We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMegan Houston
Modified over 3 years ago
IMS and Security Sri Ramachandran NexTone
2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle Confidentiality Am I communicating with the right system or user? Can another system or user listen in? Integrity Have the messages been tampered with? Availability Can the systems that enable the communication service be compromised?
3 CONFIDENTIAL © 2006, NexTone Communications. All rights The Demarcation Point – Solution for protecting networks and multiple end systems Create a trust boundary by using a firewall Firewalls and NATs use the Authorization principle of Confidentiality Untrusted Trusted The Network Private IP Address space Authorized stream Unauthorized stream
4 CONFIDENTIAL © 2006, NexTone Communications. All rights Solutions for separate control and data streams FTP, BitTorrent, RTSP, SIP have separate control and data streams Data streams are ephemeral Solution: Use Application Layer Gateway (ALG) Scan control stream for attributes of data stream 2 approaches to building ALGs Dedicated purpose Deep packet inspector/scanner
5 CONFIDENTIAL © 2006, NexTone Communications. All rights Characteristics of Session Services Signaling and media may traverse different networks Intermediate systems for signaling and media are different Signaling and media networks may be independently secured Signaling and media have different quality characteristics Media is latency, jitter and packet loss sensitive Reliable delivery of signaling messages is more important than latency and jitter
6 CONFIDENTIAL © 2006, NexTone Communications. All rights Denial of Service (DoS) Concepts Multiple layers: Layer 3/4 - prevention or stealing of session layer processing Layer 5: - prevention and/or stealing of application layer processing (prevention of revenue loss) Theft of service Unable to honor Service Level Agreement Resource over-allocation Resource lock-in
7 CONFIDENTIAL © 2006, NexTone Communications. All rights Components of a complete security solution Ability to create a trust boundary for session services independent of data Ability to strongly authenticate users and end devices at all session network elements or networks Ability to encrypt at the trust boundary Prevent denial of service attacks on service intermediaries Hardened OS, Intrusion Detection/Prevention Secure management of network elements IPSec, HTTPS, SSH Allow network or flow based correlation and aggregation
8 CONFIDENTIAL © 2006, NexTone Communications. All rights Convergence of Services Back Office Application Service Delivery/ Session Control Transport Back Office Application Service Delivery/ Session Control Transport Voice Internet TV Terminals Wirelesse VoIP Collaboration IPTV Internet Vertically integrated apps Triple play services
9 CONFIDENTIAL © 2006, NexTone Communications. All rights Network to Service Centric Back Office Application Service Delivery/ Session Control Transport Back Office Application Service Delivery/ Session Control Transport Collaboration IPTV Internet VoIP Presence IPTV Collaboration
10 CONFIDENTIAL © 2006, NexTone Communications. All rights Migration to IMS Back Office Application Service Delivery/ Session Control Transport Back Office Application Service Delivery/ Session Control Transport VoIP Presence IPTV Collaboration VoIP Presence IPTV Collaboration CSCFHSS Wireline Wireless
11 CONFIDENTIAL © 2006, NexTone Communications. All rights Path to IMS Back Office Application Transport Voice Internet TV Terminals Wirelesse Vertically integrated apps Back Office Application Service Delivery/ Session Control Transport VoIP Collaboration IPTV Internet Triple play services Back Office Application Service Delivery/ Session Control Transport VoIP Presence IPTV Collaboration Back Office Application Service Delivery/ Session Control Transport VoIP Presence IPTV Collaboration CSCFHSS Wireline Wireless IMS Converged Network Common Session Control Separate Applications
12 CONFIDENTIAL © 2006, NexTone Communications. All rights CableLabs PacketCable 2.0 Reference Architecture Compatible with E-MTAs NAT & Firewall Traversal PacketCable Multimedia Provisioning, Management, Accounting Different types of clients IMS Service Delivery IMS Elements adopted and enhanced for Cable Re-use PacketCable PSTN gateway components
13 CONFIDENTIAL © 2006, NexTone Communications. All rights Issues with IMS today Access differentiates IMS flavors IMS functions and value misunderstood Bridge from legacy to IMS networks mostly underplayed Ignores Web 2.0 and non-SIP based sessions Focus on pieces inside walled garden – not on interconnecting Not enough focus on applications
14 CONFIDENTIAL © 2006, NexTone Communications. All rights Access Defines IMS Components WiFi (UMA) WiMAX, WiFi BB IMS Core SeGW + UNC P-CSCF + C-BGF PDG + P-CSCF + C-BGF A-BCF + C-BGF + P-CSCF P-CSCF + App Manager + C-BGF Internet Visited Network Home Network Cable DSL Internet
15 CONFIDENTIAL © 2006, NexTone Communications. All rights Secure Border Function (SBF) Similar concept to a firewall Is alongside CSCF network elements Thwarts DoS/DDoS attacks Uses established techniques to do firewall/NAT traversal Adds previously non-existent Rate based Admission Control capabilities
16 CONFIDENTIAL © 2006, NexTone Communications. All rights SBF Logical Security Architecture Layer 2 - Ethernet Layer 3 - IP Layer 4 – TCP/UDP Layer 5 – SIP Layer 7 – Application Queue/Buffer Management TCP/IP Stack in Operating System Packet Filter Analytics/ Post-processing SIP Control with Rate Admission Control Call Admission Control with Authentication/Authorization Reporting & Monitoring Alarming & Closed Loop Control Hardened OS DoS protection SIGNALINGMEDIA Network based Correlation Theft of service mitigation SPAM/SPIT prevention SIP Protocol vulnerabilities DoS protection Packet rate mgmt
17 CONFIDENTIAL © 2006, NexTone Communications. All rights Consolidation of Functions Access & Interconnectivity Access & Interconnect Session Management Application WAP/WAGWAG PDG SeGW SBC-SA-BCF WiFiWiMAXUMA Edge BGF BB I-BCF SBF
18 CONFIDENTIAL © 2006, NexTone Communications. All rights Benefits of SBF Security for both signaling and media Signaling and media can be disaggregated or integrated Can be integrated with any signaling or media element to protect it Consolidates all access types
19 CONFIDENTIAL © 2006, NexTone Communications. All rights Thank You! For further comments and discussion: firstname.lastname@example.org www.nextone.com/blog
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
The leader in session border control for trusted, first class interactive communications.
IT Expo SECURITY Scott Beer Director, Product Support Ingate
June 2006 Roles of Session Border Controllers in IMS Networks CANTO - June 2006.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
2 VoIP Mobility & Security Scott Poretsky Director of Quality Assurance Reef Point Systems Securing Fixed-Mobile and Wireless VoIP Convergence Services.
Sridhar Ramachandran Chief Technology Officer Core Session Controller.
Colombo, Sri Lanka, 7-10 April 2009 Multimedia Service Delivery on Next Generation Networks Pradeep De Almeida, Group Chief Technology Officer Dialog Telekom.
VoIP Security Sip.EDU workshop February 2007 Walt Magnussen, Ph.D. Director TAMU ITEC.
“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies
1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
Intelligent Interconnects in the VoIP Peering Environment John Longo VP Product Marketing & Management, NextPoint.
Ingate & Dialogic Technical Presentation SIP Trunking Focused.
5 Firewalls in VoIP Selected Topics in Information Security – Bazara Barry.
Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
SIP Explained Gary Audin Delphi, Inc. Sponsored by
1 Application Server Based on SoftSwitch Tao Sun.
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
IMS Workshop- Summary James Rafferty August
Service Oriented VoIP (SOVoIP): True Convergence of Data and Voice Networks Presented By Mohammed Jubaer Arif Supervisors Dr Shanika Karunasekera and Dr.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Enterprise Infrastructure Solutions for SIP Trunking Steven Johnson, Ingate Systems.
To Rent or Buy the IP PBX? Maybe it’s Both…. Building a VoIP Solution That Enables Both.
VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.
Teachers Name : Suman Sarker Telecommunication Technology Subject Name : Mobile & Wireless Communication-2 Subject Code : 9471 Semester :7th Department.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
x Evolution Architecture Functional Proposal Abstract: This contribution proposes a new architectural network element called an.
SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.
Lab #2 CT1406 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.
Pune, India, 13 – 15 December 2010 ITU-T Kaleidoscope 2010 Beyond the Internet? - Innovations for future networks and services Ivan Gaboli, Virgilio Puglia.
Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA MESH VOIP.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
Support Services & IP Multimedia Subsystem (IMS) T Internet Technologies for Mobile Computing Name – Koushik Annapureddy Student Number – 84973F.
All rights reserved © 2005, Alcatel Grid services over IP Multimedia Subsystem Antoine Pichot, Olivier Audouin, Alcatel GridNets ’06.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security Network Perimeter Security Intrusion Detection and Prevention.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security Network Perimeter Security Intrusion Detection and Prevention.
Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer communications The exchange of information between computers for the purpose of cooperative action Computer network Two or more computers interconnected.
Internet Protocol Security An Overview of IPSec. Outline: What Security Problem? Understanding TCP/IP. Security at What Level? IP Security.
Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.
© 2017 SlidePlayer.com Inc. All rights reserved.