1 / 11

MITP 458 : Information Security and Assurance

MITP 458 : Information Security and Assurance. VOIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui. VOIP. Overview - What is VOIP? Business Concern Security Issues Availability Attack example Current solution. Overview. VOIP

leiko
Télécharger la présentation

MITP 458 : Information Security and Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MITP 458 : Information Security and Assurance VOIP Xeon GroupRohit BhatRyan HannanAlan MuiIrfan Siddiqui

  2. VOIP Overview - What is VOIP? Business Concern Security Issues Availability Attack example Current solution

  3. Overview • VOIP • Protocol optimized for the transmission of voice through the Internet or other packet switched networks • Often used abstractly to refer to the actual transmission of voice (rather than the protocol implementing it) • Also referred to as IP telephony, Internet telephony, voice over broadband, broadband telephony, and broadband phone.

  4. Business Concern • Highly complex communication • Critical communication should remain confidential • Data should remain accurate • Compliance issues along with privacy of users

  5. Security Issues • Confidentiality • Broadband pipe serving the VOIP and data center services must offer transmission confidentiality. • Authenticity • Access to the data servers must offer fool-proof authentication. • Integrity • Voice quality and data accuracy is critical to the success of service offerings. • Availability • VOIP and data center servers must have industry standard uptime.

  6. Availability • Why is it important • Emergency • Business • Sale • Communication • They type of attacks to VOIP • DoS Attack • Spit (Spam) • Fraud

  7. Attack example • DoS attack • The most serious threat to VoIP is a distributed denial of service (DoS) attack • Can effect any internet-connected device • Floods networks with spurious traffic or server requests. • Usually generated by machines that have been compromised by a virus or other malware • Servers grind to a halt and ignore/cant process new requests due to increased traffic

  8. Current Solution • vLAN • Isolate VoIP calls from other traffic in the network by creating a segregated vLAN • Also used to prioritize voice traffic and keep it up and running during a DoS attack. • Cons • Wasted bandwidth • Cost to implement and monitor

  9. Current Solution Effective monitoring • Monitoring geographic destinations of VoIP traffic • Sudden changes in the overall geographic distribution of network traffic originating from inside the VoIP network could indicate that unauthorized users are abusing the system to commit toll fraud Cons • Increased cost due to labor intensive monitoring • False positive readings

  10. Current solution Redundancy • Setup switches that will re-route the VOIP traffic when the main router/network is down. • In he event of a DOS attack all VOIP traffic will be switched to another network to prevent service interruption. Cons • Setup will require extra hardware and therefore more maintenance, cost, and labor • Load balancers, switches…

  11. VOIP Questions?

More Related