Your SlideShare is downloading. ×
0
Unified Communications
Security

Securing UC Networks


 AKHIL BEHL
 CCIE 19564 (Voice, Security)
 Network Consulting Engi...
UC Security - Session Agenda

UC Security Introduction – Threats to UC
Rationale Behind Securing UC Networks
What To Prote...
UC Security Introduction

Threats To UC Networks




     © 2009 Akhil Behl – UC Security Presentation.   3
Unified Communications Threats

   Toll fraud                                        Faking identity
                     ...
UC Security

Rationale Behind Securing
UC Networks




     © 2009 Akhil Behl – UC Security Presentation.   5
VoIP Network Attacked / Hacked !
 VoIP Network Security: How                            Small business gets
 a Hacker Took...
Rationale Behind Adoption Of UC Security
   Secure UC infrastructure
 Allows securing what is an asset to a
 company’s or ...
UC Security

What To Secure
How To Secure




    © 2009 Akhil Behl – UC Security Presentation.   8
UC Security – What To Secure, How To Secure
     Large Branch                                                      Data Ce...
UC Security – Check List, Wish List
UC Network Security (securing network infrastructure)
  Well defined UC security polic...
UC Security

Deployment Strategy




    © 2009 Akhil Behl – UC Security Presentation.   11
A Tale Of Two Cities
                    Secure Unified
     Secure Network
                  Communications Secure Teleph...
UC Security Deployment Strategy




                                                  End-To-End
                         ...
End to End UC Security – Demystified
 Physical Security                                        Network Security           ...
UC Security


Cost, Complexity, Security




     © 2009 Akhil Behl – UC Security Presentation.   15
Security: A Balance Between Risk And Cost
                                              Complexity, Security Level, Cost

...
Q&A ?



© 2009 Akhil Behl – UC Security Presentation.           17
Thank You
© 2009 Akhil Behl – UC Security Presentation.   18
Upcoming SlideShare
Loading in...5
×

Akhil Behl - Securing UC Networks - Interop Mumbai 2009

645

Published on

With the increasing adoption of Unified Communication (UC) tools, it is imperative for organizations to understand the key security threats, and the solutions they can adopt to mitigate the same. This presentation will focus on how UC security can be made robust using underlying network and tools/services available in standard UC applications

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
645
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
32
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Akhil Behl - Securing UC Networks - Interop Mumbai 2009"

  1. 1. Unified Communications Security Securing UC Networks AKHIL BEHL CCIE 19564 (Voice, Security) Network Consulting Engineer, GDC Cisco Systems India akbehl@cisco.com +919999908169 © 2009 Akhil Behl – UC Security Presentation 1
  2. 2. UC Security - Session Agenda UC Security Introduction – Threats to UC Rationale Behind Securing UC Networks What To Protect, How To Protect Deployment Strategy Cost, Complexity, Security Q&A © 2009 Akhil Behl – UC Security Presentation. 2
  3. 3. UC Security Introduction Threats To UC Networks © 2009 Akhil Behl – UC Security Presentation. 3
  4. 4. Unified Communications Threats Toll fraud Faking identity Impersonating others Unauthorized or unbillable resource utilization (spoofing) Eavesdropping Denying service Listening to another’s call DOS attacks, hanging up others’ conversations Gaining private Hijacking calls information Injecting audio streams, rerouting Caller ID, password/accounts, calls calling patterns (Reconnaissance) © 2009 Akhil Behl – UC Security Presentation. 4
  5. 5. UC Security Rationale Behind Securing UC Networks © 2009 Akhil Behl – UC Security Presentation. 5
  6. 6. VoIP Network Attacked / Hacked ! VoIP Network Security: How Small business gets a Hacker Took Advantage of $120,000 phone bill after Vulnerabilities hackers attack VoIP phone By Special Correspondent By Technology Correspondent Miami: The federal government Sydney: A small business landed arrested Edwin Andrew Pena, 23, with a $120,000 phone bill after owner of Fortes Telecom Inc. and criminals hacked into its internet Miami Tech & Consulting Inc., for phone system and used it to hacking into other providers' make 11,000 international calls in networks, routing his customer’s just 46 hours. calls onto those platforms, then billing those companies and pocketing the proceeds. He reaped more than $1 million. Source - Source - http://www.coresecurity.com/content/V http://www.news.com.au/technology/ oIP-network-security-how-a-hacker- story/0,28348,24939188- took-advantage 5014239,00.html © 2009 Akhil Behl – UC Security Presentation. 6
  7. 7. Rationale Behind Adoption Of UC Security Secure UC infrastructure Allows securing what is an asset to a company’s or an organization’s daily life operations Secure the conversation Ensures that the business doesn’t suffer any losses due to eavesdropping or hacking of voice calls Business continuity Ensures that the business continuity is maintained and the chances of disruption or losses are minimized The protection of both voice and data communication is critical to the business © 2009 Akhil Behl – UC Security Presentation. 7
  8. 8. UC Security What To Secure How To Secure © 2009 Akhil Behl – UC Security Presentation. 8
  9. 9. UC Security – What To Secure, How To Secure Large Branch Data Center CUCM Unity VM HQ PSTN TLS Proxy WAN Wireless Small Branch VPN Call Center Agents Mobile Worker © 2009 Akhil Behl – UC Security Presentation. 9
  10. 10. UC Security – Check List, Wish List UC Network Security (securing network infrastructure) Well defined UC security policy Secured network infrastructure (AAA, IPS, Firewall, L2/L3 Security) Secure IPT equipment (Physical and Network Security) IPSec tunnels to remote SOHO sites / Client VPN to mobile workers Firewall TLS proxy / phone proxy feature support UC Network Security (securing UC applications) Role based administration / multiple level administration Secure gateway trunks, inter cluster trunks Secure gatekeeper (RAS) communication (subnet, registration) 3rd party CA for HTTPS, TLS Secure endpoints (including Soft Phone) – TLS, 802.1x Wireless phones use certificate authentication and WPA Calling restriction (based on role or function) Secure conference calls Secure voicemail ports © 2009 Akhil Behl – UC Security Presentation. 10
  11. 11. UC Security Deployment Strategy © 2009 Akhil Behl – UC Security Presentation. 11
  12. 12. A Tale Of Two Cities Secure Unified Secure Network Communications Secure Telephony A secure network is the foundation for a secure Unified Communication network A secure Unified Communications network is an asset for the organization © 2009 Akhil Behl – UC Security Presentation. 12
  13. 13. UC Security Deployment Strategy End-To-End UC Security Approach © 2009 Akhil Behl – UC Security Presentation. 13
  14. 14. End to End UC Security – Demystified Physical Security Network Security UC Security Building Security Access Layer Security IP PBX Platform Security Badge access for employee 802.1x Authentication, HIPS, Internal Firewall, HTTPS L2 filtering, QoS , VLANs Access Data Center Security Access limited to Authorized Core and Distribution Gateway Security, UC NOC Personnel Only Layer Security Endpoint Security ACL’s Authentication for Routing Secure Conf, Secure SRST, Secure Trunk , SRTP, TLS for Wiring Closet Security signaling Access limited to Authorized Wireless Security NOC Personnel Only WPA, Certificate authentication UC Application Security Unity VM, UCCX, MPE, etc Remote Network Security IPSec VPN Ecosystem (3rd Party) Firewalls and Intrusion App Security Prevention Attendant Console, CTI ALG Firewall (ASA) © 2009 Akhil Behl – UC Security Presentation. 14
  15. 15. UC Security Cost, Complexity, Security © 2009 Akhil Behl – UC Security Presentation. 15
  16. 16. Security: A Balance Between Risk And Cost Complexity, Security Level, Cost Low Medium High Easy ,Default Security, No Moderate, Reasonable Hard, Highly Secure, Cost Additional Cost Security, Nominal Cost may go higher Separate Voice & Data VLANs UC Aware Firewalls Complex Firewalls (ALG) STP/BPDU Guard, Port Security Catalyst Integrated Security Rate Limiting ACL’s Basic ACL’s Optional OS Hardening VPN – SOHO/Mobile Worker Standard Server/OS Hardening CSA NAC / 802.1X Class of Restriction (Toll Fraud) Encrypted Configs Network Anomaly Detection / IPS Anti-Virus TLS/SRTP – Phones, Applications Security Event Management HTTPS access to UC Applications IPSec / SRTP to Gateways TLS / Phone Proxy Signed Firmware Scavenger QOS Phone Security Settings © 2009 Akhil Behl – UC Security Presentation. 16
  17. 17. Q&A ? © 2009 Akhil Behl – UC Security Presentation. 17
  18. 18. Thank You © 2009 Akhil Behl – UC Security Presentation. 18
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×