MITP 458 : Information Security and Assurance VOIP  Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui
VOIP <ul><li>Overview - What is VOIP? </li></ul><ul><li>Business Concern </li></ul><ul><li>Security Issues  </li></ul><ul>...
Overview <ul><li>VOIP  </li></ul><ul><li>Protocol optimized for the transmission of voice through the Internet or other pa...
Business Concern <ul><li>Highly complex communication </li></ul><ul><li>Critical communication should remain confidential ...
Security Issues <ul><li>Confidentiality </li></ul><ul><li>Broadband pipe serving the VOIP and data center services must of...
Availability <ul><li>Why is it important </li></ul><ul><ul><li>Emergency </li></ul></ul><ul><ul><li>Business </li></ul></u...
Attack example <ul><li>DoS attack </li></ul><ul><li>The most serious threat to VoIP is a distributed denial of service (Do...
Current Solution <ul><li>vLAN </li></ul><ul><li>Isolate VoIP calls from other traffic in the network by creating a segrega...
Current Solution <ul><li>Effective monitoring </li></ul><ul><li>Monitoring geographic destinations of VoIP traffic  </li><...
Current solution <ul><li>Redundancy </li></ul><ul><li>Setup switches that will re-route the VOIP traffic when the main rou...
VOIP Questions?
Upcoming SlideShare
Loading in …5
×

VoIP Security

380 views
351 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
380
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • From wikipedia: http://en.wikipedia.org/wiki/VoIP
  • We are going to focus on Availability
  • http://www.silicon.com/research/specialreports/voipsecurity/0,3800013656,39166479,00.htm
  • http://www.itsecurity.com/features/darks-side-voip-072407/) Change the title??
  • http://searchnetworking.techtarget.com/news/article/0,289142,sid7_gci995236,00.html
  • VoIP Security

    1. 1. MITP 458 : Information Security and Assurance VOIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui
    2. 2. VOIP <ul><li>Overview - What is VOIP? </li></ul><ul><li>Business Concern </li></ul><ul><li>Security Issues </li></ul><ul><li>Availability </li></ul><ul><li>Attack example </li></ul><ul><li>Current solution </li></ul>
    3. 3. Overview <ul><li>VOIP </li></ul><ul><li>Protocol optimized for the transmission of voice through the Internet or other packet switched networks </li></ul><ul><li>Often used abstractly to refer to the actual transmission of voice (rather than the protocol implementing it) </li></ul><ul><li>Also referred to as IP telephony, Internet telephony, voice over broadband, broadband telephony, and broadband phone. </li></ul>
    4. 4. Business Concern <ul><li>Highly complex communication </li></ul><ul><li>Critical communication should remain confidential </li></ul><ul><li>Data should remain accurate </li></ul><ul><li>Compliance issues along with privacy of users </li></ul>
    5. 5. Security Issues <ul><li>Confidentiality </li></ul><ul><li>Broadband pipe serving the VOIP and data center services must offer transmission confidentiality. </li></ul><ul><li>  </li></ul><ul><li>Authenticity </li></ul><ul><li>Access to the data servers must offer fool-proof authentication. </li></ul><ul><li>  </li></ul><ul><li>Integrity </li></ul><ul><li>Voice quality and data accuracy is critical to the success of service offerings. </li></ul><ul><li>  </li></ul><ul><li>Availability </li></ul><ul><li>VOIP and data center servers must have industry standard uptime. </li></ul>
    6. 6. Availability <ul><li>Why is it important </li></ul><ul><ul><li>Emergency </li></ul></ul><ul><ul><li>Business </li></ul></ul><ul><ul><li>Sale </li></ul></ul><ul><ul><li>Communication </li></ul></ul><ul><li>They type of attacks to VOIP </li></ul><ul><ul><li>DoS Attack </li></ul></ul><ul><ul><li>Spit (Spam) </li></ul></ul><ul><ul><li>Fraud </li></ul></ul>
    7. 7. Attack example <ul><li>DoS attack </li></ul><ul><li>The most serious threat to VoIP is a distributed denial of service (DoS) attack </li></ul><ul><li>Can effect any internet-connected device </li></ul><ul><li>Floods networks with spurious traffic or server requests. </li></ul><ul><li>Usually generated by machines that have been compromised by a virus or other malware </li></ul><ul><li>Servers grind to a halt and ignore/cant process new requests due to increased traffic </li></ul>
    8. 8. Current Solution <ul><li>vLAN </li></ul><ul><li>Isolate VoIP calls from other traffic in the network by creating a segregated vLAN </li></ul><ul><li>Also used to prioritize voice traffic and keep it up and running during a DoS attack. </li></ul><ul><li>Cons </li></ul><ul><li>Wasted bandwidth </li></ul><ul><li>Cost to implement and monitor </li></ul>
    9. 9. Current Solution <ul><li>Effective monitoring </li></ul><ul><li>Monitoring geographic destinations of VoIP traffic </li></ul><ul><li>Sudden changes in the overall geographic distribution of network traffic originating from inside the VoIP network could indicate that unauthorized users are abusing the system to commit toll fraud </li></ul><ul><li>Cons </li></ul><ul><li>Increased cost due to labor intensive monitoring </li></ul><ul><li>False positive readings </li></ul>
    10. 10. Current solution <ul><li>Redundancy </li></ul><ul><li>Setup switches that will re-route the VOIP traffic when the main router/network is down. </li></ul><ul><li>In he event of a DOS attack all VOIP traffic will be switched to another network to prevent service interruption . </li></ul><ul><li>Cons </li></ul><ul><li>Setup will require extra hardware and therefore more maintenance, cost, and labor </li></ul><ul><li>Load balancers, switches… </li></ul>
    11. 11. VOIP Questions?

    ×