Search

SpeechTEK 2009: Securing Cloud Telephony Aug2009

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    1 Favorite

    SpeechTEK 2009: Securing Cloud Telephony Aug2009 - Presentation Transcript

    1. SpeechTEK 2009 Securing Cloud Telephony Dan York, CISSP Director of Conversations, Voxeo Best Practices Chair, VoIP Security Alliance (VOIPSA) dyork@voxeo.com
    2. Security concerns in telephony are not new… Image courtesy of the Computer History Museum
    3. Nor are our attempts to protect against threats… Image courtesy of Mike Sandman – http://www.sandman.com/
    4. Privacy Availability Compliance Confidence Mobility Cost Avoidance Business Continuity
    5. TDM security is relatively simple... PSTN Gateways TDM IVR Switch Physical Voicemail Wiring
    6. VoIP security is more complex Operating Desktop PSTN E-mail Systems PCs Gateways Systems Network Web Firewalls Switches Servers Standards Voice over IVR Wireless Instant IP Devices Messaging Directories Internet Databases Physical Voicemail Wiring
    7. Confidentiality Integrity Availability
    8. Voice Application Diagram HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    9. Voice Transport HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    10. Voice Transport Voice Phone Browser PSTN (on svr) Voice Phone PBX Browser PSTN TDM (on svr) Voice Phone IP-PBX Browser PSTN SIP (on svr) SIP Voice Phone Service Browser PSTN Internet/WAN Provider (on svr) SIP Voice Phone Browser Internet/WAN (on svr) SIP
    11. Voice Transport - SIP Voice Phone Browser PSTN (on svr) Voice Phone PBX Browser PSTN TDM (on svr) Voice Phone IP-PBX Browser PSTN SIP (on svr) SIP Voice Phone Service Browser PSTN Internet/WAN Provider (on svr) SIP Voice Phone Browser Internet/WAN (on svr) SIP
    12. Voice Authentication HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ??? Who are you talking to?
    13. Voice Biometrics Voice Auth Biometrics Svr HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    14. Web Transport HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    15. App/DB Server Transport HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    16. Server Security HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    17. Management Interfaces HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    18. APIs HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    19. Local Storage / Logging HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    20. Call Recording HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    21. Web Interaction - Authentication Web Svr HTTP Voice App/DB Web Phone Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    22. Web Interaction - XSS/Injection Web Input validation? Svr HTTP Voice App/DB Web Phone Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    23. External Interaction HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets ? Java XML ??? App/DB Svr
    24. Moving Into The Cloud
    25. Location - Single network/server HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    26. Location - Distributed HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML
    27. Location - Distributed HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML
    28. Location - Into the cloud HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
    29. Location - Distributed/Cloud HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML
    30. Location - Distributed/Cloud HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML
    31. Location - Hybrid HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML HTTP Voice App/DB Web Browser ? (on svr) Svr Svr VoiceXML or CCXML
    32. Can You Trust The Cloud To Be There?
    33. Location/network questions • What level of network connectivity do you have available? • What kind of availability guarantees / Service Level Agreements (SLAs) do you have in place? • What kind of geographic redundancy is built into your underlying network? • What kind of network redundancy is built into your underlying network? • What kind of physical redundancy is built into your data centers? • What kind of monitoring do you perform? • What kind of scalability is in the cloud computing platform? • What kind of security, both network and physical, is part of the platform? • What kind of security policies and procedures are in place? • What kind of patch management plans? • Will firewall traversal be necessary (for instance, for a SIP trunk) and if so, how? • How scalable is the solution? • Do you have appropriately-trained and available staff?
    34. Distributed Architectures Web App/DB Svr Svr Web App/DB Voice Svr Svr Browser (on svr) Phone Audio App/DB Voice Svr Browser (on svr) MR CP ASR
    35. Geography
    36. Confidentiality Integrity Availability
    37. Thank you! Dan York, CISSP Director of Conversations, Voxeo Best Practices Chair, VoIP Security Alliance (VOIPSA) dyork@voxeo.com

    + Voxeo CorpVoxeo Corp, 3 months ago

    custom

    472 views, 1 favs, 1 embeds more stats

    In this talk at SpeechTEK 2009 in New York City, Da more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 472
      • 454 on SlideShare
      • 18 from embeds
    • Comments 0
    • Favorites 1
    • Downloads 25
    Most viewed embeds
    • 18 views on http://blogs.voxeo.com

    more

    All embeds
    • 18 views on http://blogs.voxeo.com

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    more
    -->
    Search
    RSS Feed
    What's new?

    © 2009 SlideShare Inc. All Rights Reserved