1 / 16

VoIP security : Not an Afterthought

VoIP security : Not an Afterthought. OVERVIEW. What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design and implementation Conclusion. What is VoIP?.

dyre
Télécharger la présentation

VoIP security : Not an Afterthought

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. VoIP security : Not an Afterthought

  2. OVERVIEW • What is VoIP? • Difference between PSTN and VoIP. • Why VoIP? • VoIP Security threats • Security concerns • Design and implementation • Conclusion

  3. What is VoIP? • VoIP is Voice over internet protocol, is a technology allows voice conversations to be carried over the Internet. • VoIP exchanges voice information in digital form, in discrete packets rather than by using the traditional circuit-committed protocols of the Public Switched Telephone Network (PSTN).

  4. Difference between PSTN and VoIP. • In PSTN (Public Switched Telephone Network) the control is rested at switch. • In VoIP the resource control is at deeper part of network.

  5. Why VoIP? • Price • Flexibility • Protocols • Implementation • Service

  6. VoIP Security threats • Security threats Viruses impacting servers. Denial of service attacks. Logical attacks on SIP. Subscription fraud and non-payment. Call eavesdropping.

  7. Security concerns • Preserve the availability: • By network/service access control • Preserve integrity: • Prevent malicious activities by encryption techniques. • Prevent theft of the VoIP service. • Prevent fraudulent use of VoIP services • Preserve the confidentiality: • By encryption techniques.

  8. Preserve Authentication by login password. • Preserve authorization by access control, role based authentication

  9. Is VoIP Security Different? • VoIP services are real-time. • VoIP services are target of voice specific malicious activities such as toll fraud, service theft, voice spam and identity theft. • VoIP services are extremely sensitive to delay, packet loss and jitter caused by worms, viruses and DoS attacks. • VoIP services are impacted by the existing security devices such as firewalls/NAT, encryption engines and IDS/IPS.

  10. An Approach to VoIP Security Open source security Protection Reducing the risks Prevention VoIP Infrastructure

  11. Design and implementation • Major concerns for VoIP software development are 1)Software stability. 2)Robustness. 3)Interoperability. For implementation of VoIP its should have separate voice transport, signaling, service creation from one another.

  12. VoIP protocols The two most widely used protocols for VoIP are the ITU standard H.323 and the IETF standard SIP. Both are signaling protocols that set up, maintain and terminate a VoIP call. In addition, the Media Gateway Control Protocol (MGCP) provides a signaling and control protocol between VoIP gateways and traditional PSTN (Public Switched Telephone Network) gateways. ITU-T , H.323 is a comprehensive protocol under the ITU-T specifications for sending voice, video and data across a network. The H.323 specification includes several sub-protocols:

  13. 1. H.225 for specifying call controls (e.g. call setup and teardown), 2. H.235 for specifying the security framework for H.323 and the call setup. 3. H.245 for specifying media paths and parameter negotiations such as terminal capabilities. 4. H.450 for specifying supplementary services such as call hold and call waiting.

  14. Conclusion • VoIP presents a number of interesting security challenges that differ substantially from those of traditionally telephony. • In addressing these challenges, we might consider the roles of the vendor, service provider, and implementer communities.

  15. References • http://www.voip-info.org/ • Voip security : not an afterthought by Douglas C.Sicker and Tomlookabaugh

  16. Thank you

More Related