Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOURCE BOSTON 2008 Copyright 2008, James M. Atkinson.

Published byVeronica Figures Modified over 9 years ago

Similar presentations

Presentation on theme: "SOURCE BOSTON 2008 Copyright 2008, James M. Atkinson."— Presentation transcript:

1 SOURCE BOSTON 2008 Copyright 2008, James M. Atkinson

2 Telephone Defenses Against the Dark Arts James M. Atkinson Granite Island Group www.tscm.com

3 Telephone Vulnerability Basics 1. Instrument 2. Local Distribution 3. Local Switch 4. Demarcation/Network Interface 5. Transmission 6. Switching

4 Instrument Vulnerabilities 1.Speaker of Microphone Exploit 2.Installation of Foreign Device 3.Hookswitch Manipulation 4.Software/Firmware Exploits 5.Normal Operation Exploits 6.Moderate Protection, Easy to Subvert

5 Local Distribution Vulnerabilities 1.Wall Plates 2.Raw Wiring 3.Cross Connection Points 4.Normally Not Protected or Supervised

6 Local Switch Vulnerabilities 1.Cross Connections Points 2.Switch Inputs/Outputs 3.Switch/PCM Backplane 4.Parallel Channels 5.Switch Software/Firmware Exploits 6.May or May Not Be Protected

7 Demarcation/Network Interface Vulnerabilities 1.Ripe for Exploitation 2.Poorly Protected 3.Generally Accessible 4.Target Specific 5.Significant Choke Point

8 Local Transmission Network Vulnerabilities 1.Post Demarcation/NID 2.Before Switch 3.Easy to Isolate Single Subscriber 4.Open Terminals and Boots 5.Not Protected, Wide Open

9 Switching Vulnerabilities 1.Central Office 2.Used to Be Huge Buildings 3.Modern Small Scale Switching 4.Post 9-11 Logo Removals 5.High Value OVERT Choke Point CALEA and.gov targeting CALEA and.gov targeting 6.Usually Highly Protected

10 Transmission Network Vulnerabilities 1.Mostly Single Mode Fiber Optics 2.Accessible Pubic Pathways 3.Usually Well Marked 4.High Value COVERT Choke Point 5.Cable Vaults on Alarms 6.“Supervised” Against Breakage

11 Telephonic Integration Voice over IP Voice over IP Cable ModemsCable Modems Other Broadband ServicesOther Broadband Services ISDN ISDN Fiber Optic Internet Service Fiber Optic Internet Service EVDO EVDO Other Wireless Services Other Wireless Services

12 The Realistic Threat RF Device RF Device Hard Wired Recorder Hard Wired Recorder Wireless Intercept Wireless Intercept Software Manipulation Software Manipulation Other Methods Other Methods

13 Essential Tasks Conductor Inventory Conductor Inventory Pathway Mapping Pathway Mapping Known Electronic Metrics Known Electronic Metrics Re-Testing Against MetricRe-Testing Against Metric Open TestingOpen Testing Physical Inspection Physical Inspection

14 Auditing Telephone Instruments What Kind of Phones What Kind of Phones “Soft Under-Belly” “Soft Under-Belly” What Should It Normally Do What Should It Normally Do Is It a Risk?Is It a Risk? Is It a Threat?Is It a Threat? Hostile Manipulation?Hostile Manipulation? Feature, Hazard, or Risk?

15 Auditing Wiring What Wire is in the Walls? What Wire is in the Walls? What Wire is in the Ceiling? What Wire is in the Ceiling? Wall Plates? Wall Plates? Termination Points Termination Points Junction Points/Punch Blocks Junction Points/Punch Blocks

16 Auditing Wiring Conductor Maps Conductor Maps Signal PathwaysSignal Pathways Pair CombinationsPair Combinations Industry Standard Pin-OutsIndustry Standard Pin-Outs Color Codes?Color Codes? Conductor LengthConductor Length Fractions of an Inch Accuracy Fractions of an Inch Accuracy Non Linear Junction CombinationsNon Linear Junction Combinations

17 Auditing Transmission Paths Map Out Every Map Out Every CableCable ConductorConductor WireWire Fortuitous PathwayFortuitous Pathway Location Must Be Within InchesLocation Must Be Within Inches

18 Auditing Switching Systems What is a the Default Generic? What is a the Default Generic? Actual Translation?Actual Translation? What is Different?What is Different? Is it Safe?Is it Safe? Always Reduce to Hardcopy Form Always Reduce to Hardcopy Form

19 Auditing Secure Communications Systems Tampering with Actual Instrument Tampering with Actual Instrument Tampering with: Tampering with: Uncontrolled AccessoriesUncontrolled Accessories Handsets, Cords Cables Handsets, Cords Cables Power Supplies Power Supplies Low Bandwidth (300 Hz) Filter Bypass Low Bandwidth (300 Hz) Filter Bypass Proximity to RF Emitters Proximity to RF Emitters

20 Prior Penetrations, Hacks, and Attacks. Common Manipulations Common Manipulations Raw Hacking/Manipulations Raw Hacking/Manipulations Naked Attacks Naked Attacks Appropriate Counter Measures Appropriate Counter Measures

21 VOIP Attacks Extremely High Risk Extremely High Risk Rarely Utilize Hook SwitchRarely Utilize Hook Switch Open MicrophoneOpen Microphone Firmware Can Be Remotely UpdatedFirmware Can Be Remotely Updated Network Provides a Serious Choke PointNetwork Provides a Serious Choke Point

22 Mechanisms to Detect and Defeat VOIP Attacks and Exploits Detection Detection Unregistered IP Address on VOIP NWUnregistered IP Address on VOIP NW Non-VOIP Asset on VOIP NetworkNon-VOIP Asset on VOIP Network Hub, not Switch Being UsedHub, not Switch Being Used Machine Being Used On BackboneMachine Being Used On Backbone Classic Man-in-the-Middle Exploit Classic Man-in-the-Middle Exploit Suspect Data Traffic on an Unused VOIP Phone LineSuspect Data Traffic on an Unused VOIP Phone Line

23 Methods to Secure VOIP Systems Utilize Smart Switches Utilize Smart Switches Keep VOIP Terminals on Dedicated Networks and Gateways Keep VOIP Terminals on Dedicated Networks and Gateways Do Not Integrate in Data Networks Do Not Integrate in Data Networks Lockdown Instrument Firmware Lockdown Instrument Firmware Disallow Firmware UpdatesDisallow Firmware Updates

24 Cardinal Rule Convenience and Privacy are Inversely Proportional™

25 Questions? Thank You

26 Telephone Defenses Against the Dark Arts James M. Atkinson Granite Island Group www.tscm.com

Download ppt "SOURCE BOSTON 2008 Copyright 2008, James M. Atkinson."

Similar presentations

Intermediate 2 Computing

Intermediate 2 Computing
Presented by: Eng. Karam Al-sofy

Presented by: Eng. Karam Al-sofy
1 Telephone Connection. 2 Introduction The section instructs you on how to install a required phone line to every receiver.

1 Telephone Connection. 2 Introduction The section instructs you on how to install a required phone line to every receiver.
M A Wajid Tanveer http://www.IctDirector.com Infrastructure M A Wajid Tanveer http://www.IctDirector.com.

M A Wajid Tanveer Infrastructure M A Wajid Tanveer
Networks & Components Discuss the components required for successful communications Explain the purpose of communications software Identify various sending.

Networks & Components Discuss the components required for successful communications Explain the purpose of communications software Identify various sending.
Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Information Technology Foundations-BIT 112 TECHNOLOGY GUIDE FOUR Basics of Telecommunications and Networks.

Information Technology Foundations-BIT 112 TECHNOLOGY GUIDE FOUR Basics of Telecommunications and Networks.
The Remote Workplace Designing, deploying, and supporting the remote workplace environment Presented by: John Milhoan Information Technology Cooperative,

The Remote Workplace Designing, deploying, and supporting the remote workplace environment Presented by: John Milhoan Information Technology Cooperative,
(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.

(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER SEVEN NETWORKS: MOBILE BUSINESS CHAPTER SEVEN NETWORKS:

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER SEVEN NETWORKS: MOBILE BUSINESS CHAPTER SEVEN NETWORKS:
E-commerce and Information Technology in Hospitality and Tourism Chapter 3 Connecting to the World Copyright 2004 by Zongqing Zhou, PhD Niagara University.

E-commerce and Information Technology in Hospitality and Tourism Chapter 3 Connecting to the World Copyright 2004 by Zongqing Zhou, PhD Niagara University.
Communications and Networks

Communications and Networks
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Communication Links Communication Link = Physical connection or Physical Medium Types: Wire Pair or Twisted Pair Coaxial Cable Fiber Optics Bandwidth,

Communication Links Communication Link = Physical connection or Physical Medium Types: Wire Pair or Twisted Pair Coaxial Cable Fiber Optics Bandwidth,
Computers © 2005 Prentice-Hall, Inc.Slide 1. Computers Chapter 6 Networks and Networking © 2005 Prentice-Hall, Inc.Slide 2.

Computers © 2005 Prentice-Hall, Inc.Slide 1. Computers Chapter 6 Networks and Networking © 2005 Prentice-Hall, Inc.Slide 2.

Similar presentations

Ads by Google