Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gaston Ormazabal Verizon Laboratories

Published byShavonne Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "Gaston Ormazabal Verizon Laboratories"— Presentation transcript:

1 Verizon Columbia Research on VoIP Security A Model Academia/Industry Collaboration
Gaston Ormazabal Verizon Laboratories VoIP cannot be fully deployable without solving problem that surround . And it is very important for Verizon’s reputation that they deploy a solution that is completely devoid of outages that DoS attacks can potentially cause. Such an outage wouldn’t mean much to people like Vonage or Skype but it definitely means a lot to Verizon. April 23, 2017 1

2 Agenda A successful collaboration Project Overview Value to Verizon
Verizon and CATT Professor Schulzrinne - three year program Project Overview Background, Research Focus, and Goals DoS DoS Detection and Mitigation Strategy DoS Validation Methodology - DoS Automated Attack Tool Value to Verizon Intellectual Property/Technology Licensing Next Steps Conclusions 2

3 Verizon – CATT Program Collaboration between Verizon and Center of Advanced Technology Telecommunications Verizon PI: Gaston Ormazabal CATT Columbia University PI: Prof. Henning Schulzrinne Graduate Students Milind Nimesh New York University Polytechnic Institute

4 Background & Research Focus
SIP is the VoIP protocol of choice for both wireline and wireless telephony Control protocol for the Internet Multimedia Systems (IMS) architecture VoIP services migrating to IP fast becoming attractive DoS and ToS targets DoS attack traffic traversing network perimeter reduces availability of signaling and media for VoIP Theft of Service must be prevented to maintain service integrity Reduces ability to collect revenue and provider’s reputation both are at stake Attack targets SIP infrastructure elements (proxy, softswitch, SBC, CSCF-P/I/S) End-points (SIP phones) Supporting services (e.g., DNS, Directory, DHCP, HSS, DIAMETER, Authorization Servers) Verizon needs to solve security problem for VoIP services Protocol-aware application layer gateway for RTP SIP DoS/DDoS detection and prevention for SIP channel Theft of Service Architectural Integrity Verification Tool Need to verify performance & scalability at carrier class rates Security and Performance are a zero sum game Columbia likes to work in real life problems & analyze large data sets Goal of improving generic architectures and testing methodologies Columbia has world-renowned expertise in SIP Verizon has made a strategic decision to proceed with all future deployments of VoIP to be SIP based From Research Focus Slide: Two detection and mitigation filters - SIP: Two types of rule-based detection and mitigation filters - Media: SIP-aware dynamic pinhole filtering CloudShield fast packet application server Developed a Testing & Analysis infrastructure Distributed computing architecture for traffic generation & simulation Testing & Analysis tools - ToS Architectural Integrity Verification Tool - Evaluation at carrier-class rates suitable for Verizon networks future deployments 4

5 Study VoIP DoS and ToS for SIP
Goals Study VoIP DoS and ToS for SIP Definition – define SIP specific threats Detection – how do we detect an attack? Mitigation – defense strategy and implementation Validation – verification of defense strategy Generate requirements for future security network elements and prototypes Share requirements with vendors Generate the test tools and strategies for their validation Share tools with vendors We don’t need to re-invent the wheel. VoIP Security Alliance lead by Prof. Schulzrinne has lead down the VoIP threat model which we adopt here. 5

6 Definition: VoIP Threat Taxonomy
Scope of our research A multifaceted problem focusing on VoIP specific DoS Motivation From previous slides Application layer security Digest Authentication, TLS, S/MIME, IPSec, certificates SRTP/ZRTP for media Convergence leads to converged attacks Data network attacks DDoS, spoofing, content alteration, platform attacks Voice over IP network attacks Toll fraud, session hijacking, theft of service, spam/spit Most security problems are due to User Datagram Protocol (UDP) instead of TCP/TLS Plain text instead of S/MIME Message/Method vulnerability Flexible grammar --> syntax-based attacks Application level security is already defined by SIP RFC 3261, an improvement from relatively less secure RFC Although they are good ways to prevent outright compromise of network, we need to extend our security architecture to deal with attacks like: Call fraud, compromised machines, theft of service, identity assurance and more. VoIP has converged advantages from various networks together: cost effectiveness of data networks and convenience of voice networks. However this convergence has also made VoIP susceptible to data network attacks like DDoS, Message Alteration, Spoofing, Session anomalies and also voice attacks like Call Theft, Call Hijacking, Spam. UDP – Spoofing; Plain Text – Spam, Flood of messages (although all SIP networks are not connected yet); Message Vulnerability – Network downtime, alteration, etc. Application Layer Security SIP RFC 2543 – little security SIP RFC 3261 – security enhancements Digest Authentication TLS IPSec SRTP/ZRTP Perimeter Protection SIP aware Filtering Mechanisms SIP aware DOS Protection Detection and Mitigation Scope of our research *- VoIP Security and Privacy Threat Taxonomy, VoIP Security Alliance Report, October, 2005 ( 6

7 Denial of Service & Theft of Service
Denial of Service – preventing users from effectively using the target services Service degradation to a “not usable” point Complete loss of service Distributed Denial of Service attacks represent the main threat facing network operators* Most attacks involve compromised hosts (bots) botnets sized from a few thousands to over million 25% of all computers on Internet may be botnets Theft of Service – any unlawful taking of an economic benefit of a service provider With intention to deprive of lawful revenue or property Explain DoS and DDoS. It is estimated that there are 600 million computers on Internet. Out of which million are expected to be infected. DoS Implementation flaws Application level Flooding TOS: Billing Threats Unauthorized deletion or altering of billing records Unauthorized bypass of lawful billing systems Unauthorized billing Service Threats Enough funds Enough coverage Physical Threats Taking of service provider property *- Worldwide ISP Security Report, September 2005, Arbor Networks *- Criminals 'may overwhelm the web', 25 January, BBC DoS Implementation flaws Application level Flooding 7

8 SIP DoS Attack Taxonomy
Denial of Service Implementation flaws Application level Flooding NOTE: Try to take sub bullets out for ToS and just give a flavor, and discuss this later. Billing Threats Unauthorized deletion or altering of billing records Unauthorized bypass of lawful billing systems Unauthorized billing Service Threats Enough funds Enough coverage Physical Threats Taking of service provider property 8

9 VULNERABILITY : Most security problems are due to:
Strategy Focus VULNERABILITY : Most security problems are due to: flexible grammar  syntax-based attacks Plain text  interception and modification SIP over UDP  ability to spoof SIP requests Registration/Call Hijacking Modification of Media sessions SIP ‘Method’ vulnerabilities Session teardown Request flooding Error Message flooding RTP flooding STRATEGY: Two DoS detection and mitigation filters and ToS tools SIP: Two types of rule-based detection and mitigation filters Media: SIP-aware dynamic pinhole filtering Application Level Flooding user datagram protocol (UDP) instead of TCP/TLS plain text instead of S/MIME 9

10 DoS Mitigation Strategy
SIP infrastructure element defense Implementation flaws are easier to deal with Systems can be tested before used in production Application level and flooding attacks are harder to defend against Require layer 7 deep packet inspection Require deep understanding and handling of SIP protocol Commercially available solutions for general UDP/SYN flooding but none for SIP  Address application level and flooding attacks specifically for SIP  Identify and address architectural weaknesses before they are exploited to commit ToS UDP floods, SYN attacks can be protected by other products in the market. I.e. Arbor Networks, Netscreen, Cisco/Riverhead Technologies For sip there is no solution and this is where we come, It’s like “peeling the onion” Implementation flaws are dealt with Oulu University test tool such as PROTOS or better their commercial progeny Codenomicon. 10

11 DoS Mitigation Solution Overview
Untrusted Untrusted VoIP Traffic Attack Traffic Trusted Trusted Filter I Filter I Filter II Filter II sipd sipd DPPM DPPM SIP SIP SIP SIP SIP SIP RTP RTP RTP RTP 11

12 Application Server Module
Hardware Platform 10/100/1000 10/100 System Level Port Distribution 1 2 Application Server Module Pentium 1GHz ASM 1000 1000 Backplane 3 4 Gigabit Ethernet Interconnects D 0 D 1 D 0 D 1 P 0 P 0 Explain: ASM, DPPM, CAM, Regular Expression engine and Rapid Application and Visualization Engine language. DPPM Intel IXP 2800 E 1 E 1 DPPM Intel IXP 2800 E 2 E 2 F 0 C 3 C 4 F 0 C 3 C 4 12

13 Integrated DDOS and Dynamic Pinhole Filters
sipd SIP ASM Linux server SIP DDOS Table CAM DPPM FCP/UDP Static Table CAM CAM Dynamic Table Outbound Inbound Lookup Switch Drop 13

14 Integrated Testing and Analysis Environment
Legitimate Loaders SIPUA/SIPp Attack Loaders SIPStone/SIPp Call Handlers SIPUA/SIPp GigE Switch GigE Switch Controller secureSIP Firewall SIP Proxy 14

15 secureSIP Test Results for DoS
SIP DoS Measurements (showing max supported call rates) Dynamic Pinhole Firewall Filters OFF Firewall Filters ON Traffic Composition Good CPS Attack CPU Load Non-Auth Traffic 690 87.81 88.04 Auth Good Traffic 240 19.83 39.64 480 81.20 81.75 Auth Good Traffic + Spoof Traffic 2950 83.64 16800 41.39 195 85.40 14400 82.72 Flood of Requests 3230 84.42 8400 40.83 570 86.12 7200 82.58 Flood of Responses 2970 87.2 41.33 330 86.97 Flood of Out-of-State 2805 86.24 40.29 290 84.81 82.19 Concurrent Calls Call rate (CPS) Delay due to Firewall Pinhole opening Pinhole closing 20000 300 0.73 25000 0.75 30000 0.83 15.51 200 0.80 0.02 NOTE: Follow this with demo… 15

16 The Bigger Picture - Columbia VoIP Testbed
Columbia VoIP test bed is collection of various open-source, commercial and home-grown SIP components provides a unique platform for validating research Columbia-Verizon Research partnership has addressed major security problems signalling, media and social threats Researched DoS solutions verified against powerful test setup at very high traffic rates ToS successfully validated integrity of different setups of test bed All efforts are focused towards one very secure environment and inputs from previous research will immensely help us to lay foundation for new research we undertake. 16

17 Value to Verizon Enhanced VoIP security through standards and vendor involvement Worked with Verizon vendors to mitigate exposures Evangelize vendor community Rolled the requirements and lessons learned into the Verizon security architecture and new element requirements database for procurement Columbia requirements valid for VoIP, Presence and Multimedia architectures (IMS) Wireline and wireless Setup a laboratory in Verizon facilities for VoIP security evaluations Incorporate Columbia/Verizon collaborative test tools Intellectual Property with Six Patent Applications Licensing Agreement Taken research quickly to marketplace Four vendors interested One agreement almost finalized A major vendor interested S. Springs labs is the best home since systems necessary for testing are already there, no capital needed, and staff is close by. The Risk Assessment is really a business tool to help prioritize what should be done and in what order based on the anticipated risks to the business over time. Other test tools (Codenomicon, Agilent, etc.) 17

18 Next Steps New vulnerability require a new mitigation technology for VoIP products VoIP should not be deployed without protection SIP proxies are vulnerable to crash Attack tool is easy to build and use Carriers (e.g., Verizon) will need new network elements RFP will include these requirements Vendors must have a ready solution Conversion of research into a product that carriers can use Need to determine optimal architecture for DoS prevention functionality for VoIP Security vs. Performance Hardware vs. Software Implementation Proxy/Softswitch (SW) SBC or New network element (HW/SW), Router? Use internally (protect VZ Network) Use externally (sell new security services to large customers) Get other companies interested to synergize resources and share results

19 Next Steps Cisco has just joined project funding research at NYU Polytechnic Institute to develop hardware prototype Objective is to research the optimal hardware platform to implement Columbia-Verizon SIP algorithms Use Cisco experimental cards that will eventually become router blades Continue relationship with Columbia Cisco is funding maintenance of the Verizon testbeds For further research in distributed computing and traffic generation enhancements To assist NYU Poly in testing and validation of new prototype against previous benchmarks To assist in eventual product development during product testing cycle Feedback loop of research and product cycle Other research in related areas Proposal to study SRTP/RTSP What can we do to make the working relationship even more productive? Have the synergistic combination of both CATT components (NYU Polytech and Columbia) and two major industry players (Cisco and Verizon) A model worth emulating!

20 Conclusions Research Results Intellectual Property Commercialization
Demonstrated SIP vulnerabilities for VoIP resulting in new DoS susceptibility for both wireline and wireless Work is fully reusable to secure a “Presence” and IMS infrastructure Implemented some “carrier-class” mitigation strategies Prototype is first of its kind in the world Removed SIP DoS traffic at carrier class rates Developed new generic requirements Built a validation testbed to measure performance Developed customized test tools Built a high powered SIP-specific Dos Attack tool using parallel computing Crashed a SIP Proxy in seconds Built a Theft of Service Architectural Integrity Validation Tool using parallel computing Intellectual Property Research activity resulted in six patent applications Commercialization Licensing agreements currently under negotiation Have socialized new requirements and test tools with vendor community to address rapid field deployment Major Vendors interested in new opportunities Rapid implementation is now expected Have created a partnership among both CATT university components and two major industry players 20 20

21 Thank You Questions? Thank you
Paper published by Springer Verlag - “Principles, Systems and Applications of IP Telecommunications” in October 2008: Book available at:

22 Backup Slides… 22

23 Intellectual Property – Six Patent Applications
“Fine Granularity Scalability and Performance of SIP Aware Border Gateways: Methodology and Architecture for Measurements” Inventors: Henning Schulzrinne, Kundan Singh, Eilon Yardeni (Columbia), Gaston Ormazabal (Verizon) “Architectural Design of a High Performance SIP-aware Application Layer Gateway” Inventors: Henning Schulzrinne, Jonathan Lennox, Eilon Yardeni (Columbia), Gaston Ormazabal (Verizon) “Architectural Design of a High Performance SIP-aware DOS Detection and Mitigation System” Inventors: Henning Schulzrinne, Eilon Yardeni, Somdutt Patnaik (Columbia), Gaston Ormazabal (Verizon) “Architectural Design of a High Performance SIP-aware DOS Detection and Mitigation System - Rate Limiting Thresholds” Inventors: Henning Schulzrinne, Somdutt Patnaik (Columbia), Gaston Ormazabal (Verizon) “System and Method for Testing Network Firewall for Denial of Service (DoS) Detection and Prevention in Signaling Channel” Inventors: Henning Schulzrinne, Eilon Yardeni, Sarvesh Nagpal (Columbia), Gaston Ormazabal (Verizon) “Theft of Service Architectural Integrity Validation Tools for Session Initiation Protocol (SIP) Based Systems” Inventors: Henning Schulzrinne, Sarvesh Nagpal (Columbia), Gaston Ormazabal (Verizon) 23

24 External – Publications, Presentations, Recognition
Importance of rapid dissemination of results in industry and academia For knowledge diffusion and ubiquity among research practitioners For PR reasons (licensing agreements and potential sales) Presentation at NANOG 38 – Oct (HS/GO) Paper published in NANOG Proceedings - “Scalable Mechanisms for Protecting SIP-Based VoIP Systems” Made a headline in VON Magazine on October 11, 2006: Presentation to at Global 3G Evolution Forum – Tokyo, Japan, Jan (GO) Presentation/demo at IPTComm 2007 – New York City, July, 2007 (GO) Presentation at OSS/BSS Summit – Tucson, AZ, September, 2007 (GO) Presentation at Columbia Science and Technology Ventures Symposium: “From Signal to Information Displayed in a Wireless World”, April 2008 (HS/GO) Presentation at IPTComm 2008 – Heidelberg, July, 2008 “Secure SIP: A scalable prevention mechanism for DoS attacks on SIP based VoIP systems” (GO) Presentation at IIT VoIP Conference and Expo IV – Chicago, October, 2008 (GO) Paper published by Springer Verlag - “Principles, Systems and Applications of IP Telecommunications” in October 2008: Work incorporated in a new Masters level course on VoIP Security taught at Columbia since Fall 2006, every year COMS : Special Topics in Computer Science : VoIP Security (HS) CATT Technological Impact Award 24

25 Application Layer Security
SIP Security Overview Application Layer Security SIP RFC 2543 – little security SIP RFC 3261 – security enhancements Digest Authentication TLS IPSec SRTP/ZRTP (RFC 3711) Perimeter Protection SIP aware Filtering Mechanisms SIP aware DOS Protection Detection and Mitigation 25

26 SIP Security Overview - ??
Application layer security Digest Authentication, TLS, S/MIME, IPSec, certificates SRTP/ZRTP for media Convergence leads to converged attacks Data network attacks DDoS, spoofing, content alteration, platform attacks Voice over IP network attacks Toll fraud, session hijacking, theft of service, spam/spit Most security problems are due to User Datagram Protocol (UDP) instead of TCP/TLS Plain text instead of S/MIME Message/Method vulnerability Flexible grammar --> syntax-based attacks Application level security is already defined by SIP RFC 3261, an improvement from relatively less secure RFC Although they are good ways to prevent outright compromise of network, we need to extend our security architecture to deal with attacks like: Call fraud, compromised machines, theft of service, identity assurance and more. VoIP has converged advantages from various networks together: cost effectiveness of data networks and convenience of voice networks. However this convergence has also made VoIP susceptible to data network attacks like DDoS, Message Alteration, Spoofing, Session anomalies and also voice attacks like Call Theft, Call Hijacking, Spam. UDP – Spoofing; Plain Text – Spam, Flood of messages (although all SIP networks are not connected yet); Message Vulnerability – Network downtime, alteration, etc. Application Layer Security SIP RFC 2543 – little security SIP RFC 3261 – security enhancements Digest Authentication TLS IPSec SRTP/ZRTP Perimeter Protection SIP aware Filtering Mechanisms SIP aware DOS Protection Detection and Mitigation 26 26

27 SIP Detection and Mitigation Filters
Authentication Based - Return Routability Check Require SIP built-in digest authentication mechanism Null-authentication (no shared secret) Filter out spoofed sources Method Specific Based – Rate Limiting Transaction based Thresholding of message rates INVITE Errors State Machine sequencing Filter “out-of-state” messages Allow “in-state” messages Dialog based Only useful in BYE and CANCEL messages Dynamic Pinhole Filtering for RTP Only signaled RTP media channels can traverse perimeter Obtain from SDP interception End systems are protected against flooding of random RTP Rate limiting – SIP is request/response. Dialog, Transaction – are a way to granularize a sip session in space and time so thresholding can be applied more effectively . More details in the following slides By doing analysis, we’ve come up with narrow ranges in space and time of the expected number and order of requests/responses 27

28 Test Tools SIPp, SIPStone, and SIPUA are benchmarking tools for SIP proxy and redirect servers Establish calls using SIP in Loader/Handler mode A controller software module (secureSIP) wrapped over SIPp/SIPUA/SIPStone launches legitimate and illegitimate calls at a pre-configured workload SIPp Robust open-source test tool / traffic generator for SIP Customizable XML scenarios for traffic generation 5 inbuilt timers to provide accurate statistics Customized to launch attack (SIP DoS) traffic designed to cause proxy to fail SIPStone continuously launches spoofed calls which the proxy is expected to filter For this project enhanced with: Null Digest Authentication Optional spoofed source IP address SIP requests SIPUA Test Suite Has built-in Digest Authentication functionality Sends 160 byte RTP packets every 20ms Settable to shorter interval (10ms) if needed for granularity Starts RTP sequence numbers from zero Dumps call number, sequence number, current timestamp and port numbers to a file 28

29 Theft of Service Overview
VoIP is different Not a static but a real-time application Direct comparisons with PSTN According to Subex Azure 3% of total revenue is subject to “fraud”* VoIP can be expected to be at least twice as large a proportion of revenue Theft of Service is more daunting problem in VoIP Implications of ToS Lost revenue and bad reputation Abused resources cause monetary losses to network providers Unauthorized usage degrades whole system’s performance Scenarios Using services without paying Illegal Resource Sharing (unlimited-plans) Compromised Systems Call Spoofing and Vishing NOTE: Match earlier stuff on ToS with this slide and try to merge them While most billing issues can be effectively dealt with authentication and authorization, it is difficult for network to deal with compromised systems. As we are progressing, synonymous to developments in GSM phone, we will soon witness executable softwares (JVM) on voip phones and no authentication, authorization or encryption will be able to prevent compromised systems. The immediate solution to this problem is to analyze patterns to discover anomaly in the network usage and curb theft using turing test. Call spoofing and vishing not only will leave customers absolutely unsatisfied but also affect provider’s credibility in the long run. *Billing World and OSS Magazine: “Top Telco Frauds and How to Stop Them”, January 2007, by Geoff Ibett 29

30 Verification of security implementation
Theft of Service Goals Verification of security implementation Automate validation process Creating new tools and scripts Modify existing tools to create a package Architectural Integrity Verification Tool Identity Assurance Multiple End Points Intrusion Detection Black-box type abstraction

31 Theft of Service Challenges
Client-side threats Illegal resource sharing Compromised hardware Weak password Server-side threats Identity assurance Unauthorized registration, unauthenticated INVITE Digest authentication (nonce usage, password guessing) Transport protocol choice (TCP/UDP) TLS crypto strength Spoofing to gain privileged access DoS/DDoS attacks Implementation flaws Flooding billing system DoS amplification prevention on Billing systems Application level flaws Counter Method-based vulnerabilities BYE attack validation NOTE: Could be moved to end!!! While most billing issues can be effectively dealt with authentication and authorization, it is difficult for network to deal with compromised systems. As we are progressing, synonymous to developments in GSM phone, we will soon witness executable softwares (JVM) on voip phones and no authentication, authorization or encryption will be able to prevent compromised systems. The immediate solution to this problem is to analyze patterns to discover anomaly in the network usage and curb theft using turing test. Call spoofing and vishing not only will leave customers absolutely unsatisfied but also affect provider’s credibility in the long run. A consequence of call spoofing could that some one impersonates to be bank employee and steal customers financial information. This will not only have network security implications, but even a legal problem for a big provider like Verizon to have insecure network in place. 31

32 Theft of Service Challenges
Service threats Distinguish between audio call, single media stream or multiple destination signaling Multimedia services, messages, etc. Launching multiple simultaneous accounts Multiple end-points Authorization Safeguards 800 numbers, emergency number Voic messages checking portability ensured Intrusion detection Existing call logs help find patterns and detect anomaly The ultimate aim of validation tools is to create a tool that would automatically evaluate system performance without manual inputs. 32

33 Discussion… A “successful” collaboration
33 33

34 A Successful Collaboration
Want a realistic perspective on what makes projects succeed and what is unlikely to work Project is not in critical path of current deployments but is very relevant Industry must see value or need to pursue IP Rapid commercialization/productization for in-house use Agreement on fair distribution of rights/obligations Typical arrangement: GRA + professor Frequently needs to supervise multiple projects at the same time Companies often seem to have the illusion that they get the faculty's full attention... Require full attention of industry SME Student mentoring/coaching Industry perspective Writing/Presentation skills Clear understanding of deliverables Standards Reports Systems/Prototypes Timelines Start time and academic calendar - MS GRA vs. PhD

Download ppt "Gaston Ormazabal Verizon Laboratories"

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
www.dynamicsoft.com Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
© Verizon Copyright 2008. 1 June 12, 2015 Columbia - Verizon Research Collaboration Secure SIP: Scalable DoS and ToS Prevention Mechanisms for SIP-based.

© Verizon Copyright June 12, 2015 Columbia - Verizon Research Collaboration Secure SIP: Scalable DoS and ToS Prevention Mechanisms for SIP-based.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.

July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.
© Verizon Copyright 2009. June 23, 2015 Columbia - Verizon Research Secure SIP: Scalable DoS Prevention Mechanisms for SIP- based VoIP Systems, and Validation.

© Verizon Copyright June 23, 2015 Columbia - Verizon Research Secure SIP: Scalable DoS Prevention Mechanisms for SIP- based VoIP Systems, and Validation.
May 23, 2006 Columbia Verizon Research Security: SIP Application Layer Gateway Eilon Yardeni Columbia University Gaston Ormazabal Verizon Labs.

May 23, 2006 Columbia Verizon Research Security: SIP Application Layer Gateway Eilon Yardeni Columbia University Gaston Ormazabal Verizon Labs.

Similar presentations

Ads by Google