Introduction to VoIP Security

2,501 views

Published on

null Pune Meet March 2012

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,501
On SlideShare
0
From Embeds
0
Number of Embeds
1,106
Actions
Shares
0
Downloads
89
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Introduction to VoIP Security

  1. 1. An Overview of VoIP Security -Pushhttp://null.co.in/ http://nullcon.net/
  2. 2. VoIP… • Voice over IP • Transmission of “voice” over packet-switched (data)networks, • Voice analog signals are converted to digital bits – “Sampled” • Sampled bits are transmitted into Packetshttp://null.co.in/ http://nullcon.net/
  3. 3. Analog Voice Signals 101010101010 1101101101 101010101010 Analog Voice 1101101101 Signals 101010101010 1101101101 Internet 101010101010 101010101010 1101101101 1101101101http://null.co.in/ http://nullcon.net/
  4. 4. Components Involved… • Traditional Telephone Networks, • Computer Networks, • VoIP Hardware, • Gateways • Proxy Servers • Redirect Servers • VoIP Software, • IDS – IPS - Firewallshttp://null.co.in/ http://nullcon.net/
  5. 5. VoIP Traffic Factors… • Latency • Jitter • Packet Loss • Speed / Bandwidth • QoS….http://null.co.in/ http://nullcon.net/
  6. 6. Protocols used… • Vendor Proprietary, • SIP • H.323 • RTSP • RTPhttp://null.co.in/ http://nullcon.net/
  7. 7. Features SIP and H.323 H.323 SIP Multimedia support Yes No Complexity High Low Reliability Efficint failure handling Inefficint failure handling Message Encoding Supported for narrowband and broadband Supported for broadband Interoperability Yes No Load Balancing Yes No Call signalling 1 RAS message exchange 3 exchange messages Statelessness While direct calling While it is not forking Address resolution Supported not supported Addressing Flexible Only URI type addressing supported Billing Available at gatekeeper Not available Capability Negotiation Good Limited PSTN internetworking Supported not supported Services Through web browser Not through web browser Video and data conferencing Lip synchronization supported. Lip synchronization not supported. Transport protocol Reliable Unreliable Firewall/NAT support Yes No Authentication Via H.235. Via HTTP (Digest and Basic), SSL, PGP, S/MIME. DTMF Carriage Through audio stream No carriagehttp://null.co.in/ http://nullcon.net/
  8. 8. SIP Call Flowhttp://null.co.in/ http://nullcon.net/
  9. 9. H.323Call Flowhttp://null.co.in/ http://nullcon.net/
  10. 10. H.323Call Flowhttp://null.co.in/ http://nullcon.net/
  11. 11. Attacks Vectors • Vulnerabilities of both Data and Telephone Networks • CIA Triadhttp://null.co.in/ http://nullcon.net/
  12. 12. Availability Threats… • SIP Bombing • Man in the Middle/Call Hijacking • Eavesdropping • RTP Insertion attacks • SIP-BYE DoS • Multiple Account Registration with the same namehttp://null.co.in/ http://nullcon.net/
  13. 13. Integrity Threats… • Caller Identification spoofing • Proxy Impersonation • Call Redirection • UDP flooding attack • Registration Removal • Registration Additionhttp://null.co.in/ http://nullcon.net/
  14. 14. Confidentiality Threats… • Eavesdropping of phone conversation. • Unauthorized access attack. • Default passwords. • TOLL FRAUDhttp://null.co.in/ http://nullcon.net/
  15. 15. Standard Guidelines • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLShttp://null.co.in/ http://nullcon.net/
  16. 16. Thanks you.http://null.co.in/ http://nullcon.net/

×