Successfully reported this slideshow.

The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoIP Security?"

1

Share

Dec. 07, 2011
1 like 12,163 views
Upcoming SlideShare
3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey
Loading in …3
×
1 of 85
1 of 85

The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoIP Security?"

Dec. 07, 2011
1 like 12,163 views

1

Share

Download to read offline

Technology Business

Does anyone really care about VoIP security? Why should they? What are the main issues? At the 2011 Real-Time Communications Conference sponsored by the Illinois Institute of Technology (IIT), Dan York spoke about all these questions and gave a view of the overall state of the industry.

A video recording of the Oct 5, 2011, session will be available and will be able to be found at http://www.voipsa.org/blog/ when it is ready.

Does anyone really care about VoIP security? Why should they? What are the main issues? At the 2011 Real-Time Communications Conference sponsored by the Illinois Institute of Technology (IIT), Dan York spoke about all these questions and gave a view of the overall state of the industry.

A video recording of the Oct 5, 2011, session will be available and will be able to be found at http://www.voipsa.org/blog/ when it is ready.

Technology Business
License: CC Attribution-NonCommercial-NoDerivs License

Recommended

More Related Content

Similar to The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoIP Security?"

Windstream Webinar: Debunking Network Security Myths
Windstream Enterprise
ClubHack Magazine issue 26 March 2012
ClubHack
Mid Co Fest One Pager V11
tpiette
Network Security: Protecting SOHO Networks
Jim Gilsinn
Top Five Internal Security Vulnerabilities
Peter Wood
SDF_Security_A4_0606
Eben Visser
Emerging Threats and Attack Surfaces
Peter Wood
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Digital Bond
Sophos utm-roadshow-south africa-2012
dvanwyk30
Turner.issa la.mobile vulns.150604
ISSA LA
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
Jackson Shaw
Building Up Network Security: An Introduction
Global Knowledge Training
Master slide deck l av9 - abbreviated
Freedom Communications
DEFCON 23 - Fatih Ozavci - the art of voip workshop
Felipe Prado
Building a WebRTC Communication and collaboration platform - techleash barcamp
ALTANAI BISHT
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
ISSA LA
Enjay Corporate Profile (2019)
Limesh Parekh
How Security can be stronger than a Firewall: 13 different ways breaking thro...
Community Protection Forum
UC Expo 2010 - The Quandary of unified Communications Security
IPEXPO ONLINE
RUCUG: 11. Rick Dehlinger BYOC: Beware the Perimeter
Denis Gundarev

More from Dan York

Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Dan York
SIPNOC 2014 - Is It Time For TLS for SIP?
Dan York
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
Dan York
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Dan York
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
Dan York
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Dan York
How IPv6 Will Kill Telecom - And What We Need To Do About It
Dan York
ClueCon2009: The Security Saga of SysAdmin Steve
Dan York
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
Dan York
IP Telephony Security 101
Dan York
Recording Remote Hosts/Interviews with VoIP/Skype
Dan York
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
Dan York
BLISS Problem Statement and Motivation
Dan York
ETel2007: The Black Bag Security Review (VoIP Security)
Dan York

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Authentic: A Memoir by the Founder of Vans Louise Maclellan
(4.5/5)
Free
We Should All Be Millionaires: A Woman’s Guide to Earning More, Building Wealth, and Gaining Economic Power Rachel Rodgers
(4.5/5)
Free
Believe IT: How to Go from Underestimated to Unstoppable Jamie Kern Lima
(4.5/5)
Free
Hot Seat: What I Learned Leading a Great American Company Jeff Immelt
(4.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4.5/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free

The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoIP Security?"

  1. 1. The State Of VoIP Security, a.k.a.! ! “Does Anyone Really Give A _____ About VoIP Security?” Dan York, CISSP! Chair, VoIP Security Alliance October 5, 2011
  2. 2. © 2011 VOIPSA http://www.flickr.com/photos/willpate/46488553/
  3. 3. Does Anyone Really ! Give A _____ About! VoIP Security? © 2011 VOIPSA
  4. 4. Does Anyone Really ! Give A _____ About! VoIP Unified Communications Security? © 2011 VOIPSA
  5. 5. Technical Solutions © 2011 VOIPSA
  6. 6. Widely Deployed © 2011 VOIPSA
  7. 7. TLS-Encrypted SIP © 2011 VOIPSA
  8. 8. Secure RTP (SRTP) © 2011 VOIPSA
  9. 9. MORE Secure! Than PSTN © 2011 VOIPSA
  10. 10. © 2011 VOIPSA http://www.flickr.com/photos/mattblaze/2275723713/
  11. 11. MORE Secure! Than Ever Before © 2011 VOIPSA
  12. 12. Almost All Venders! Have Support © 2011 VOIPSA
  13. 13. Almost All Customers! Don’t Turn It On © 2011 VOIPSA
  14. 14. Why Not? © 2011 VOIPSA
  15. 15. Complexity © 2011 VOIPSA
  16. 16. Fingerpointing, a.k.a. “One Throat To Choke” PSTN PBX Gateways Physical Voicemail Wiring © 2011 VOIPSA
  17. 17. Fingerpointing - 2011 Mobile Devices IM Application Internet Servers Networks Operating Systems PSTN IP-PBX Gateways VoIP Web IP Social Firewalls Servers Network Networks Physical Directory Voicemail Wiring Servers Desktop Email PCs Database Servers CRM Servers Systems Session Border Controllers © 2011 VOIPSA
  18. 18. “UC” © 2011 VOIPSA
  19. 19. Debugging © 2011 VOIPSA
  20. 20. Turn It Back On? © 2011 VOIPSA
  21. 21. SIP Is So Simple, Right? © 2011 VOIPSA
  22. 22. Riiiiiigggghhhttt… (Fingerpointing Redux) © 2011 VOIPSA
  23. 23. Evolution © 2011 VOIPSA
  24. 24. The Old Boys’ Club Carrier Carrier Carrier PSTN Carrier Carrier Carrier Carrier © 2011 VOIPSA
  25. 25. The Wild West… ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP PSTN ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP © 2010 VOIPSA and Owners as Marked © 2011 VOIPSA
  26. 26. Evolution of Attacks © 2011 VOIPSA
  27. 27. DoS © 2011 VOIPSA
  28. 28. DDoS © 2011 VOIPSA
  29. 29. Fraud © 2011 VOIPSA
  30. 30. If 1 Is Good, Why Not 3? © 2011 VOIPSA
  31. 31. Geography © 2011 VOIPSA
  32. 32. Internet LAN © 2011 VOIPSA
  33. 33. PC UC System Firewall Internet Home Firewall IP Corp  HQ   Phone Home   © 2011 VOIPSA
  34. 34. Laptop UC client WiFi UC System Firewall Internet Café Router Corp  HQ   Mobile Data Network Mobile UC client © 2011 VOIPSA
  35. 35. Corporate Internet Network IVR Voicemail IM IM IM Presence Presence Presence Call Call Call Control Control Control Conferencing Corp  HQ   Office  A   Office  B   PSTN © 2011 VOIPSA
  36. 36. © 2011 VOIPSA
  37. 37. Benefits (for us… and for attackers) © 2011 VOIPSA
  38. 38. DDoS! (the old-fashioned kind)! (Asterisk & Amazon EC2, anyone?) © 2011 VOIPSA
  39. 39. SPIT! (“SPam for Internet Telephony”) SPAM © 2011 VOIPSA
  40. 40. Complexity © 2011 VOIPSA
  41. 41. Fingerpointing - 2011 Mobile Devices IM Application Internet Servers Networks Operating Systems PSTN IP-PBX Gateways VoIP Web IP Social Firewalls Servers Network Networks Physical Directory Voicemail Wiring Servers Desktop Email PCs Database Servers CRM Servers Systems Session Border Controllers © 2011 VOIPSA
  42. 42. The Device Formerly! Known As A! “Phone” © 2011 VOIPSA
  43. 43. Mobility © 2011 VOIPSA
  44. 44. RTCWEB / WebRTC © 2011 VOIPSA
  45. 45. Complexity © 2011 VOIPSA
  46. 46. Fingerpointing - 2011 Mobile Devices IM Application Internet Servers Networks Operating Systems PSTN IP-PBX Gateways VoIP Web IP Social Firewalls Servers Network Networks Physical Directory Voicemail Wiring Servers Desktop Email PCs Database Servers CRM Servers Systems Session Border Controllers © 2011 VOIPSA
  47. 47. Interoperability © 2011 VOIPSA
  48. 48. “The Hitchiker’s Guide! To SIP” © 2011 VOIPSA
  49. 49. Forgotten! Simple Things © 2011 VOIPSA
  50. 50. Biggest Financial Threat? © 2011 VOIPSA
  51. 51. Toll Fraud © 2011 VOIPSA
  52. 52. IT Security 101 © 2011 VOIPSA
  53. 53. PIN = “1234” © 2011 VOIPSA
  54. 54. Password = “password” © 2011 VOIPSA
  55. 55. Default password list © 2011 VOIPSA
  56. 56. VoIP = bits © 2011 VOIPSA
  57. 57. IT Security 101 © 2011 VOIPSA
  58. 58. Does Anyone Really ! Give A _____ About! VoIP Security? © 2011 VOIPSA
  59. 59. WHEN Will They Care? © 2011 VOIPSA
  60. 60. EVENT © 2011 VOIPSA
  61. 61. Identity Theft © 2011 VOIPSA
  62. 62. Celebrity © 2011 VOIPSA
  63. 63. Trusted Leader © 2011 VOIPSA
  64. 64. “VoIP Is Insecure!!!” © 2011 VOIPSA
  65. 65. depl oyed tupi dly S “VoIP Is Insecure!!!” ^ © 2011 VOIPSA
  66. 66. “VoIP Is Insecure!!!” © 2011 VOIPSA
  67. 67. Cover Your ____ © 2011 VOIPSA
  68. 68. SOLUTIONS? © 2011 VOIPSA
  69. 69. IT Security 101 © 2011 VOIPSA
  70. 70. Audit, Audit, Audit © 2011 VOIPSA
  71. 71. Enable What You Have © 2011 VOIPSA
  72. 72. Interoperability © 2011 VOIPSA
  73. 73. www.sipit.net © 2011 VOIPSA
  74. 74. Identity © 2011 VOIPSA
  75. 75. Simplicity © 2011 VOIPSA
  76. 76. Fabric © 2011 VOIPSA
  77. 77. Air © 2011 VOIPSA
  78. 78. © 2011 VOIPSA
  79. 79. Secure By Default © 2011 VOIPSA
  80. 80. Education © 2011 VOIPSA
  81. 81. What is the Industry Doing to Help? Security Vendors VoIP Vendors “The Sky Is Falling!” “Don’t Worry, Trust Us!” (Buy our products!) (Buy our products!) © 2011 VOIPSA
  82. 82. www.voipsa.org/Resources/tools.php © 2011 VOIPSA
  83. 83. Security Links •  VoIP Security Alliance - http://www.voipsa.org/ –  Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php –  VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ –  Weblog - http://www.voipsa.org/blog/ –  Security Tools list - http://www.voipsa.org/Resources/tools.php –  Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com •  NIST SP800-58, “Security Considerations for VoIP Systems” –  http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf •  Network Security Tools –  http://sectools.org/ •  Hacking Exposed VoIP site and tools –  http://www.hackingvoip.com/ •  Seven Deadliest Unified Communications Attacks –  http://www.7ducattacks.com/ © 2011 VOIPSA
  84. 84. Thank You For! Giving A _____ © 2011 VOIPSA
  85. 85. Thank you! Q & eh? www.voipsa.org 7ducattacks.com Dan York - dan.york@voipsa.org! +1-802-735-1624 DisruptiveTelephony.com danyork.com! blueboxpodcast.com twitter.com/danyork © 2011 VOIPSA

×