Securing Unified Communications Systems
Upcoming SlideShare
Loading in...5
×
 

Securing Unified Communications Systems

on

  • 1,695 views

As applications move into the multichannel and interconnected world, what are the security concerns you need to consider? Dan York, author of the bestselling book The Seven Deadliest Unified ...

As applications move into the multichannel and interconnected world, what are the security concerns you need to consider? Dan York, author of the bestselling book The Seven Deadliest Unified Communication Attacks, will discuss the major risk areas of unified communications, what steps you can take to mitigate/reduce those risks, a checklist of questions to consider in your implementation, and a look at the future in an increasingly interconnected and converged network. Presentation give at SpeechTEK New York 2010. More info at: http://blogs.voxeo.com/events/speechtek-ny-2010/

Statistics

Views

Total Views
1,695
Views on SlideShare
1,548
Embed Views
147

Actions

Likes
1
Downloads
55
Comments
0

3 Embeds 147

http://blogs.voxeo.com 145
http://webcache.googleusercontent.com 1
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Securing Unified Communications Systems Securing Unified Communications Systems Presentation Transcript

  • Securing Communications! SpeechTEK New York 2010! Dan York, CISSP
 Director of Conversations, Voxeo
 Best Practices Chair, VoIP Security Alliance
 Author, Seven Deadliest UC Attacks!
  • About Dan York! www.voipsa.org www.voxeo.com www.blueboxpodcast.com www.7ducattacks.com © Voxeo Corporation
  • About Voxeo!   Founded in 1999   World’s largest hosted VoiceXML and CCXML platform – Over 82,000 hosted ports globally; hundreds of premise deployments   Over 150,000 developers using Voxeo platforms   The Voxeo difference: Unlocked Communications, Customer Obsession Teams, Communications Passion   www.voxeo.com © Voxeo Corporation
  • The Change VoIP Brings! SIP SIP Proxy Proxy A SIP B SIP SIP Alice Bob Media (RTP, MSRP, etc.) © Voxeo Corporation
  • The Larger Reality! SIP SIP SIP SIP SIP Proxy Proxy Proxy Proxy Proxy A SIP B SIP C SIP D SIP N SIP Internet SIP Media Media Alice Proxy Proxy Bob Media A Media B Media © Voxeo Corporation
  • Once Upon A Time! PSTN PBX Gateways Physical Voicemail Wiring © Voxeo Corporation
  • 1. Understand Your Ecosystem! Mobile Devices IM Application Internet Servers Networks Operating Systems PSTN IP-PBX VoIP Gateways Web IP Social Firewalls Servers Network Networks Physical Directory Voicemail Wiring Servers Desktop Email PCs Database Servers CRM Servers Systems © Voxeo Corporation
  • 2. Understand Your Endpoints!   IP Phones, Smartphones, Softphones   What services are running on them?   Default passwords?   How do you patch/secure them? © Voxeo Corporation
  • 3. Secure Your Media! SIP SIP SIP Proxy Proxy Proxy A SIP B SIP N SIP SIP Alice Eve Bob Media Media © Voxeo Corporation
  • Secure Media – Hop By Hop! Internet Media Media Alice Proxy Proxy Bob Media A Media B Media © Voxeo Corporation
  • Secure Media – End to End! Internet Media Media Alice Proxy Proxy Bob Media A Media B Media © Voxeo Corporation
  • 4. Secure Your Signalling! SIP SIP SIP Proxy Proxy Eve Proxy A SIP B SIP SIP N SIP SIP Alice Bob Media © Voxeo Corporation
  • Signalling Attacks!   Toll Fraud   Identity Theft © Voxeo Corporation
  • Traditional Telephony! Internet Carrier PSTN PBX Corp  HQ   © Voxeo Corporation
  • IP Communications! ITSP Internet PBX PSTN Corp  HQ   © Voxeo Corporation
  • Failover! PBX ITSP Corp  HQ   Internet PSTN PBX Office   A   © Voxeo Corporation
  • Redundancy / Geography! ITSP (Boston) Internet PBX ITSP (Paris) PSTN Corp  HQ   ITSP (Tokyo) © Voxeo Corporation
  • 5. Secure Your PSTN Connectivity!   Attacks •  Toll Fraud •  Denial of Service •  Spam   Solutions •  Encryption •  Strong Authentication •  Transport Security © Voxeo Corporation
  • 6. Secure Your Identity!   Attacks •  Fraud •  Identity Theft •  Social Engineering   Solutions •  Education •  Lock Down Spoofing •  Strong Identity © Voxeo Corporation
  • 7. Secure Distributed Systems! Laptop UC client WiFi UC System Firewall Internet Café Router Corp  HQ   Mobile Data Network Mobile UC client © Voxeo Corporation
  • How Do You Securely Federate?! Internet Corporate Corporate Network Network UC UC UC UC System System System System Corp  HQ   Office  A   Corp  HQ   Office  A   Company  A   Company  B   © Voxeo Corporation
  • What if the Cloud Isnʼt There?! Corporate Internet Network IVR Voicemail IM IM IM Presence Presence Presence Call Call Call Control Control Control Corp  HQ   Office  A   Office  B   PSTN © Voxeo Corporation
  • Questions About the Cloud!   What kind of availability guarantees / Service Level Agreements (SLAs) does the platform vendor provide?   What kind of geographic redundancy is built into the underlying network?   What kind of network redundancy is built into the underlying network?   What kind of physical redundancy is built into the data centers?   What kind of monitoring does the vendor perform?   What kind of scalability is in the cloud computing platform?   What kind of security, both network and physical, is part of the computing platform?   Finally, what will the vendor do if there is downtime? Will the downtime be reflected in your bill? © Voxeo Corporation
  • The Way It Used To Be! © Voxeo Corporation
  • Today...! ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP PSTN ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP © Voxeo Corporation
  • Resources!   VoIP Security Alliance •  www.voipsa.org •  www.voipsa.org/blog   Hacking Exposed: VoIP •  www.hackingvoip.com   Seven Deadliest Unified Communications Attacks •  www.7ducattacks.com © Voxeo Corporation