VoIP Security
Upcoming SlideShare
Loading in...5

VoIP Security






Total Views
Views on SlideShare
Embed Views



1 Embed 2

http://www.slideshare.net 2



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • From wikipedia: http://en.wikipedia.org/wiki/VoIP
  • We are going to focus on Availability
  • http://www.silicon.com/research/specialreports/voipsecurity/0,3800013656,39166479,00.htm
  • http://www.itsecurity.com/features/darks-side-voip-072407/) Change the title??
  • http://searchnetworking.techtarget.com/news/article/0,289142,sid7_gci995236,00.html

VoIP Security VoIP Security Presentation Transcript

  • MITP 458 : Information Security and Assurance VOIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui
  • VOIP
    • Overview - What is VOIP?
    • Business Concern
    • Security Issues
    • Availability
    • Attack example
    • Current solution
  • Overview
    • VOIP
    • Protocol optimized for the transmission of voice through the Internet or other packet switched networks
    • Often used abstractly to refer to the actual transmission of voice (rather than the protocol implementing it)
    • Also referred to as IP telephony, Internet telephony, voice over broadband, broadband telephony, and broadband phone.
  • Business Concern
    • Highly complex communication
    • Critical communication should remain confidential
    • Data should remain accurate
    • Compliance issues along with privacy of users
  • Security Issues
    • Confidentiality
    • Broadband pipe serving the VOIP and data center services must offer transmission confidentiality.
    • Authenticity
    • Access to the data servers must offer fool-proof authentication.
    • Integrity
    • Voice quality and data accuracy is critical to the success of service offerings.
    • Availability
    • VOIP and data center servers must have industry standard uptime.
  • Availability
    • Why is it important
      • Emergency
      • Business
      • Sale
      • Communication
    • They type of attacks to VOIP
      • DoS Attack
      • Spit (Spam)
      • Fraud
  • Attack example
    • DoS attack
    • The most serious threat to VoIP is a distributed denial of service (DoS) attack
    • Can effect any internet-connected device
    • Floods networks with spurious traffic or server requests.
    • Usually generated by machines that have been compromised by a virus or other malware
    • Servers grind to a halt and ignore/cant process new requests due to increased traffic
  • Current Solution
    • vLAN
    • Isolate VoIP calls from other traffic in the network by creating a segregated vLAN
    • Also used to prioritize voice traffic and keep it up and running during a DoS attack.
    • Cons
    • Wasted bandwidth
    • Cost to implement and monitor
  • Current Solution
    • Effective monitoring
    • Monitoring geographic destinations of VoIP traffic
    • Sudden changes in the overall geographic distribution of network traffic originating from inside the VoIP network could indicate that unauthorized users are abusing the system to commit toll fraud
    • Cons
    • Increased cost due to labor intensive monitoring
    • False positive readings
  • Current solution
    • Redundancy
    • Setup switches that will re-route the VOIP traffic when the main router/network is down.
    • In he event of a DOS attack all VOIP traffic will be switched to another network to prevent service interruption .
    • Cons
    • Setup will require extra hardware and therefore more maintenance, cost, and labor
    • Load balancers, switches…
  • VOIP Questions?