VOIP (voice on internet protocol)   Security Threats in VOIP
CONTENTSIntroductionVulnerabilitiesVoIP Security ToolsConclusion
IntroductionWhat Is IP TelephonyVoIP PhoneWorking of VoIPProtocols in IP Telephony
IP TelephonyIP telephony is a technology in which IPnetworks are being used as the mediumto transmit voice traffic.Voice ...
Working of VoIP PhoneVoIP Phone Requires broadband internet access and regular house phones which plug into an analog tel...
Protocols in IP TelephonySignaling protocols  perform session management and are responsible for     Locating a user     ...
H.323 Standard
Session Initiation Protocol (SIP)
VulnerabilitiesConfidentiality  Refers to the protection of data from being read by  an unauthorized user.Integrity  Inc...
ConfidentialityData Link Layer    Address Resolution ProtocolNetwork Layer    Address Spoofing    Identifying IP Addr...
IntegrityNetwork Interface LayerNetwork LayerTransport Layer      Replay AttackApplication Layer
AvailabilityBandwidth consumption  Comprise of flooding the network   with a specific type of traffic.Resource Starvatio...
VoIP Security ToolsVoIP systems become more prevalent and risk grows,network engineers need to make sure the properprecaut...
SiVuSFirst publicly available vulnerability scanner for VoIP networks.SIP Message generator   Used to test issues or gene...
Strengths Windows-based GUI design Reports are generated in an easy  to read html page Checks both the robustness and t...
WeaknessesLack of informationSIP device failed to locate the Asterisk serverIssues arose on required SiVuS to be restar...
ConclusionNone of the security tools evaluated were significantly  effective for mitigating security risks in SIP-based  ...
References B. Charney, "VoIP threats must be dealt with now,“   CNET News.com, 8 Feb. 2005; J. E. Canavan, Fundamentals ...
Voippresentation
Voippresentation
Upcoming SlideShare
Loading in …5
×

Voippresentation

291 views

Published on

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
291
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Voippresentation

  1. 1. VOIP (voice on internet protocol) Security Threats in VOIP
  2. 2. CONTENTSIntroductionVulnerabilitiesVoIP Security ToolsConclusion
  3. 3. IntroductionWhat Is IP TelephonyVoIP PhoneWorking of VoIPProtocols in IP Telephony
  4. 4. IP TelephonyIP telephony is a technology in which IPnetworks are being used as the mediumto transmit voice traffic.Voice over IP (VoIP) Describes an IP telephony deployment where the IP network used as the medium to transmit voice traffic is a managed IP network.Voice on the Net (VON) Describes an IP telephony deployment where the IP network used as the medium to transmit voice traffic is the Internet.
  5. 5. Working of VoIP PhoneVoIP Phone Requires broadband internet access and regular house phones which plug into an analog telephone adapter (ATA).Working of VoIP works by the two-way transmission of voice over a packet-switched IP network Equipments VoIP phone call server  gateway.
  6. 6. Protocols in IP TelephonySignaling protocols perform session management and are responsible for Locating a user Session establishment Session setup negotiation Modifying a session Tearing down a session
  7. 7. H.323 Standard
  8. 8. Session Initiation Protocol (SIP)
  9. 9. VulnerabilitiesConfidentiality Refers to the protection of data from being read by an unauthorized user.Integrity Includes the unauthorized modification or deletion of voice/data content.Availability Storage and transportation facilities for an information system are accessible to authorized users
  10. 10. ConfidentialityData Link Layer Address Resolution ProtocolNetwork Layer Address Spoofing Identifying IP Address of the PhoneTransport Layer Real Time ProtocolApplication Layer MAC Address Spoofing
  11. 11. IntegrityNetwork Interface LayerNetwork LayerTransport Layer  Replay AttackApplication Layer
  12. 12. AvailabilityBandwidth consumption Comprise of flooding the network with a specific type of traffic.Resource Starvation attacks Flood a device (opposed to links in a bandwidth consumption attack).Routing Attacks Involve manipulating routing information or protocols in order to intercept / interrupt legitimate traffic.Programming Flaws Unintended bugs in software that can be exploited by other user in order to gain access to a system .
  13. 13. VoIP Security ToolsVoIP systems become more prevalent and risk grows,network engineers need to make sure the properprecautions are taken to prevent security breaches. Some testing tools SiVuS c07-sip
  14. 14. SiVuSFirst publicly available vulnerability scanner for VoIP networks.SIP Message generator Used to test issues or generate demonstration attacksSIP component discovery Useful for identifying targets for analysis.SIP vulnerability scanner Used to verify the robustness and security of SIP phones, proxy servers and registrar servers .
  15. 15. Strengths Windows-based GUI design Reports are generated in an easy to read html page Checks both the robustness and the presence of security features
  16. 16. WeaknessesLack of informationSIP device failed to locate the Asterisk serverIssues arose on required SiVuS to be restarted.authentication were found to report inaccurate results.Running the test cases repeatedly fails to find a target on the first attempt
  17. 17. ConclusionNone of the security tools evaluated were significantly effective for mitigating security risks in SIP-based VoIP networksEarly stages of adoption, attacks have been either largely unheard of or undetectedParticularly important to prevent DoS attacksAll tools today are still under heavy development and will no doubt evolve as VoIP adoption increasesVoIP specific security tools should play an important role in securing systems.
  18. 18. References B. Charney, "VoIP threats must be dealt with now,“ CNET News.com, 8 Feb. 2005; J. E. Canavan, Fundamentals of Network Security, Boston: Artech House, 2001 L.N.Vikram,Web Design And Multimedia Applications 4th Edition, Pearson Educations Sikinder S.R.R.C, Voice On Internet Protocol A Basic Approach, Charles House,2007 www.wikipedia.org.in www.google.com Digit magazine

×