Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Published byDiego Myers Modified over 10 years ago

Similar presentations

Presentation on theme: "Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director."— Presentation transcript:

1 Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director jkimmins@telcordia.com 732-699-6188 2007 CQR Conference

2 Outline Threats Vulnerabilities Architecture Boundaries Insider External Application Logical Domains Other Challenges Market Perspective

3 Example Service Provider Architecture SIP Endpoints Soft Phones, VoIP Phones, Attached Terminal Adaptors (ATA) SoftSwitch Signaling Gateway Media Gateway Media Gateway Controller Session Border Controller (SBC) Registration & Location Servers Supporting Servers Authentication, Authorization, and Accounting (AAA) servers Call Data Record (CDR) servers Domain Name Service (DNS) servers Network File Server (NFS)

4 Threats Confidentiality Eavesdropping (including traffic analysis) Interception of Signaling or Media Stream Integrity Modification of Signaling (Rerouting/Masquerading) Modification of Media Stream (Impersonation) Fraud (cannot trust Caller ID) Integrity of stored data and systems Availability Service disruption (amplification attacks DoS/DDoS) Denial of Service against Signaling or Media Stream Spam Over Internet Telephony (SPIT) Unauthorized access (compromise systems with intentions to attack other systems or exploit vulnerabilities to commit fraud and eavesdropping).

5 Types of Vulnerabilities Applications: Buffer overflows, format-string exploits, scripts, password exploits, overload (DoS, DDoS) Protocols: Session tear-down, impersonation, session hijacking, SIP>SS7 boundary messages tampering, malformed messages, overload (DoS, DDoS) Supporting Services Address resolution and directory services (DNS, LDAP, ENUM), email (SMTP), supporting databases (SQL), SNMP, STUN used for NAT traversal OS and Networking: Buffer overflows, format-string exploits, scripts, password exploits, overload (DoS, DDoS), ARP cache poisoning

6 End-to-End View Source: ITU Y.2701 (Security Requirements for NGN)

7 Insider Perspective

8 Operations Network Interfaces

9 External Perspective

10 Attempts to Bypass Filtering

11 Application³ Interface Security OSA/Parlay Interface OSA/Parlay Framework Service Control Features OSA/Parlay Application A OSA/Parlay Application A OSA/Parlay Gateway - Service Capability Server OSA/Parlay APIs Enterprise/Third Party Providers IMS Third Party Access OSA/Parlay Application A IMS Core Components IMS Network * Application³ means Third Party Application

12 Logical Segmentation Challenges Logical segmentation of the management/signaling/user layer between locations: Secure logical separation of domestic and international VoIP/NGN components An intruder from a foreign location could attack key domestic network elements because there may be insufficient barriers between domestic and international domains.

13 Internal Security Boundaries Needed?

14 An End-to-End View of Potential Security Vulnerabilities

15 Other Challenges in Security End-to-End Security Management Scaling across network domains, national and international domains (e.g., countries/continents) Hop-by-hop or end-to-end Identity Management Identity across network domains, national and international domains (e.g., countries/continents) Associated with a location Private/public identities, role and context based identifiers

16 Evolving Trust Model Source: ITU Y.2701

17 NNI Trust Model Source: ITU:Y.2701

18 Market Perspective Hows security in VoIP/NGN products today? Poor to average Security controls are not mature Not well implemented in deployments Implementations inherit traditional vulnerabilities (e.g. Buffer Overflows) Security performance and reliability are critical elements and need to be improved Security features to enforce stronger security posture (protocol, user and boundaries) are not uniformly implemented Baseline security requirements for product vendors are many times vague Signaling and media security are not fully recognized by the market Integration of security functionality still evolving Organizational issues are not fully identified and addressed

Download ppt "Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director."

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
www.dynamicsoft.com Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,

SURA/ViDe 4th Annual Workshop SIP, Security & Threat Models Dr. Samir Chatterjee School of Information Science Claremont Graduate University Claremont,
IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.

IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.
Information Document 18-E ITU-T Study Group 2 May 2002 QUESTION:Q.1/2 SOURCE:TSB TITLE:UNIVERSAL COMMUNICATIONS IDENTIFIER (UCI) (by Mike Pluke, ETSI)

Information Document 18-E ITU-T Study Group 2 May 2002 QUESTION:Q.1/2 SOURCE:TSB TITLE:UNIVERSAL COMMUNICATIONS IDENTIFIER (UCI) (by Mike Pluke, ETSI)
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Application Server Based on SoftSwitch

Application Server Based on SoftSwitch
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006.

SIP.edu : OpenSER in an academic environment OpenSER SUMMIT - VON – Berlin 2006.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Similar presentations

Ads by Google