1 MSIT 458 Information Security and Assurance VoIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui.

Slides:

Advertisements

Similar presentations

The leader in session border control for trusted, first class interactive communications.

Advertisements

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

1 MITP 458 : Information Security and Assurance VOIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

Lecture 1: Overview modified from slides of Lawrie Brown.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Security+ Guide to Network Security Fundamentals

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Web server security Dr Jim Briggs WEBP security1.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Payment Card Industry (PCI) Data Security Standard

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Design and Implementation of SIP-aware DDoS Attack Detection System.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Virtual Private Network

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

IT Expo SECURITY Scott Beer Director, Product Support Ingate

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

General Awareness Training

Comparing modem and other technologies

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

BUSINESS B1 Information Security.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

ECEN “Internet Protocols and Modeling”, Spring 2012 Slide 2.

ACM 511 Introduction to Computer Networks. Computer Networks.

CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Topic 5: Basic Security.

Module 11: Designing Security for Network Perimeters.

Network Security & Accounting

Lecture 24 Wireless Network Security

Chap1: Is there a Security Problem in Computing?.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

CPT 123 Internet Skills Class Notes Internet Security Session B.

Communication Methods

IS3220 Information Technology Infrastructure Security

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.

Cryptography and Network Security

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Securing Information Systems

Security in Networking

IS4550 Security Policies and Implementation

INFORMATION SYSTEMS SECURITY and CONTROL

Presentation transcript:

1 MSIT 458 Information Security and Assurance VoIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui

2 VOIP I.What is VoIP ? II.Business & Security Concerns III.Security Threats IV.Security Measures V.Cost/Risk Analysis VI.Legal Consequences

3 What is VOIP? Protocol optimized for the transmission of voice through the Internet or other packet switched networks Also referred to as IP telephony, Internet telephony, voice over broadband, broadband telephony, and broadband phone.

4 How fast is VoIP growing? Per a study conducted by IBISWorld: Industry’s forecast is to experience the largest revenue growth in the telecommunications sector over the next five years, at an annual growth rater of 25%. Business subscriptions will grow by 44%, compared with consumer subscription growth of 21%.

5 How fast is VoIP growing? Per a study conducted by IBISWorld: U.S. will have 25 million paying VoIP customers by Total industry revenues in 2008 are forecast at $3.2 billion, reaching $5 billion by 2012.

6 Business Concerns  Integrity – Voice quality should be excellent  Availability – User needs dial-tone 365/24/7  Confidentiality – All communication should remain confidential  Authenticity – Valid service subscribers should be able to access the service provider’s network  Federal and State regulatory compliance

7 Security Threats Configuration weaknesses in VoIP devices and underlying operating systems can enable denial of service attacks, eavesdropping, voice alteration (hijacking) and toll fraud (theft of service), all of which can result in the loss of privacy and integrity. Unscrupulous telemarketers could use VoIP (via soft PC based phones) to access customer credit and privacy details.

8 Security Threats Today, the biggest VoIP-related security threats are inside a company's firewall, such as changing a configuration setting to make the CEO's phone ring at a disgruntled employee's desk. Eavesdropping is another potential problem.

9 Security Threats Launch a Denial of Service attack by placing a large number of calls, either as an authorized or unauthorized user, to flood the network. SPIT (spam over Internet telephony or VOIP) – advertising that appears in a VoIP voice mailbox.

10 Security Threats Vishing, the process of persuading users to divulge personal information such as Social Security and credit card numbers. Attackers can "spoof" the caller ID that users see to make the call appear to come from a legitimate organization.

11 Security Measures Bolster encryption by encoding and decoding information securely, both the conversation and the call numbers. Encrypt VoIP communications at the router or other gateway, not at the individual endpoints. Since some VoIP telephones are not powerful enough to perform encryption, placing this burden at a central point ensures all VoIP traffic emanating from the enterprise network will be encrypted.

12 Security Measures IP Phone must register to make phone calls. 1.When a phone tries to register, the registrar sends a challenge. 2.Phone correctly encrypts the challenge, digital certificate from phone manufacturer, and Media Access Control (MAC) address. 3.Manufacturer certificate cannot be forged because it is burnt into the phone’s non- volatile RAM and cannot be retrieved.

13 Security Measures Separate VoIP network from data network by logically segregating the voice and data networks using vLAN-capable switches. Don't allow interaction between Internet- connected PCs and VoIP components.

14 Security Measures Install an Intrusion Prevention System (IPS) at the network's perimeter to scan for known signatures while blocking or allowing traffic based on application content rather than IP addresses or ports. An IPS can dynamically modify firewall rules or terminate a network session when necessary.

15 Security Measures Session Border Controllers (SBC) prevent someone (most likely a computer program) from generating abnormal number of calls from a legitimate VoIP account within a threshold period. A violation of the threshold policy rule suspends additional call placement from an account for specified period of time. A session key is maintained for the whole of the conversation for security and encryption purposes.

16 Security Measures Implement a voice-aware (VoIP-ready) firewall, which is optimized by voice, allowing the opening of ports only when a connection must be established. Stateful packet inspection can be used to drop attack packets because they are not part of an authenticated connection.

17 Security Measures In order to mitigate the latency issues caused by security measures, add QoS to all devices processing the calls, i.e. turn on this feature on the service provider’s data switch and the data router, as opposed to a phone switch located within the subscriber’s LAN where the call terminates.

18 A look at the VoIP infrastructure

19 Security Threat to Come A lot of the security measures taken today are based on experience with restricting access to data networks. To date, not a single virus is reported that is specific to infecting the VoIP packets. However, it is to come without a doubt.

20 Cost/Risk Analysis Cost/Risk analysis vary from industry to industry and business to business. The best judgment of risk exposure is collective assessment of both immediate and future monetary losses to an organization. Organizations today can utilize research based calculators for estimating the potential cost of a data security breach for any number of 'at risk' records. The same concept can be applied to VoIP.

21 Cost/Risk Analysis A sample identity theft or data breach Cost calculator can be found at Enter Total Number Of Affected Records 100,000 Customer Notification (Mail) $664, Phone Call Center Support $2,895, Legal Defense Services $663, Criminal Investigations (Forensics) $248, Public / Investor Relations $205, Free / Discounted Services (Credit reports) $2,380, Cost Of Brand Impact - Lost & Fewer Customers $9,832, Cost Of Security Data Breach $16,887,000.00

22 Legal Consequences Businesses need to be aware that the laws and rulings governing interception or monitoring of VoIP lines, and retention of call records, may differ from those of conventional telephone systems. These issues should be reviewed with legal advisers. Virus attacks delivered through use of VoIP services, such as Skype, may not be held accountable.

23 VoIP Security Questions?