Security in VoIP Networks Juan C Pelaez Florida Atlantic University
What is VoIP? <ul><li>VoIP (Voice over Internet Protocol), </li></ul><ul><li>sometimes referred to as Internet </li></ul><...
Overview of VoIP(1) VoIP  enables people to use the Internet as the transmission medium for telephone calls. For users who...
Overview of VoIP(2)   <ul><li>VoIP: yet another Internet service </li></ul><ul><ul><li>(Telephone, Radio, Video) over IP <...
VoIP Protocols <ul><li>Most implementations use H.323 protocol </li></ul><ul><li>–  Same protocol that is used for IP vide...
Internet telephony protocol stack
H.323 Signaling and Media Channels <ul><li>H.225.0/RAS Channel </li></ul><ul><ul><li>RAS(Registration, Admission & Status)...
H.323 VoIP Components <ul><li>H.323 defines four logical components </li></ul><ul><ul><li>Terminals,  </li></ul></ul><ul><...
IP telephony  PSTN Public Switched Telephone Network Gateway IP PBX Call Control Call Setup Media Exchange Call Signaling ...
 
VoIP requires…. <ul><li>Handsets </li></ul><ul><li>Softphones </li></ul><ul><li>Gateways </li></ul><ul><li>Gatekeepers </l...
VoIP requires….(Cont.) SOFTPHONES  IP PBX GATEWAY MCU PSTN Gatekeeper PSTN
 
Security Threats and Defense Mechanisms <ul><li>Denial-of-service (DOS) </li></ul><ul><li>- Separation of the voice and da...
Call Interception - Example
Security Threats and Defense Mechanisms(2) <ul><li>Theft of service (Traditional fraud) </li></ul><ul><li>- Getting free s...
Other Security Threats and Defense Mechanisms <ul><li>Masquerading/Man-in-the-middle attacks  </li></ul><ul><ul><li>Endpoi...
Scope of H.235 AV  applications Terminal control and management RTCP H.225.0 Terminal To  GK Signaling (RAS) H.225.0 Call ...
Challenges for IP Telephony <ul><li>NAT/Firewall Traversal Problem </li></ul><ul><li>NAT= Network Address translation </li...
NAT/Firewall Traversal Issue X Signaling & Control In-bound Media and RTP Out-bound Media Capabilities and RTP Transient P...
Firewall/NAT Solutions (1) <ul><li>Proxies (Multimedia Gateway) </li></ul><ul><li>- Designed to handle real-time  communic...
Multimedia Gateway (Proxy)
<ul><li>Virtual Private Network (VPN) </li></ul><ul><ul><ul><li>A secure connection between two points across the Internet...
 
Conclusion <ul><li>VoIP just adds - more assets, more threat locations, more vulnerabilities – to the data network,  becau...
Upcoming SlideShare
Loading in...5
×

Security in VoIP

1,020

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,020
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
128
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • VPN network that is constructed by using public wires to connect nodes. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
  • Security in VoIP

    1. 1. Security in VoIP Networks Juan C Pelaez Florida Atlantic University
    2. 2. What is VoIP? <ul><li>VoIP (Voice over Internet Protocol), </li></ul><ul><li>sometimes referred to as Internet </li></ul><ul><li>telephony, is a method of digitizing </li></ul><ul><li>voice, encapsulating the digitized voice </li></ul><ul><li>into packets and transmitting those </li></ul><ul><li>packets over a packet switched IP </li></ul><ul><li>network. </li></ul>
    3. 3. Overview of VoIP(1) VoIP enables people to use the Internet as the transmission medium for telephone calls. For users who have free, or fixed-price, Internet access, Internet telephony software essentially provides free telephone calls anywhere in the world. To date, however, Internet telephony does not offer the same quality (easy target of security attacks) of telephone service as direct telephone connections.
    4. 4. Overview of VoIP(2) <ul><li>VoIP: yet another Internet service </li></ul><ul><ul><li>(Telephone, Radio, Video) over IP </li></ul></ul><ul><li>Services: </li></ul><ul><ul><ul><li>email/web/calendar integration, emergency services, call scheduling, Interactive Voice Response (IVR), instant messaging, personal mobility… </li></ul></ul></ul>
    5. 5. VoIP Protocols <ul><li>Most implementations use H.323 protocol </li></ul><ul><li>– Same protocol that is used for IP video. </li></ul><ul><li>– Uses TCP for call setup </li></ul><ul><li>– Traffic is actually carried on RTP (Real Time Protocol) which runs on top of UDP. </li></ul><ul><li>SIP defines a distributed architecture for </li></ul><ul><li>creating multimedia applications, including VoIP </li></ul><ul><li>VoIP = Transport + QoS + Signaling </li></ul><ul><ul><li>Transport : RTP </li></ul></ul><ul><ul><li>QoS : RTCP (Real-Time Transport Protocol) </li></ul></ul><ul><ul><li>Signaling: H.323, SIP, MGCP/Megaco </li></ul></ul>
    6. 6. Internet telephony protocol stack
    7. 7. H.323 Signaling and Media Channels <ul><li>H.225.0/RAS Channel </li></ul><ul><ul><li>RAS(Registration, Admission & Status) control between Endpoints (terminals, gateways, MCUs) and its Gatekeeper </li></ul></ul><ul><li>H.225.0 Call Signaling Channel </li></ul><ul><ul><li>Call remote endpoint </li></ul></ul><ul><ul><li>Establish H.245 address </li></ul></ul><ul><li>H.245 Control Channel </li></ul><ul><ul><li>Open control channel; Terminal capability negotiation </li></ul></ul><ul><ul><li>Open/close logical channels </li></ul></ul><ul><ul><li>Establish UDP ports for A/V </li></ul></ul><ul><li>RTP/RTCP Logical Channels for Media Stream </li></ul><ul><ul><li>Carry media (audio, video, data, etc.) data within logical channels </li></ul></ul>
    8. 8. H.323 VoIP Components <ul><li>H.323 defines four logical components </li></ul><ul><ul><li>Terminals, </li></ul></ul><ul><ul><li>Gateways, </li></ul></ul><ul><ul><li>Gatekeepers and </li></ul></ul><ul><ul><li>Multipoint Control Units (MCUs). </li></ul></ul><ul><li>Terminals, gateways and MCUs are known as endpoints. </li></ul>
    9. 9. IP telephony PSTN Public Switched Telephone Network Gateway IP PBX Call Control Call Setup Media Exchange Call Signaling (RAS) Call Processing PSTN
    10. 11. VoIP requires…. <ul><li>Handsets </li></ul><ul><li>Softphones </li></ul><ul><li>Gateways </li></ul><ul><li>Gatekeepers </li></ul><ul><li>Conference Bridge </li></ul><ul><li>IP PBX </li></ul><ul><li>H.323, SIP, MGCP/Megaco </li></ul>
    11. 12. VoIP requires….(Cont.) SOFTPHONES IP PBX GATEWAY MCU PSTN Gatekeeper PSTN
    12. 14. Security Threats and Defense Mechanisms <ul><li>Denial-of-service (DOS) </li></ul><ul><li>- Separation of the voice and data segments using VPNs </li></ul><ul><li>Call interception (Invasion of privacy) </li></ul><ul><li>- Encrypt VOIP traffic where possible </li></ul><ul><li>- Lawful interception </li></ul>
    13. 15. Call Interception - Example
    14. 16. Security Threats and Defense Mechanisms(2) <ul><li>Theft of service (Traditional fraud) </li></ul><ul><li>- Getting free service or free features </li></ul><ul><li>- Use strong authentication </li></ul><ul><li>- Call-processing Manager will not allow unknown phones to be configured </li></ul><ul><li>Signal protocol tampering </li></ul><ul><li>-capture the packets that set up the call. </li></ul><ul><li>-user could manipulate fields in the data stream and make VOIP calls without using a VOIP phone. </li></ul>
    15. 17. Other Security Threats and Defense Mechanisms <ul><li>Masquerading/Man-in-the-middle attacks </li></ul><ul><ul><li>Endpoint authentication </li></ul></ul><ul><li>Spoofing/connection hijacking </li></ul><ul><ul><li>User/message authentication and integrity </li></ul></ul><ul><li>Message manipulation </li></ul><ul><ul><li>Message authentication </li></ul></ul><ul><li>Virus and Trojan-horse applications </li></ul><ul><li>-Host based virus scanning </li></ul><ul><li>Repudiation </li></ul><ul><li>- Call-processing manager </li></ul>
    16. 18. Scope of H.235 AV applications Terminal control and management RTCP H.225.0 Terminal To GK Signaling (RAS) H.225.0 Call Signaling (Q.931) H.245 Call Control Transport Security (TLS) Audio G.xxx Video H.26x Encryption Auth. RTP Unreliable Transport/UDP, IPX Reliable Trans./TCP Network Layer/IP, Network Security/IPsec Link Layer Physical Layer
    17. 19. Challenges for IP Telephony <ul><li>NAT/Firewall Traversal Problem </li></ul><ul><li>NAT= Network Address translation </li></ul><ul><li>IP Telephony uses UDP as transmission </li></ul><ul><li>protocol </li></ul><ul><li>IP Telephony uses dynamic port address </li></ul><ul><li>For these protocols to pass the firewall, the specific static and the range of dynamic ports must be opened for all traffic. </li></ul><ul><li>IP addresses are embedded in the payload </li></ul><ul><li>NAT only handles outgoing connections </li></ul>
    18. 20. NAT/Firewall Traversal Issue X Signaling & Control In-bound Media and RTP Out-bound Media Capabilities and RTP Transient Ports
    19. 21. Firewall/NAT Solutions (1) <ul><li>Proxies (Multimedia Gateway) </li></ul><ul><li>- Designed to handle real-time communications </li></ul><ul><li>Gateways </li></ul><ul><li> - Converts from IP to PSTN voice </li></ul><ul><li>Application Level Gateways (ALG) </li></ul><ul><li>- Firewalls programmed to understand IP Protocols </li></ul><ul><li>Demilitarized Zone (DMZ) </li></ul><ul><li>- Overcomes problem by placing a MCU </li></ul>
    20. 22. Multimedia Gateway (Proxy)
    21. 23. <ul><li>Virtual Private Network (VPN) </li></ul><ul><ul><ul><li>A secure connection between two points across the Internet </li></ul></ul></ul><ul><li>Tunneling </li></ul><ul><ul><ul><li>The process by which VPNs transfer information by encapsulating traffic in IP packets and sending the packets over the Internet </li></ul></ul></ul>Firewall/NAT Solutions (2)
    22. 25. Conclusion <ul><li>VoIP just adds - more assets, more threat locations, more vulnerabilities – to the data network, because of new equipment, protocols, and processes on the data network </li></ul><ul><li>To increase security and performance it’s recommended to use VPNs to separate VoIP from data traffic. </li></ul><ul><li>Instead of using VPN segmentation, users may consider using a multimedia gateway or reverse proxy. </li></ul>
    1. Gostou de algum slide específico?

      Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

    ×