IT Expo SECURITY Scott Beer Director, Product Support Ingate +1-613-963-0933.

Slides:

Advertisements

Similar presentations

The leader in session border control for trusted, first class interactive communications.

Advertisements

The leader in session border control

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

IMS and Security Sri Ramachandran NexTone. 2 CONFIDENTIAL © 2006, NexTone Communications. All rights Traditional approaches to Security - The CIA principle.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

SIP Trunk-UC Workshop IT Expo 2011.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation The Ingate SIParator ®

Enterprise Infrastructure Solutions for SIP Trunking

Vocalcom Cloud Contact Center

VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.

Common Misconceptions Alan D. Percy Director of Market Development The Truth of Enterprise SIP Security.

Ingate & Dialogic Technical Presentation SIP Trunking Focused.

SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

IP Ports and Protocols used by H.323 Devices Liane Tarouco.

Version 1.0June 11th 2013 VIRTUAL CONTACT CENTER in the Cloud Cloud Contact Center Global Infrastructure for Aditya Birla Minacs.

Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.

1 A high grade secure VoIP using the TEA Encryption Algorithm By Ashraf D. Elbayoumy 2005 International Symposium on Advanced Radio Technologies Boulder,

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Crossing firewalls Liane Tarouco Leandro Bertholdo RNP POP/RS.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Sridhar Ramachandran Chief Technology Officer Core Session Controller.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.

Adoption of IP in the Next Generation Contact Center Rupesh ChokshiGautham NatarajanDirector, AT&T.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

5 Firewalls in VoIP Selected Topics in Information Security – Bazara Barry.

To Rent or Buy the IP PBX? Maybe it’s Both…. Building a VoIP Solution That Enables Both.

Session border control: CONTROL for service providers to make money from IP IC services Kevin Klett VP, Product Management.

© 2002, Cisco Systems, Inc. All rights reserved..

SIP & How It Relates To YOUR Business. Jeff S. Olson Director of Marco Carrier Services David Bailey-Aldrich Technology.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Peer-to-Peer Solutions Between Service Providers David A. Bryan CTO, Jasomi Networks October 10, 2002 – Fall VON, Atlanta, GA.

Information Technology Network and Security. Networking In the world of computers, networking is the practice of linking two or more computing devices.

March 2009 Sipera Overview. 2 © 2009 Sipera Systems, Inc. All Rights Reserved. About Sipera  Leader in real-time Unified Communications (UC) security.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

Fortinet VoIP Security June 2007 Carl Windsor.

Network security Vlasov Illia

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

* Essential Network Security Book Slides.

Enterprise Infrastructure Solutions for SIP Trunking

Introduction to Network Security

Helping to Achieve ROI Targets with SIP Trunking

Ingate & Dialogic SIP Trunking

Ingate & Dialogic Technical Presentation

Presentation transcript:

IT Expo SECURITY Scott Beer Director, Product Support Ingate

What is Network Security? Network Security Consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Should Security apply to Voice over IP? YES! ABSOLUTELY!

What is Network Security? Why should Security apply to VoIP? VoIP security involves the authorization of access to Voice applications in a network Authenticating information that allows voice access to Call Control and UC Applications VoIP Security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals.

What is Network Security? Why should Security apply to VoIP? (con’t) VoIP can be private, such as within a company, and others which might be open to public access. VoIP security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the Voice Network, as well as protecting and overseeing operations being done.

What is Network Security? Why is VoIP Security Important? End of Geography IP Protocol is an OPEN network system, no longer need to be physically present Any IP Address can connect with any other IP Address. Prevent Fraudulent Activities Identify Theft, Toll Fraud, Spoofing, Misuse, SPAM, SPIT, Vishing, Eavesdropping, Data Mining, Reconnaissance Prevent Disruption of Service Denial of Service, Fuzzing

Trusted and Untrusted Policies in Defining Network Security Zones A network zone describes the trust level of a network connection. Trusted Network Security Zone Fully trusted connections. All incoming traffic is allowed. Untrusted Network Security Zone Fully untrusted connections. No incoming traffic is allowed. Administrator defines the services/policies

Trusted and Untrusted Examples

Comparing SBCs with Firewalls Summary VoIP and UC are being deployed at an growing rate IP networks provide a highly effective means for enterprises and contact centers to communicate The IP communications network is now a business- critical resource IP-based enterprise communications networks, services and applications must be secured. For successful VoIP/ UC deployments the enterprise must: Maximize communication service and interoperability Assure service availability and quality levels Control costs

Comparing SBCs with Firewalls Firewalls with SIP ALG (Application Layer Gateway) Ubiquitous in today’s IP networks—protect IP data networks, servers and applications against a variety of threats through stateful inspection and filtering at layers 3 and 4 of the OSI model. To enable basic VoIP connectivity through the firewall, some firewalls add SIP ALGs that translate embedded SIP addresses allows the firewall to maintain a single end-to- end SIP session between endpoints residing on either side of the firewall.

Comparing SBCs with Firewalls Session Border Controllers (SBC) SBC’s implement a SIP back-to-back user agent (B2BUA) as defined in IETF RFC A B2BUA divides each SIP session into two distinct segments. In doing so, the SBC is able to completely and effectively controls SIP sessions, as well as the associated media flows, in ways that SIP ALGs cannot. This unique capability gives SBCs a clear edge in their ability to securely deliver reliable, high- quality IP-based interactive communications.

Comparing SBCs with Firewalls How It Works Firewall with SIP ALG Maintains single SIP session through Firewall Fully state-aware at layer 3 and 4 Only inspects/modifies SIP, SDP addresses Unable to terminate, initiate, re-initiate or respond to SIP signaling messages Only supports static ACLs and policies

Comparing SBC with Firewall How It Works Session Border Controllers (SBC) Implements SIP B2BUA for complete control Fully state-aware at layers 2-7 Inspects/modifies all SIP, SDP header info Can terminate, initiate, re-initiate & respond to SIP signaling messages Supports static and dynamic ACLs and policies

Security with SBC Session Border Controllers uniquely provide all controls required for delivering trusted, reliable and high-quality IP interactive communications: Security: IP PBX and UC server DoS/DDoS attack protection, SBC self-protection Communications reach maximization: IP PBX and UC protocol interworking, remote NAT traversal SLA assurance: IP PBX & UC server session admission and overload control, data center disaster recovery, remote site survivability, Call Admission Control, SBC high-availability operation Data Firewalls with application layer gateways (FW/ALG) are effective in securing data-oriented application infrastructure (PCs, servers).

Successful Delivery of VoIP  Requirements for the successful delivery of enterprise and contact center VoIP/UC services and applications  SBC/FW DoS/DDoS Self-Protection  VoIP Theft of Service  IP PBX & UC SIP Protocol Interoperability  IP PBX/UC Server Session Admission & Overload Control  Remote Site NAT Traversal  High Availability VoIP Operations  Data Center Disaster Recovery  Remote Site Survivability using SBC/FW  Call Admission Control

Success Combined  Completely Ubiquitous Voice & Data Security

SIP Security is Better  Why is SIP Security Better than PSTN?  Encryption  Transport Layer Security (TLS) – Encryption of SIP Signaling

SIP Security is Better  Why is SIP Security Better than PSTN?  Encryption  Secure RTP (SRTP) – Encryption of Media

Common SIP Attacks  Intrusion of Services (or Theft of Service)  Devices attempting Register with a IP-PBX in an attempt to look like an IP-PBX extension and gain IP-PBX services  SPIT (SPAM over Internet Telephony)  Toll Fraud  A form of an Intrusion of Service, where malicious attempts to send INVITEs to an IP-PBX to gain access to PSTN Gateways and SIP Trunking to call the PSTN  Denial of Service  INVITE (or any SIP Request) Flood in an attempt to slow services or disrupt services  Or any UDP or TCP traffic directed at a SIP Service on SIP Ports  Indirect Security Breaches

Common SIP Attacks  What is Intrusion of Service?  A Third Party attempting to defraud either the Enterprise or the Carrier  Devices attempting “Spoof” a Client device in an attempt to look like an extension (or enterprise) and gain services directly, including Toll Fraud.

Common SIP Attacks  What is Denial of Service?  A Third Party attack to make a communications resource unavailable to its intended users  Generally consists of the concerted efforts to prevent SIP communications service from functioning efficiently or at all, temporarily or indefinitely  One common method of attack involves saturating the target (victim) IP-PBX with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable

Common SIP Attacks  Prevention of SIP Attacks  Layered Security  Do Not to subject “Mission Critical” Voice applications to SIP Attacks

The End Scott Beer Director, Product Support Ingate