Securing Unified Communications Systems

1,443
-1

Published on

As applications move into the multichannel and interconnected world, what are the security concerns you need to consider? Dan York, author of the bestselling book The Seven Deadliest Unified Communication Attacks, will discuss the major risk areas of unified communications, what steps you can take to mitigate/reduce those risks, a checklist of questions to consider in your implementation, and a look at the future in an increasingly interconnected and converged network. Presentation give at SpeechTEK New York 2010. More info at: http://blogs.voxeo.com/events/speechtek-ny-2010/

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,443
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
57
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Securing Unified Communications Systems

  1. 1. Securing Communications! SpeechTEK New York 2010! Dan York, CISSP
 Director of Conversations, Voxeo
 Best Practices Chair, VoIP Security Alliance
 Author, Seven Deadliest UC Attacks!
  2. 2. About Dan York! www.voipsa.org www.voxeo.com www.blueboxpodcast.com www.7ducattacks.com © Voxeo Corporation
  3. 3. About Voxeo!   Founded in 1999   World’s largest hosted VoiceXML and CCXML platform – Over 82,000 hosted ports globally; hundreds of premise deployments   Over 150,000 developers using Voxeo platforms   The Voxeo difference: Unlocked Communications, Customer Obsession Teams, Communications Passion   www.voxeo.com © Voxeo Corporation
  4. 4. The Change VoIP Brings! SIP SIP Proxy Proxy A SIP B SIP SIP Alice Bob Media (RTP, MSRP, etc.) © Voxeo Corporation
  5. 5. The Larger Reality! SIP SIP SIP SIP SIP Proxy Proxy Proxy Proxy Proxy A SIP B SIP C SIP D SIP N SIP Internet SIP Media Media Alice Proxy Proxy Bob Media A Media B Media © Voxeo Corporation
  6. 6. Once Upon A Time! PSTN PBX Gateways Physical Voicemail Wiring © Voxeo Corporation
  7. 7. 1. Understand Your Ecosystem! Mobile Devices IM Application Internet Servers Networks Operating Systems PSTN IP-PBX VoIP Gateways Web IP Social Firewalls Servers Network Networks Physical Directory Voicemail Wiring Servers Desktop Email PCs Database Servers CRM Servers Systems © Voxeo Corporation
  8. 8. 2. Understand Your Endpoints!   IP Phones, Smartphones, Softphones   What services are running on them?   Default passwords?   How do you patch/secure them? © Voxeo Corporation
  9. 9. 3. Secure Your Media! SIP SIP SIP Proxy Proxy Proxy A SIP B SIP N SIP SIP Alice Eve Bob Media Media © Voxeo Corporation
  10. 10. Secure Media – Hop By Hop! Internet Media Media Alice Proxy Proxy Bob Media A Media B Media © Voxeo Corporation
  11. 11. Secure Media – End to End! Internet Media Media Alice Proxy Proxy Bob Media A Media B Media © Voxeo Corporation
  12. 12. 4. Secure Your Signalling! SIP SIP SIP Proxy Proxy Eve Proxy A SIP B SIP SIP N SIP SIP Alice Bob Media © Voxeo Corporation
  13. 13. Signalling Attacks!   Toll Fraud   Identity Theft © Voxeo Corporation
  14. 14. Traditional Telephony! Internet Carrier PSTN PBX Corp  HQ   © Voxeo Corporation
  15. 15. IP Communications! ITSP Internet PBX PSTN Corp  HQ   © Voxeo Corporation
  16. 16. Failover! PBX ITSP Corp  HQ   Internet PSTN PBX Office   A   © Voxeo Corporation
  17. 17. Redundancy / Geography! ITSP (Boston) Internet PBX ITSP (Paris) PSTN Corp  HQ   ITSP (Tokyo) © Voxeo Corporation
  18. 18. 5. Secure Your PSTN Connectivity!   Attacks •  Toll Fraud •  Denial of Service •  Spam   Solutions •  Encryption •  Strong Authentication •  Transport Security © Voxeo Corporation
  19. 19. 6. Secure Your Identity!   Attacks •  Fraud •  Identity Theft •  Social Engineering   Solutions •  Education •  Lock Down Spoofing •  Strong Identity © Voxeo Corporation
  20. 20. 7. Secure Distributed Systems! Laptop UC client WiFi UC System Firewall Internet Café Router Corp  HQ   Mobile Data Network Mobile UC client © Voxeo Corporation
  21. 21. How Do You Securely Federate?! Internet Corporate Corporate Network Network UC UC UC UC System System System System Corp  HQ   Office  A   Corp  HQ   Office  A   Company  A   Company  B   © Voxeo Corporation
  22. 22. What if the Cloud Isnʼt There?! Corporate Internet Network IVR Voicemail IM IM IM Presence Presence Presence Call Call Call Control Control Control Corp  HQ   Office  A   Office  B   PSTN © Voxeo Corporation
  23. 23. Questions About the Cloud!   What kind of availability guarantees / Service Level Agreements (SLAs) does the platform vendor provide?   What kind of geographic redundancy is built into the underlying network?   What kind of network redundancy is built into the underlying network?   What kind of physical redundancy is built into the data centers?   What kind of monitoring does the vendor perform?   What kind of scalability is in the cloud computing platform?   What kind of security, both network and physical, is part of the computing platform?   Finally, what will the vendor do if there is downtime? Will the downtime be reflected in your bill? © Voxeo Corporation
  24. 24. The Way It Used To Be! © Voxeo Corporation
  25. 25. Today...! ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP PSTN ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP © Voxeo Corporation
  26. 26. Resources!   VoIP Security Alliance •  www.voipsa.org •  www.voipsa.org/blog   Hacking Exposed: VoIP •  www.hackingvoip.com   Seven Deadliest Unified Communications Attacks •  www.7ducattacks.com © Voxeo Corporation
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×