Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Slides:

Advertisements

Similar presentations

The leader in session border control for trusted, first class interactive communications.

Advertisements

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Encrypting Wireless Data with VPN Techniques

VoIP PRESENTATION BY HÜSEYİN SAVRAN OUTLINE PSTN an brief history of telephone.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

Microsoft ISA Server H.323 Gateway and Gatekeeper Overview of IP Telephony, H.323, and ISA Server H.323 Support.

H. 323 Chapter 4.

A Presentation on H.323 Deepak Bote. , IM, blog…

Speaker: Yi-Lei Chang Advisor: Dr. Kai-Wei Ke 2012/11/28 H.323 Packet-based multimedia communications systems 1.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

H.323 Recommended by ITU-T for implementing packet-based multimedia conferencing over LAN that cannot guarantee QoS. Specifying protocols, methods and.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Voice over IP Fundamentals

© 2004, NexTone Communications. All rights reserved. Introduction to H.323.

Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H Terminal.

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)

24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.

VoIP EE 548 Ashish Kapoor. Characteristics – Centralized and Distributed Control H.323 pushes call control functionality to the endpoint, while still.

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

H.323: Multimedia Conferencing for Packet Switched Networks Dave Lindbergh Manager, Technical Standards Group PictureTel.

SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

Voice and Data Integration over IP An analytical overview of voice-over-IP Prabhu Sivarja Wichita State University, Wichita, KS Spring 2003.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.

1 CCM Deployment Models Wael K. Valencia Community College.

IT Expo SECURITY Scott Beer Director, Product Support Ingate

SIP Explained Gary Audin Delphi, Inc. Sponsored by

3. VoIP Concepts.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

IP Ports and Protocols used by H.323 Devices Liane Tarouco.

Protocols Suite By: Aleksandr Gidenko. What is H.323? H.323 is a multimedia conferencing protocol for voice, video and data over IP-based networks that.

H.323 Onno W. Purbo Referensi.. Dr. Andreas Steffen, Komunikationsysteme.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

1 A high grade secure VoIP using the TEA Encryption Algorithm By Ashraf D. Elbayoumy 2005 International Symposium on Advanced Radio Technologies Boulder,

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Applied Communications Technology Voice Over IP (VOIP) nas1, April 2012 How does VOIP work? Why are we interested? What components does it have? What standards.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Crossing firewalls Liane Tarouco Leandro Bertholdo RNP POP/RS.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

H.323 An International Telecommunications Union (ITU) standard. Architecture consisting of several protocols oG.711: Encoding and decoding of speech (other.

TCP/IP Protocols Contains Five Layers

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Voice over IP by Rahul varikuti course instructor: Vicky Hsu.

NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY VOICE OVER INTERNET PROTOCOL SHREETAM MOHANTY [1] VOICE OVER INTERNET PROTOCOL SHREETAM MOHANTY ROLL # EC

VoIP Signaling Protocols A signaling protocol is a common language spoken by telephones and call-management servers, the PSTN, and legacy PBX systems as.

Unleashing the Power of IP Communications™ Calling Across The Boundaries Mike Burkett, VP Products September 2002.

CSE5803 Advanced Internet Protocols and Applications (14) Introduction Developed in recent years, for low cost phone calls (long distance in particular).

Voice and Video over IP.

PTCL Training & Development1 H.323 Terminals Client end points on the network IP phones, PCs having own OS Terminals running an H.323 protocols and the.

Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,

1 Internet Telephony: Architecture and Protocols an IETF Perspective Authors:Henning Schulzrinne, Jonathan Rosenberg. Presenter: Sambhrama Mundkur.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

3/10/2016 Subject Name: Computer Networks - II Subject Code: 10CS64 Prepared By: Madhuleena Das Department: Computer Science & Engineering Date :

“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies

Telecommunications Essentials Chapter 9. Cost savings & revenue generation Logical rather than physical connections IPT – Telephony IPTV – Digital Television.

E.S. Cherdyntsev MULTIMEDIA NETWORKS. Enhancing the TCP/IP Protocol Stack to Support Functional Requirements of Distributed Multimedia Applications Chapter.

VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.

IP Telephony (VoIP).

Protocols and the TCP/IP Suite Overview and Discussion

Voice over internet protocol

SIX MONTHS INDUSTRIAL TRAINING REPORT

Introduction to Networking

VoIP—Voice over Internet Protocol

Presentation transcript:

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University

What is VoIP? VoIP (Voice over Internet Protocol), VoIP (Voice over Internet Protocol), sometimes referred to as Internet telephony, is a method of digitizing voice, encapsulating the digitized voice into packets and transmitting those packets over a packet switched IP network.

VoIP enables people to use the Internet as the transmission medium for telephone calls. For users who have free, or fixed-price, Internet access, Internet telephony software essentially provides free telephone calls anywhere in the world. To date, however, Internet telephony does not offer the same quality (easy target of security attacks) of telephone service as direct telephone connections. Overview of VoIP(1)

Overview of VoIP(2) VoIP: yet another Internet service (Telephone, Radio, Video) over IP Services: /web/calendar integration, emergency services, call scheduling, Interactive Voice Response (IVR), instant messaging, personal mobility…

VoIP Protocols Most implementations use H.323 protocol – Same protocol that is used for IP video. – Uses TCP for call setup – Traffic is actually carried on RTP (Real Time Protocol) which runs on top of UDP. SIP defines a distributed architecture for creating multimedia applications, including VoIP VoIP = Transport + QoS + Signaling Transport : RTP QoS : RTCP (Real-Time Transport Protocol) Signaling: H.323, SIP, MGCP/Megaco

Internet telephony protocol stack

H.323 Signaling and Media Channels H.225.0/RAS Channel RAS(Registration, Admission & Status) control between Endpoints (terminals, gateways, MCUs) and its Gatekeeper H Call Signaling Channel Call remote endpoint Establish H.245 address H.245 Control Channel Open control channel; Terminal capability negotiation Open/close logical channels Establish UDP ports for A/V RTP/RTCP Logical Channels for Media Stream Carry media (audio, video, data, etc.) data within logical channels

H.323 VoIP Components H.323 defines four logical components Terminals, Terminals, Gateways, Gateways, Gatekeepers and Gatekeepers and Multipoint Control Units (MCUs). Multipoint Control Units (MCUs). Terminals, gateways and MCUs are known as endpoints.

Call Control Call Setup Media Exchange Call Signaling (RAS) Call Processing PSTN IP telephony Public Switched Telephone Network Gateway IP PBX

VoIP requires…. HandsetsSoftphonesGatewaysGatekeepers Conference Bridge IP PBX H.323, SIP, MGCP/Megaco

SOFTPHONES IP PBX PSTN GATEWAY MCU PSTN Gatekeeper VoIP requires….(Cont.)

Security Threats and Defense Mechanisms Denial-of-service (DOS) - Separation of the voice and data segments using VPNs Call interception (Invasion of privacy) - Encrypt VOIP traffic where possible - Lawful interception

Call Interception - Example

Security Threats and Defense Mechanisms(2) Theft of service (Traditional fraud) - Getting free service or free features - Use strong authentication - Call-processing Manager will not allow unknown phones to be configured Signal protocol tampering -capture the packets that set up the call. -user could manipulate fields in the data stream and make VOIP calls without using a VOIP phone.

Other Security Threats and Defense Mechanisms  Masquerading/Man-in-the-middle attacks  Endpoint authentication  Spoofing/connection hijacking  User/message authentication and integrity  Message manipulation  Message authentication  Virus and Trojan-horse applications -Host based virus scanning  Repudiation - Call-processing manager

Scope of H.235 AV applications Terminal control and management RTCP H Terminal To GK Signaling (RAS) H Call Signaling (Q.931) H.245 Call Control Transport Security (TLS) Audio G.xxx Video H.26x Encryption Auth.RTP Unreliable Transport/UDP, IPX Reliable Trans./TCP Network Layer/IP, Network Security/IPsec Link Layer Physical Layer

Challenges for IP Telephony NAT/Firewall Traversal Problem NAT= Network Address translation IP Telephony uses UDP as transmission protocol IP Telephony uses dynamic port address For these protocols to pass the firewall, the specific static and the range of dynamic ports must be opened for all traffic. IP addresses are embedded in the payload NAT only handles outgoing connections

NAT/Firewall Traversal Issue X Signaling & Control In-bound Media and RTP Out-bound Media Capabilities and RTP Transient Ports

Firewall/NAT Solutions (1) Proxies (Multimedia Gateway) Proxies (Multimedia Gateway) - Designed to handle real-time communications Gateways Gateways - Converts from IP to PSTN voice - Converts from IP to PSTN voice Application Level Gateways (ALG) - Firewalls programmed to understand IP Protocols Demilitarized Zone (DMZ) - Overcomes problem by placing a MCU

Multimedia Gateway (Proxy)

Virtual Private Network (VPN) A secure connection between two points across the Internet Tunneling The process by which VPNs transfer information by encapsulating traffic in IP packets and sending the packets over the Internet Firewall/NAT Solutions (2)

Conclusion VoIP just adds - more assets, more threat locations, more vulnerabilities – to the data network, because of new equipment, protocols, and processes on the data network To increase security and performance it’s recommended to use VPNs to separate VoIP from data traffic. Instead of using VPN segmentation, users may consider using a multimedia gateway or reverse proxy.