• Like
  • Save
Kealy Kevin
Upcoming SlideShare
Loading in...5
×

Kealy Kevin

  • 376 views
Uploaded on

 

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
376
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • SLIDE 1 - TITLE SLIDE

Transcript

  • 1. VoIP Security… March 18, 2008 Kevin Kealy AT&T Security Scientist Before we begin… The Dark Side Delivered
  • 2. Cautionary Language Concerning Forward-Looking Statements
    • Information set forth in this presentation contains financial estimates and other forward-looking statements that are subject to risks and uncertainties, and actual results may differ materially. A discussion of factors that may affect future results is contained in AT&T's filings with the Securities and Exchange Commission. AT&T disclaims any obligation to update or revise statements contained in this presentation based on new information or otherwise. This presentation may contain certain non-GAAP financial measures.  Reconciliations between the non-GAAP financial measures and the GAAP financial measures are available on the company’s website at www.att.com/investor.relations.
    © 2008 AT&T Intellectual Property.  All rights reserved. Page
  • 3. VoIP Security Objectives
    • Availability of the VoIP Service
      • Stop denial or even deterioration of service functionality
    • Integrity of the VoIP environment
      • Prevent theft and fraudulent use of VoIP
      • Ensure service and features operate properly
    • Confidentiality and Data Privacy in VoIP
      • Keep information secure and private
    © 2008 AT&T Intellectual Property.  All rights reserved. Page
  • 4. AT&T VoIP Security Architecture
    • AT&T Labs has designed a VoIP Functional Architecture for all of its VoIP Services
    • AT&T Labs has designed a VoIP Security Architecture to provide end-to-end security for the Functional Architecture
    • The VoIP Security Architecture provides defense-in-depth security to protect against potential vulnerabilities
      • The VoIP Functional and Security Architectures are pictured on the following slides
    © 2008 AT&T Intellectual Property.  All rights reserved. Page
  • 5. AT&T VoIP Functional Architecture © 2008 AT&T Intellectual Property.  All rights reserved. Page Voice Applications Common VoIP Connectivity Layer IP/MPLS Converged Network MGCP Border Element SIP Border Element H.323 Border Element VoIP Network Element PSTN Network Gateway Border Element VoIP Application Server Customer Premises Layer H.323 Endpoints MGCP Endpoints SIP Endpoints
  • 6. © 2008 AT&T Intellectual Property.  All rights reserved. Page AT&T VoIP Security Domains Customer Premises Domain AT&T VoIP Border Domain Common VoIP Connectivity Layer IP/MPLS Converged Network Voice Applications MGCP Border Element SIP Border Element H.323 Border Element VoIP Network Element PSTN Network Gateway Border Element VoIP Application Server Customer Premises Layer H.323 Endpoints MGCP Endpoints AT&T VoIP Infrastructure Domain SIP Endpoints
  • 7. End-to-end Security Domains © 2008 AT&T Intellectual Property.  All rights reserved. Page Customer Premises Border Domain AT&T Border Domain Customer Premises Domain IP/MPLS Converged Network Voice Applications MGCP Border Element SIP Border Element H.323 Border Element VoIP Network Element PSTN Network Gateway Border Element VoIP Application Server Customer Premises Layer H.323 Endpoints MGCP Endpoints AT&T VoIP Infrastructure Domain SIP Endpoints Common VoIP Connectivity Layer
  • 8.
    • AT&T Security Policy and Requirements (ASPR) and AT&T ExpressOne Service Realization Process provide security foundation
    • AT&T’s IP/MPLS Converged Network deploys State-of-the-art Security
      • AT&T Internet Protect
      • 24x7 Security Network Operations Center (SNOC)
    • AT&T MPLS Voice Aware Network provides security and QoS
    • Network Management is out-of-band
    • AT&T Global Fraud Management System protects AT&T VoIP
    AT&T Infrastructure Domain © 2008 AT&T Intellectual Property.  All rights reserved. Page Common VoIP Connectivity Layer Voice Applications IP Border Element IP Border Element IP Border Element PSTN Network Gateway Border Element VoIP Application Server VoIP Network Element
  • 9.
    • VoIP Border Elements protect the VoIP Services – Authentication, Call Admission, DoS protection
    • Border Elements proxy all traffic and provide NAT to protect and “hide” trusted infrastructure
    • Malformed and unexpected messages are discarded on both Trusted and Untrusted interfaces
    • Separate physical interfaces are used for signaling and OA&M traffic with no routing between interfaces
    • Limits can be placed to or from external IP addresses for
      • Number of calls per time, number of simultaneous calls, bandwidth
    AT&T VoIP Border Domain © 2008 AT&T Intellectual Property.  All rights reserved. Page IP Border Element IP Border Element IP Border Element
  • 10. AT&T Internal MPLS VoIP VPN © 2008 AT&T Intellectual Property.  All rights reserved. Page AT&T VoIP Border Domain AT&T VoIP Infrastructure Domain AT&T MPLS VoIP VPN IP Border Element IP Border Element IP Border Element Network Gateway Border Element VoIP Application Server VoIP Network Element PSTN
  • 11. AT&T MPLS VPNs © 2008 AT&T Intellectual Property.  All rights reserved. Page
  • 12. AT&T MPLS VPNs
    • AT&T Internal MPLS VPN Voice Aware Network
      • Provides security and QoS for AT&T VoIP communications within the AT&T Trusted Domain
    • AT&T Hub-and-spoke MPLS VoIP VPN for Customer Access
      • Provides security and QoS for AT&T VoIP communications from the customer sites to the AT&T VoIP Network Elements
    • AT&T MPLS Data VPNs
      • Provides security and QoS for customer data communications
    © 2008 AT&T Intellectual Property.  All rights reserved. Page
  • 13. AT&T Hub and Spoke MPLS VoIP VPN © 2008 AT&T Intellectual Property.  All rights reserved. Page
  • 14. Separation of AT&T MPLS VPNs
    • AT&T MPLS VPNs provide separation and security
    • AT&T Internal MPLS VPN Voice Aware Network
      • Customer access is never permitted directly into this VPN
      • All customer access is mediated by AT&T IP Border Elements
    • AT&T Hub-and-spoke MPLS VPN for Customer Access
      • Customers are permitted to communicate from their sites only to the AT&T IP Border Elements
      • Direct customer-customer communication is not permitted through this VPN
        • Customers can only communicate to other customers by making calls through the AT&T VoIP Network Elements
    • AT&T MPLS Data VPNs
      • Customers can communicate among their locations
    © 2008 AT&T Intellectual Property.  All rights reserved. Page
  • 15. Summary © 2008 AT&T Intellectual Property.  All rights reserved. Page AT&T ASPR and OneProcess AT&T Security Innovations AT&T MPLS Security and QoS AT&T VoIP Security
  • 16. © 2008 AT&T Intellectual Property.  All rights reserved. Page Thank You!