This document provides an overview of efficient telecommunication infrastructure using Internet telephony (VoIP). It discusses basics of telephony and networking, protocols like SIP and RTP, VoIP hardware, service providers, and examples of integrating VoIP into networks and PBX systems. Skype and issues with it are also covered. The presentation aims to explain how VoIP works and scenarios for implementing efficient VoIP solutions.
Overview of VoIP (Voice over IP) and FoIP (Fax over IP) technologies like Session Initiation Protocol and H.323.
Even though voice over IP (VoIP) was hailed as a technological innovation, the idea to transport real-time traffic over TCP/IP networks was not new back in the 1990s when VoIP started being deployed in networks. Chapter 2.5 of the venerable RFC793 (TCP) shows both data oriented application traffic as well as voice being transported over IP based networks.
Nevertheless, VoIP puts high demands on signal and protocol processing capabilities so it became possible at reasonable costs only in the 1990s.
VoIP can be roughly split into two main functions. Signaling protocols like SIP (Session Initiation Protocol), H.323 and MGCP/H.248 are used to establish a conference session and the data path for transporting real-time voice data packets. SIP has largely supplanted H.323 in recent years to its simpler structure and packet sequences. MGCP and H.248 are mostly used in carrier backbone networks.
Protocols like RTP (Real Time Protocol) transport voice packets and provide the necessary information for receivers to equalize packet flow variations to provide a smooth playback of the original voice signal.
Voice codecs are one of the core functions of the data path. Voice compression reduces the bandwidth required to transport voice over an IP based network. Compression may be less of a concern in local area networks with gigabit speeds, on slower links like 3G (UMTS, LTE) it still makes a lot of sense.
The algorithms used in different codecs make use of various characteristics of the characteristics of human speech recognition. Redundant information is removed from the signals thus slightly reducing the quality, but greatly reducing the required bandwidth.
In VoIP networks, the echo problem is typically compounded by the increased delay incurred by packetization of voice signals. To counteract the echo problem, VoIP gear (hard phones, soft phones, gateways) include echo cancelers to remove echo signals from the transmit signal.
To transport facsimile over an IP based network, even more technology is needed. Facsimile protocols are very susceptible to delay and delay variation and thus need more compensation algorithms. Protocols like T.38 terminate facsimile protocols like T.30 (analog facsimile) and transport the fax images as digitized pictures over IP based networks.
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansLiving Online
In the past five years, technologies have converged to such an extent that one can transmit voice, fax and video over the same internet protocol network that one uses for data. This workshop examines Voice over IP (VoIP) technologies and provides you with the skills to competently implement a VoIP network for your organisation. Numerous case studies and exercises throughout the course ensure that you get a good grasp on the technologies used. Solid practical advice is given on application, implementation and most importantly troubleshooting these systems.
MORE INFORMATION: http://www.idc-online.com/content/practical-fundamentals-voice-over-ip-voip-engineers-and-technicians-3
Overview of VoIP (Voice over IP) and FoIP (Fax over IP) technologies like Session Initiation Protocol and H.323.
Even though voice over IP (VoIP) was hailed as a technological innovation, the idea to transport real-time traffic over TCP/IP networks was not new back in the 1990s when VoIP started being deployed in networks. Chapter 2.5 of the venerable RFC793 (TCP) shows both data oriented application traffic as well as voice being transported over IP based networks.
Nevertheless, VoIP puts high demands on signal and protocol processing capabilities so it became possible at reasonable costs only in the 1990s.
VoIP can be roughly split into two main functions. Signaling protocols like SIP (Session Initiation Protocol), H.323 and MGCP/H.248 are used to establish a conference session and the data path for transporting real-time voice data packets. SIP has largely supplanted H.323 in recent years to its simpler structure and packet sequences. MGCP and H.248 are mostly used in carrier backbone networks.
Protocols like RTP (Real Time Protocol) transport voice packets and provide the necessary information for receivers to equalize packet flow variations to provide a smooth playback of the original voice signal.
Voice codecs are one of the core functions of the data path. Voice compression reduces the bandwidth required to transport voice over an IP based network. Compression may be less of a concern in local area networks with gigabit speeds, on slower links like 3G (UMTS, LTE) it still makes a lot of sense.
The algorithms used in different codecs make use of various characteristics of the characteristics of human speech recognition. Redundant information is removed from the signals thus slightly reducing the quality, but greatly reducing the required bandwidth.
In VoIP networks, the echo problem is typically compounded by the increased delay incurred by packetization of voice signals. To counteract the echo problem, VoIP gear (hard phones, soft phones, gateways) include echo cancelers to remove echo signals from the transmit signal.
To transport facsimile over an IP based network, even more technology is needed. Facsimile protocols are very susceptible to delay and delay variation and thus need more compensation algorithms. Protocols like T.38 terminate facsimile protocols like T.30 (analog facsimile) and transport the fax images as digitized pictures over IP based networks.
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansLiving Online
In the past five years, technologies have converged to such an extent that one can transmit voice, fax and video over the same internet protocol network that one uses for data. This workshop examines Voice over IP (VoIP) technologies and provides you with the skills to competently implement a VoIP network for your organisation. Numerous case studies and exercises throughout the course ensure that you get a good grasp on the technologies used. Solid practical advice is given on application, implementation and most importantly troubleshooting these systems.
MORE INFORMATION: http://www.idc-online.com/content/practical-fundamentals-voice-over-ip-voip-engineers-and-technicians-3
Join us for an introductory webinar on VoIP and learn:
- The fundamental principles of VoIP including RTP and SIP
- What voice metrics to measure and why they matter
- The different methods to monitor and troubleshoot VoIP
Nowadays VoIP technologies have taken the upper hand offering many advantages compared to the traditional telephone network, but what are the security risks involved when voice and data networks come together. In this presentation, we will identify and evaluate these different security risks and their countermeasures both from a defensive as offensive position.
a seminar paper presentation .this will help you know about voice transmission over the internet protocol's.as in Skype, watts app. it also give an idea about old technology. thanks. if any mistakes ,and add any updates and share with me .on about this slide
Introduction to VoIP, 2nd chapter of "Unified Communications with Elastix" Vol.1
We recommend to read the chapter along with the presentation.
http://elx.ec/chapter2
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansLiving Online
This manual provides solid practical advice on application, implementation and, most importantly, troubleshooting Voice Over IP (VOIP) systems.
MORE INFORMATION: http://www.idc-online.com/content/practical-fundamentals-voice-over-ip-voip-21?id=151
Facebook ist das allgegenwärtige soziale Netzwerk mit mehr als eine Milliarde Mitglieder. Es dient hauptsächlich zur persönlichen Kommunikation mit Freunden und Verwandten, aber auch für Firmen zur Vermarktung von Produkten.
Join us for an introductory webinar on VoIP and learn:
- The fundamental principles of VoIP including RTP and SIP
- What voice metrics to measure and why they matter
- The different methods to monitor and troubleshoot VoIP
Nowadays VoIP technologies have taken the upper hand offering many advantages compared to the traditional telephone network, but what are the security risks involved when voice and data networks come together. In this presentation, we will identify and evaluate these different security risks and their countermeasures both from a defensive as offensive position.
a seminar paper presentation .this will help you know about voice transmission over the internet protocol's.as in Skype, watts app. it also give an idea about old technology. thanks. if any mistakes ,and add any updates and share with me .on about this slide
Introduction to VoIP, 2nd chapter of "Unified Communications with Elastix" Vol.1
We recommend to read the chapter along with the presentation.
http://elx.ec/chapter2
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansLiving Online
This manual provides solid practical advice on application, implementation and, most importantly, troubleshooting Voice Over IP (VOIP) systems.
MORE INFORMATION: http://www.idc-online.com/content/practical-fundamentals-voice-over-ip-voip-21?id=151
Facebook ist das allgegenwärtige soziale Netzwerk mit mehr als eine Milliarde Mitglieder. Es dient hauptsächlich zur persönlichen Kommunikation mit Freunden und Verwandten, aber auch für Firmen zur Vermarktung von Produkten.
Webanwendungen - Installation, Konfiguration und AdministrationThomas Siegers
Web-Anwendungen sind Programme, die auf einem Server im Internet laufen und über einen Web-Browser bedient werden. Dazu gehören Blogs, Foren, Foto-Gallerien und Redaktionssysteme (CMS).
Umgang mit Android Smartphones und TabletsThomas Siegers
Smart-Phones sind längst nicht mehr nur Geräte zum Telefonieren. Aufgrund von Internetfähigkeit und zahlloser Anwendungen, sog. Apps, haben sich die kleinen Begleiter zu Alleskönnern entwickelt. Als Variante in größerem Format gibt es Tablets, die für viele Aufgaben, insbesondere unterwegs, herkömmliche Computer ersetzen können.
Voice over Internet Protocol (VoIP) is a general term for a family of transmission technologies for delivery of voice communications over IP networks such as the Internet or other packet-switched networks.
Internet protocol (VoIP) is the technology of digitizing sound, compressing it, breaking it up into data packets, and sending it over an IP network.The conventional technique used for sending voice is PSTN (public switched telephone network) . As data traffic has higher speed than telephone traffic, so what we do most of the time we prefer to send voice over data networks. Voice over internet protocol (VoIP) is a method of telephone communication over a data network.
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
2. Information
Hosted by:
American Chamber of Commerce Taiwan
Communications Technology Workshop
This presentation is publicly available at:
http://www.slideshare.net/thomasjs
This presentation is published under the
Creative Commons Attribution Share Alike License.
For more information, see http://creativecommons.org/about/licenses/
2
3. Agenda
Introduction Hardware
Basics of telephony Service providers
and networking Integration into network
and telephone system
Skype
Scenarios and examples
SIP protocol
2 hours
30 minutes
3
5. Introduction
Internet Telephony
VoIP – Voice over IP (IP – Internet Protocol)
Pro: more economic
no telephone charge for computer-to-computer calls*
charge of local call for computer-to-telephone call
*) except of charge for network access
Con: more complicated and less reliable
relies on electric power
emergency calls cannot be mapped to location
network: connection interruptions, packet loss
security: easier to trace calls over the Internet
configuration: firewall traversal
5
6. Return of Investment
Accumulated cost over
6 months 140 NTD
60 min calls per day to 120
Germany,
20 days per month 100
CHT 16 NTD/min VoIP 80
CHT
1 €¢/min VoIP
60
Investment for VoIP
40
100,000 NTD
ROI after 5 months, 20
months
after that savings of 0
>18,500 NTD/month 1 2 3 4 5 6
6
7. How does it work?
Network
Computer
Telephone adapter
+ sound card
+ analog telephone
+ headset
+ software
Computer Network transports Telephone adapter
converts voice digital signals as converts digital
into digital data packets. signals into voice.
signals.
7
8. Telephony
PSTN
Public Switched Telephone Network
POTS
Plain Old Telephone Service
ISDN
Integrated Services Digital Network
PBX
Private Branch Exchange
FXO
Foreign Exchange Office
FXS
Foreign Exchange Station
8
10. PBX
PBX = PABX–Private Automatic Branch Exchange
Extensions
Trunk
PSTN FXO FXS
FXO–goes on-hock and off-hook
FXS–provides power, ring signal, dial tone
10
11. Network
Packet-Switching
Clients R Server
R R
R
R
R R R
R
R
R
R–Router
11
12. Layer Concept
Message
SENDER
Delivery tere
d
Regis
Address
Service
Transport
Network
12
13. Protocol Stack
ISO/OSI* Internet Examples
7 Application Application www : HTTP, FTP, DNS
6 Presentation mail : SMTP, POP, IMAP
5 Session p2p : SIP, eD2k, XMPP
4 Transport Transport TCP, UDP, NetBEUI, WAP
3 Network Internet IP, IGMP, ICMP, IPsec, ARP
2 Data Link Network PPP, L2TP, GPRS, ATM, FR
Access**
1 Physical Ethernet, USB, Wi-Fi, ISDN
*) ISO –International Organization for Standardization, OSI –Open Systems Interconnection
**) original TCP/IP model, recently 5-layer model with data link and physical layer 13
14. TCP/IP Packet
TCP-packet header data
source port application data
destination port (HTTP, FTP, SMPT)
IP-packet
header data
source address TCP-packet
destination address
14
16. Network Address Translation
NAT, IP masquerading
Address shortage of IP ver. 4
32 bit => 4 G ~ 4 billion addresses
Address ranges only for private use
class A : 10.x.x.x, class B : 172.16.x.x – 172.31.x.x, class C : 192.168.x.x
Internet gateway (firewall) translates
between private and public addresses.
Firewall rules: Internet
request LAN Internet : allow
response Internet LAN : allow
request Internet LAN : deny
Internet can only connect to the LAN,
NAT
when the LAN had sent a request before.
LAN
16
17. Peer-to-Peer Communication
Peer-to-Peer (P2P)
VoIP, file sharing, instant messaging
VoIP Protocols
two protocols involved: SIP and RTP
SIP - session initiation protocol: signalling, UDP port 5060
RTP - real-time transport protocol: voice communication,
UDP port range 10000-20000
NAT Traversal
- different kinds of NAT: symmetric, asymmetric
- UDP hole punching
- STUN - Simple Traversal of UDP through NATs
necessary when both clients are behind NAT
doesn’t work with symmetric NAT
17
21. Skype
Peer-to-peer Internet telephony (VoIP) network
Software is free, but not open source
Proprietary protocol, traffic encrypted
Founded by the founders of the file sharing application
Kazaa
Acquired by eBay in October 2005
Easy to deploy even behind firewall and NAT
Heavy use of network bandwidth and other resources
Difficult to integrate into organization’s security strategy
21
22. Getting Granular on Skype
2004 – Columbia University, New York, USA
An Analysis of the Skype Peer-to-Peer Internet Telephony
Protocol
http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf
Analysis of network structure and traffic
2006 - EADS Corporate Research Center, France
Silver Needle in the Skype
http://www.secdev.org/conf/skype_BHEU06.handout.pdf
Developers of Skype made immense effort to prevent
reverse engineering, i.e. getting an inside view. The Skype
client detects, when it is running within a debugger and
then changes its behavior. Parts of its code are ciphered
and will be decrypted during runtime.
22
23. Problems with Skype
From a network security administrator point of view
Almost everything is obfuscated
Peer to peer architecture
Traffic even when the software is not used
From a system security administrator point of view
Many protections, anti-debugging tricks, ciphered code
A product that works well for free from a company not involved on
Open Source ?!
The Chief Security Officer point of view
Is Skype a backdoor ?
Can I distinguish Skype’s traffic from real data exfiltration ?
Is Skype a risky program for my sensitive business ?
23
24. Conclusion
Good points
Skype was made by clever people
Good use of cryptography
Bad points
Hard to enforce a security policy with Skype
Jams traffic, can’t be distinguished from data exfiltration
Incompatible with traffic monitoring, IDS
Impossible to protect from attacks (which would be obfuscated)
Total blackbox. Lack of transparency.
No way to know if there is/will be a backdoor
Fully trusts anyone who speaks Skype.
24
25. SIP Protocol
SIP – session initiation protocol
- application layer protocol used for Internet telephone calls,
multimedia distribution, and multimedia conferences
- standardized by the Internet Engineering Task Force (IETF)
- open specification: RFC 3261 (like all Internet standards)
SIP - The De-facto VoIP Standard
http://en.wikipedia.org/wiki/SIP_Telephony#SIP_-_The_De-facto__VoIP_Standard
SIP – signalling, UDP port 5060
RTP – real-time transport protocol
voice communication, UDP port range 10000-20000
Codec – audio data compression algorithm for voice
G.729a – 8kbps, G.711 – 64kbps,
G.723 obsolete, superseded by G.726 – 16-40kbps
25
26. VoIP Provider
SIP – open protocol => everyone can offer services for it
VoIP provider is connected to both Internet and PSTN.
Over 2000 SIP VoIP providers
Dialing between providers
e.g. FreeWorldDialup no. 740218 => *393 740218
http://www.sipbroker.com/sipbroker/action/providerWhitePages
Advanced Features
- monthly rate, flat rate
- unlimited local and distance calling
- voicemail, call forwarding, caller ID
- dial-in number with home area code
- direct inward dialing (DID)
- fax receipt with e-mail notification
26
27. VoIP Services
PSTN Internet
IP Telephone
VoIP Provider
Gateway
Computer,
Analog
Telephone Soft Phone &
Headset
1) VoIP call–free
2) dial-out–charged
3) dial-in–charged
27
28. VoIP Hardware
SIP – open protocol => everyone can build devices for it
Router
Analog Telephony Adapter (ATA)
SIP-Phone
Wireless Phone
USB-Devices
Integrated Systems
Large Systems
Hardware bundled by VoIP providers
http://www.voipbuster.com/en/hardware.html
http://www.sipgate.de/voipshop
28
34. Integrated Systems
Multiple analog ports
FXS, FXO
PBX
Firewall
VPN-gateway
WLAN
ISDN
34
35. Large System
Used by VoIP Providers
SIP Proxy Server
T1/E1 Gateway
RTP Resource Server
Session Border Controller
Voice Mail, Auto-Attendant
Application Server
Conference Server
IP Recorder
Billing server
Universal SIP/H.323 Signal
Converter
35
36. IP PBX
Software PBX
Can be installed on standard hardware
from PC to Unix-server
Additional hardware required
connection to POTS (FXO/FXS) or ISDN
Embedded appliances available
Asterisk
popular open source software, another is sipX
Linux distributions: Trixbox, AstLinux, AsteriskNOW
used as basis for embedded appliances
used by leading VoIP providers, e.g. iotum*
*) iotum was named “Cool Vendor” in Enterprise Communications by Gartner in 2007
http://www.asterisk.org
36
37. Asterisk
Analog cards
PCI bus, half or full length
1-8 FXO/FXS interfaces
Digital cards
PRI E1/T1, ISDN
Appliance
IP-PBX embedded in device with
analog interfaces
Developer kits
version ITSPs, OEMs, resellers,
and integrators
37
38. IP-PBX
Software PBX
embedded in robust hardware
mostly based on Asterisk
configurable via web browser
Primary rate interface
23 (T1) or 30 (E1) channels
Multiple extensions
FXS or ISDN
38
39. Application Examples
Integration with PBX
VoIP gateway without PBX
VoIP gateway with PBX connected via FXS
VoIP gateway with PBX connected via FXO
Integration with Network
VoIP gateway as Firewall
VoIP gateway in LAN with private IP address
VoIP gateway in DMZ with private IP address
VoIP gateway in DMZ with public IP address
IP-PBX
SIP only / SIP and Skype
39
43. VoIP Gateway with PBX (FXO)
PSTN Internet
FXO FXO
VoIP
PBX
FXS
FXS
43
44. Application Examples
Integration with PBX
VoIP gateway without PBX
VoIP gateway with PBX connected via FXS
VoIP gateway with PBX connected via FXO
Integration with Network
VoIP gateway as Firewall
VoIP gateway in LAN with private IP address
VoIP gateway in DMZ with private IP address
VoIP gateway in DMZ with public IP address
IP-PBX
SIP only / SIP and Skype
44
45. VoIP Gateway in LAN
VoIP
Provider Internet
STUN
public IP address
NAT FW FW–firewall
VoIP
LAN–local
area
LAN network
private IP address
45
46. VoIP Gateway in DMZ
DMZ–demilitarized zone
Internet
public IP address
VoIP DMZ
FW
NAT
private IP address
LAN
46
47. VoIP Gateway with public IP
Internet
public IP address
FW outer firewall
VoIP
DMZ inner firewall
FW
private IP address NAT
LAN
47
48. Application Examples
Integration with PBX
VoIP gateway without PBX
VoIP gateway with PBX connected via FXS
VoIP gateway with PBX connected via FXO
Integration with Network
VoIP gateway as Firewall
VoIP gateway in LAN with private IP address
VoIP gateway in DMZ with private IP address
VoIP gateway in DMZ with public IP address
IP-PBX
SIP only / SIP and Skype
48
49. IP-PBX
PSTN Internet
FW
FXO
FXS LAN
analog
telephone digital (IP)
IP-PBX telephone
49
50. SIP and Skype
PSTN Internet
VoIP
FXO
FXS
PBX FXS
FXS
LAN
PC, FXS-card,
Skype software
50
51. VoIP Scenarios
Transfer call between two VoIP Providers
dial via caller’s VoIP provider
transfer call to company’s VoIP provider
transfer call to company’s internal extension
Transfer incoming call to teleworker
teleworker is registered to company’s PBX (no provider)
customer calls in via PSTN
company’s operator transfers call to teleworker*
Setup multi-location corporate infrastructure
headquarter serve as central registrar (no provider)
branch offices register to headquarter
*) http://en.wikipedia.org/wiki/Teleworker
51
52. Two VoIP Providers
VoIP provider A
PSTN Internet
VoIP provider B
FXO
VoIP
PBX Caller
FXS
FXS
Operator Extension
52
53. Teleworker
PSTN Internet
Teleworker
Wi-Fi
FXO FXO
VoIP
PBX
Mobile Worker
Customer FXS
Operator
53
54. Corporate Infrastructure
Factory
PSTN Internet
FXO FXO
VoIP
PBX
Sales Office
Customer FXS
54