a comparison of traditional telephony security with voip
Download
Skip this Video
Download Presentation
A Comparison of Traditional Telephony Security with VoIP

Loading in 2 Seconds...

play fullscreen
1 / 14

A Comparison of Traditional Telephony Security with VoIP - PowerPoint PPT Presentation


  • 121 Views
  • Uploaded on

A Comparison of Traditional Telephony Security with VoIP. Roy Ford. Agenda. Into to Telephony (Traditional and VoIP) Security Risks Risk Mitigations Conclusions. The Telephone. PBX. Phone Switch. T1 Trunk. Local Loop. Call Setup. SS7 Network. The Telephone.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' A Comparison of Traditional Telephony Security with VoIP' - demetria-lois


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
agenda
Agenda
  • Into to Telephony (Traditional and VoIP)
  • Security Risks
  • Risk Mitigations
  • Conclusions
the telephone
The Telephone

PBX

Phone Switch

T1 Trunk

Local Loop

Call Setup

SS7 Network

the telephone1
The Telephone
  • Mixture of Analog and Multiplexed digital technology
  • Centralized switches that provide power and establish circuits between phones
  • 2 Types of signaling
    • In-band DTMF signaling at phone
    • Out-of-band signaling between Switch nodes over the SS7 network
slide5
VoIP

SIP Servers

Gateway

LAN

Internet

PSTN

slide6
VoIP
  • Distributed architecture of Phones, gateways and servers over an IP Network
  • 2 Protocols used to carry voice and signaling
    • Real Time Protocol (RTP) carries voice in UDP packets
    • Session Initialization Protocol (SIP) does call setup
sip invite
SIP Invite

INVITE sip:[email protected] SIP/2.0

Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds

Max-Forwards: 70

To: Bob <sip:[email protected]>

From: Alice <sip:[email protected]>;tag=1928301774

Call-ID: [email protected]

CSeq: 314159 INVITE

Contact: <sip:[email protected]>

Content-Type: application/sdp

Content-Length: 142

traditional telephony risks
Traditional Telephony Risks
  • Wire Tapping
  • Toll Fraud
    • Phone Phreaking
    • Call Forward All
  • Caller ID Spoofing & SS7 Security
  • User Identification
voip risks
VoIP Risks
  • Denial of Service
  • Man in the Middle
  • Caller ID Spoofing and interception of Call Setup Information
  • Toll Fraud
  • User Authentication
  • Device Web Servers
  • VoIP Fuzzing
voip and firewalls
VoIP and Firewalls
  • VoIP does not like Firewalls
  • Firewall Techniques
    • VoIP Aware firewalls
    • STUN
    • TURN
risk mitigation traditional
Risk Mitigation - Traditional
  • Physical Security
    • Physical plant & Access Console
    • Wire Tap protection
  • Proper Configuration of Call Forwarding
    • Toll Fraud
  • Caller ID Spoofing
risk mitigation voip
Risk Mitigation - VoIP
  • Segregation of VoIP Traffic
    • DoS isolation
  • Encryption
    • Man in the Middle protection
  • Server Configuration
    • Toll Fraud
  • User Authentication
  • Device Web Servers
    • Just Say No
  • VoIP Fuzzing
conclusions
Conclusions
  • Encryption required for VoIP
  • Infrastructure issues with VoIP and Traditional Telephony Similar
  • The phone is an attack vector in VoIP
ad