Presentation is loading. Please wait.

Presentation is loading. Please wait.

VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.

Published byShawn McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design."— Presentation transcript:

1 VoIP security : Not an Afterthought

2 OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design and implementation Conclusion

3 What is VoIP? VoIP is Voice over internet protocol, is a technology allows voice conversations to be carried over the Internet. VoIP exchanges voice information in digital form, in discrete packets rather than by using the traditional circuit-committed protocols of the Public Switched Telephone Network (PSTN).

4 Difference between PSTN and VoIP. In PSTN (Public Switched Telephone Network) the control is rested at switch. In VoIP the resource control is at deeper part of network.

5 Why VoIP? Price Flexibility Protocols Implementation Service

6 VoIP Security threats Security threats Viruses impacting servers. Denial of service attacks. Logical attacks on SIP. Subscription fraud and non-payment. Call eavesdropping.

7 Security concerns Preserve the availability: By network/service access control Preserve integrity: Prevent malicious activities by encryption techniques. Prevent theft of the VoIP service. Prevent fraudulent use of VoIP services Preserve the confidentiality: By encryption techniques.

8 Preserve Authentication by login password. Preserve authorization by access control, role based authentication

9 Is VoIP Security Different? VoIP services are real-time. VoIP services are target of voice specific malicious activities such as toll fraud, service theft, voice spam and identity theft. VoIP services are extremely sensitive to delay, packet loss and jitter caused by worms, viruses and DoS attacks. VoIP services are impacted by the existing security devices such as firewalls/NAT, encryption engines and IDS/IPS.

10 An Approach to VoIP Security Open source security Prevention Protection Reducing the risks VoIP Infrastructure

11 Design and implementation Major concerns for VoIP software development are 1)Software stability. 2)Robustness. 3)Interoperability. For implementation of VoIP its should have separate voice transport, signaling, service creation from one another.

12 VoIP protocols The two most widely used protocols for VoIP are the ITU standard H.323 and the IETF standard SIP. Both are signaling protocols that set up, maintain and terminate a VoIP call. In addition, the Media Gateway Control Protocol (MGCP) provides a signaling and control protocol between VoIP gateways and traditional PSTN (Public Switched Telephone Network) gateways. ITU-T, H.323 is a comprehensive protocol under the ITU-T specifications for sending voice, video and data across a network. The H.323 specification includes several sub-protocols:

13 1. H.225 for specifying call controls (e.g. call setup and teardown), 2. H.235 for specifying the security framework for H.323 and the call setup. 3. H.245 for specifying media paths and parameter negotiations such as terminal capabilities. 4. H.450 for specifying supplementary services such as call hold and call waiting.

14 Conclusion VoIP presents a number of interesting security challenges that differ substantially from those of traditionally telephony. In addressing these challenges, we might consider the roles of the vendor, service provider, and implementer communities.

15 References http://www.voip-info.org/ Voip security : not an afterthought by Douglas C.Sicker and Tomlookabaugh

16 Thank you

Download ppt "VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design."

Similar presentations

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Presented By:- Yash Jariwala Paras Patel Deep Amrutiya.

Presented By:- Yash Jariwala Paras Patel Deep Amrutiya.
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.

24/08/2005 IP Telephony1 Guided by: Presented by: Dr.S.K.Ghosh Nitesh Jain 05IT6008 M.Tech 1 st year.
1 MITP 458 : Information Security and Assurance VOIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui.

1 MITP 458 : Information Security and Assurance VOIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui.
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
VoIP – Security Considerations An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.

VoIP – Security Considerations An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.
VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.

VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.
SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.

SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.

1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
Voice over Internet Protocol (VoIP) Training and Development.

Voice over Internet Protocol (VoIP) Training and Development.
5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Similar presentations

Ads by Google