists between the endpointsConstant bandwidth dedicated to this sessionResources for this session reserved for the entire duration of the callBlocking is possible as a circuit may not be availableInitial connection requires considerable work but once established, minimal to maintain itThe PSTN is a circuit switched network“Addressing” is geographically based
49Packet Switching Data network is a packet switched network Designed for “bursty” trafficNormal data traffic not as sensitive to delaysVoice highly sensitive to delaysIn packet switched network, data is fragmented into discrete units (packets)Each packet contains information about its source and destinationA complete message may consist of 1000’s of packetsPackets may actually take different routes and may arrive out of order, or not at allPacket switched networks do not reserve bandwidth for each connectionAddressing is organizationally based
50Circuit –vs– Packet Switching Call request signalPkt 1Pkt 2Pkt 1Time spentHunting forAn outgoingtrunkPkt 3Pkt 2Pkt 1TimePkt 3Pkt 2Pkt 3dataABtrunkBCtrunkCDtrunkA B C DA B C D
51Circuit –vs– Packet Switching Circuit Switching Packet SwitchingDedicated Bandwidth Yes NoQuality of ServiceVoice Quality Toll-quality Non-toll-qualityDelay Latency Minimal VariableUtilization Level Poor HighEconomics of Utilization Low HighCall management features Numerous Few
52Analog –vs– Digital Signaling At one point, the entire voice session utilized analog signaling, today it is only analog at the endpoints.Analog voice signal now converted to digital for transmissionDigital transmissions preferred over AnalogDigital equipment cheaper to produceDigital signals provide higher quality communicationDigital less susceptible to ‘noise’Digital signals easy to compress to reduce required bandwidthThus – digital transmission facilities developed for PSTN to take advantage of these benefits: The T-Carrier system is born!!
55The T1-CarrierCH 18 bitsCH 2CH 3CH 4CH 5CH 6CH 7CH 24The U.S. T1-Carrier system can handle 24 digitized voice channels multiplexed together.A voice channel of 4-kHz must be sampled at an 8-kHz rate to render clear representation with one sample thus taken every 125 microseconds.With 193 bits (8*24channels plus 1 framing bit) taken every 125 microseconds, the data rate is 1,544,000 bits/second, or megabits/second.This can be used for voice, or…
56Integrated Services Digital Network (ISDN) Telephone industry has gathered statistics for years on average length of call, average number of calls, etc. to be able to design a network that can handle the load.With the introduction of calls made for computer connections, their statistics went out the window – avg. length, for example, no longer applied.In an attempt to provide large-scale digital services, ISDN was introduced but with the 64Kbps rates, which at first seemed impressive, the need to use ISDN instead of the normal PSTN diminished. Instead an even higher speed method was desired.Digital Subscriber Lines (DSL) was an answer.Uses the same twisted-pair telephone wires that currently exist but utilizes the higher frequencies not used in voice band thus enabling both voice and data on the same medium.Asymmetric DSL (ADSL) takes advantage of the fact that the majority of traffic is downstream not upstream and provides greater downstream data rates.
57CATVWhile all of the digital fun was going on in the PSTN, a new element was introduced to the picture, Community Antenna Television (CATV)Originally designed to carry one-way video signals, with the addition of an upstream return channel voice and data communication was possible.Analog head-ends replaced with digital devicesCoax trunks replaced with fiberWhile voice is not generally available (a connection to the PSTN is necessary), data communication across cable has become an increasingly popular option.
58Computer Telephony Integration (CTI) The SW and HW elements that allow a computer to manage telephone calls and integrate additional features beyond those offered by the PBX, is known as CTI.Popular in the SOHO environmentOne of the earliest applications was hotel-motel hospitality package (toll charge tracking, voice mail, housekeeping functions)Unified messaging (a single GUI for fax, voice mail, and )Additional and more sophisticated applications constantly being developed.
59ReviewSo, what factors have facilitated the move toward converged networks?Digitization of PSTNRise of digital networksCompetition from other industries such as CATVIncreased integration of computers and telephonyTechnology advances which make things such as VoIP economically feasible.
60Sample network and Security InternetAttackInternet
61A Better Picture of the network and the potential threats Back DoorAttackInternetAttackPSTNInternetUser ConnectedModem
62And what else could possibly happen next? VoIPBack DoorAttackInternetAttackPSTNInternetWirelessUser ConnectedModem
63Summary What is the Importance and Significance of this material? How does this topic fit into the subject of “Voice and Data Security”?