security in voip networks juan c pelaez florida atlantic university
Download
Skip this Video
Download Presentation
Security in VoIP Networks Juan C Pelaez Florida Atlantic University

Loading in 2 Seconds...

play fullscreen
1 / 25

Security in VoIP Networks Juan C Pelaez Florida Atlantic University - PowerPoint PPT Presentation


  • 113 Views
  • Uploaded on

Security in VoIP Networks Juan C Pelaez Florida Atlantic University. What is VoIP?. VoIP (Voice over Internet Protocol), sometimes referred to as Internet telephony, is a method of digitizing voice, encapsulating the digitized voice into packets and transmitting those

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security in VoIP Networks Juan C Pelaez Florida Atlantic University' - kioshi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what is voip
What is VoIP?

VoIP (Voice over Internet Protocol),

sometimes referred to as Internet

telephony, is a method of digitizing

voice, encapsulating the digitized voice

into packets and transmitting those

packets over a packet switched IP

network.

overview of voip 1
Overview of VoIP(1)

VoIP enables people to use the Internet as the transmission medium for telephone calls. For users who have free, or fixed-price, Internet access, Internet telephony software essentially provides free telephone calls anywhere in the world. To date, however, Internet telephony does not offer the same quality (easy target of security attacks) of telephone service as direct telephone connections.

overview of voip 2
Overview of VoIP(2)
  • VoIP: yet another Internet service
    • (Telephone, Radio, Video) over IP
  • Services:

email/web/calendar integration, emergency services, call scheduling, Interactive Voice Response (IVR), instant messaging, personal mobility…

voip protocols
VoIP Protocols
  • Most implementations use H.323 protocol

– Same protocol that is used for IP video.

– Uses TCP for call setup

– Traffic is actually carried on RTP (Real Time Protocol) which runs on top of UDP.

  • SIP defines a distributed architecture for

creating multimedia applications, including VoIP

  • VoIP = Transport + QoS + Signaling
    • Transport : RTP
    • QoS : RTCP (Real-Time Transport Protocol)
    • Signaling: H.323, SIP, MGCP/Megaco
h 323 signaling and media channels
H.323 Signaling and Media Channels
  • H.225.0/RAS Channel
    • RAS(Registration, Admission & Status) control between Endpoints (terminals, gateways, MCUs) and its Gatekeeper
  • H.225.0 Call Signaling Channel
    • Call remote endpoint
    • Establish H.245 address
  • H.245 Control Channel
    • Open control channel; Terminal capability negotiation
    • Open/close logical channels
    • Establish UDP ports for A/V
  • RTP/RTCP Logical Channels for Media Stream
    • Carry media (audio, video, data, etc.) data within logical channels
h 323 voip components
H.323 VoIP Components
  • H.323 defines four logical components
    • Terminals,
    • Gateways,
    • Gatekeepers and
    • Multipoint Control Units (MCUs).
  • Terminals, gateways and MCUs are known as endpoints.
ip telephony

PSTN

Call Processing

Call

Signaling

(RAS)

Call Control

Call Setup

Media Exchange

IP telephony

Public Switched Telephone Network

PSTN

Gateway

IP PBX

voip requires
VoIP requires….
  • Handsets
  • Softphones
  • Gateways
  • Gatekeepers
  • Conference Bridge
  • IP PBX
  • H.323, SIP, MGCP/Megaco
voip requires cont

PSTN

VoIP requires….(Cont.)

Gatekeeper

IP PBX

PSTN

GATEWAY

MCU

SOFTPHONES

security threats and defense mechanisms
Security Threats and Defense Mechanisms
  • Denial-of-service (DOS)

- Separation of the voice and data segments using VPNs

  • Call interception (Invasion of privacy)

- Encrypt VOIP traffic where possible

- Lawful interception

security threats and defense mechanisms 2
Security Threats and Defense Mechanisms(2)

Theft of service (Traditional fraud)

- Getting free service or free features

- Use strong authentication

- Call-processing Manager will not allow unknown phones to be configured

Signal protocol tampering

  • -capture the packets that set up the call.
  • -user could manipulate fields in the data stream and make VOIP calls without using a VOIP phone.
other security threats and defense mechanisms
Other Security Threats and Defense Mechanisms
  • Masquerading/Man-in-the-middle attacks
    • Endpoint authentication
  • Spoofing/connection hijacking
    • User/message authentication and integrity
  • Message manipulation
    • Message authentication
  • Virus and Trojan-horse applications

-Host based virus scanning

  • Repudiation

- Call-processing manager

scope of h 235
Scope of H.235

AV

applications

Terminal control and management

Audio

G.xxx

Video

H.26x

H.225.0

Call

Signaling

(Q.931)

H.245

Call

Control

H.225.0

Terminal

To

GK

Signaling

(RAS)

Encryption

RTCP

Transport Security

(TLS)

RTP

Auth.

Unreliable Transport/UDP, IPX

Reliable Trans./TCP

Network Layer/IP, Network Security/IPsec

Link Layer

Physical Layer

challenges for ip telephony
Challenges for IP Telephony

NAT/Firewall Traversal Problem

NAT= Network Address translation

  • IP Telephony uses UDP as transmission

protocol

  • IP Telephony uses dynamic port address
  • For these protocols to pass the firewall, the specific static and the range of dynamic ports must be opened for all traffic.
  • IP addresses are embedded in the payload
  • NAT only handles outgoing connections
nat firewall traversal issue
NAT/Firewall Traversal Issue

Signaling & Control

Transient Ports

X

Out-bound

Media Capabilities

and RTP

In-bound

Media and

RTP

firewall nat solutions 1
Firewall/NAT Solutions (1)
  • Proxies (Multimedia Gateway)

- Designed to handle real-time communications

  • Gateways

- Converts from IP to PSTN voice

  • Application Level Gateways (ALG)

- Firewalls programmed to understand IP Protocols

  • Demilitarized Zone (DMZ)

- Overcomes problem by placing a MCU

firewall nat solutions 2
Firewall/NAT Solutions (2)
  • Virtual Private Network (VPN)
      • A secure connection between two points across the Internet
  • Tunneling
      • The process by which VPNs transfer information by encapsulating traffic in IP packets and sending the packets over the Internet
conclusion
Conclusion
  • VoIP just adds - more assets, more threat locations, more vulnerabilities – to the data network, because of new equipment, protocols, and processes on the data network
  • To increase security and performance it’s recommended to use VPNs to separate VoIP from data traffic.
  • Instead of using VPN segmentation, users may consider using a multimedia gateway or reverse proxy.
ad