Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
An Overview of VoIP Security                                        -Pushhttp://null.co.in/                         http:/...
VoIP…      • Voice over IP      • Transmission of “voice” over packet-switched        (data)networks,      • Voice analog ...
Analog Voice                       Signals                                     101010101010                               ...
Components Involved…      •    Traditional Telephone Networks,      •    Computer Networks,      •    VoIP Hardware,      ...
VoIP Traffic Factors…      •    Latency      •    Jitter      •    Packet Loss      •    Speed / Bandwidth      • QoS….htt...
Protocols used…      •    Vendor Proprietary,      •    SIP      •    H.323      •    RTSP      •    RTPhttp://null.co.in/...
Features                                  SIP and H.323               H.323                                      SIP    Mu...
SIP Call Flowhttp://null.co.in/   http://nullcon.net/
H.323Call Flowhttp://null.co.in/   http://nullcon.net/
H.323Call Flowhttp://null.co.in/   http://nullcon.net/
Attacks Vectors      • Vulnerabilities of both Data and Telephone        Networks      • CIA Triadhttp://null.co.in/      ...
Availability Threats…      •    SIP Bombing      •    Man in the Middle/Call Hijacking      •    Eavesdropping      •    R...
Integrity Threats…      •    Caller Identification spoofing      •    Proxy Impersonation      •    Call Redirection      ...
Confidentiality Threats…      •    Eavesdropping of phone conversation.      •    Unauthorized access attack.      •    De...
Standard Guidelines      •    Separate Infrasrtucture      •    Do not integrate Data and VoIP Networks      •    VoIP-awa...
Thanks you.http://null.co.in/                 http://nullcon.net/
Upcoming SlideShare
Loading in …5
×

Introduction to VoIP Security

2,856 views

Published on

null Pune Meet March 2012

Published in: Education, Technology, Business
  • Be the first to comment

  • Be the first to like this

Introduction to VoIP Security

  1. 1. An Overview of VoIP Security -Pushhttp://null.co.in/ http://nullcon.net/
  2. 2. VoIP… • Voice over IP • Transmission of “voice” over packet-switched (data)networks, • Voice analog signals are converted to digital bits – “Sampled” • Sampled bits are transmitted into Packetshttp://null.co.in/ http://nullcon.net/
  3. 3. Analog Voice Signals 101010101010 1101101101 101010101010 Analog Voice 1101101101 Signals 101010101010 1101101101 Internet 101010101010 101010101010 1101101101 1101101101http://null.co.in/ http://nullcon.net/
  4. 4. Components Involved… • Traditional Telephone Networks, • Computer Networks, • VoIP Hardware, • Gateways • Proxy Servers • Redirect Servers • VoIP Software, • IDS – IPS - Firewallshttp://null.co.in/ http://nullcon.net/
  5. 5. VoIP Traffic Factors… • Latency • Jitter • Packet Loss • Speed / Bandwidth • QoS….http://null.co.in/ http://nullcon.net/
  6. 6. Protocols used… • Vendor Proprietary, • SIP • H.323 • RTSP • RTPhttp://null.co.in/ http://nullcon.net/
  7. 7. Features SIP and H.323 H.323 SIP Multimedia support Yes No Complexity High Low Reliability Efficint failure handling Inefficint failure handling Message Encoding Supported for narrowband and broadband Supported for broadband Interoperability Yes No Load Balancing Yes No Call signalling 1 RAS message exchange 3 exchange messages Statelessness While direct calling While it is not forking Address resolution Supported not supported Addressing Flexible Only URI type addressing supported Billing Available at gatekeeper Not available Capability Negotiation Good Limited PSTN internetworking Supported not supported Services Through web browser Not through web browser Video and data conferencing Lip synchronization supported. Lip synchronization not supported. Transport protocol Reliable Unreliable Firewall/NAT support Yes No Authentication Via H.235. Via HTTP (Digest and Basic), SSL, PGP, S/MIME. DTMF Carriage Through audio stream No carriagehttp://null.co.in/ http://nullcon.net/
  8. 8. SIP Call Flowhttp://null.co.in/ http://nullcon.net/
  9. 9. H.323Call Flowhttp://null.co.in/ http://nullcon.net/
  10. 10. H.323Call Flowhttp://null.co.in/ http://nullcon.net/
  11. 11. Attacks Vectors • Vulnerabilities of both Data and Telephone Networks • CIA Triadhttp://null.co.in/ http://nullcon.net/
  12. 12. Availability Threats… • SIP Bombing • Man in the Middle/Call Hijacking • Eavesdropping • RTP Insertion attacks • SIP-BYE DoS • Multiple Account Registration with the same namehttp://null.co.in/ http://nullcon.net/
  13. 13. Integrity Threats… • Caller Identification spoofing • Proxy Impersonation • Call Redirection • UDP flooding attack • Registration Removal • Registration Additionhttp://null.co.in/ http://nullcon.net/
  14. 14. Confidentiality Threats… • Eavesdropping of phone conversation. • Unauthorized access attack. • Default passwords. • TOLL FRAUDhttp://null.co.in/ http://nullcon.net/
  15. 15. Standard Guidelines • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLShttp://null.co.in/ http://nullcon.net/
  16. 16. Thanks you.http://null.co.in/ http://nullcon.net/

×