IP Communications, Secure – By Design

2. IP Communications,Secure – By Design Roger W. Farnsworth

3. A Bit of Hyperbole?

4. The IP Conundrum • The same IP technology that enables IP Communications solutions to: • Boost productivity • Increase mobility • Enhance flexibility Also creates additional MANAGEABLE security challenges • These new challenges exist whether the IP upgrade is incremental or total

5. 5 5 The Challenge of Securing IP Voice • The threats are familiar to both voice and data professionals: • Eavesdropping • Impersonation • Toll fraud • Denial of service • Both “phreakers” and “hackers” are lurking • The protection of both voice and data communication is critical to the business

6. Before Reality Check After

7. Evaluate the Threats Objectively • Understand the costs of security incidents: • Measurable: fraud, downtime, man-hours, physical destruction, intellectual property, lawsuits • Non-measurable: reputation, customer privacy, medical information, loss of life • Assign risk and quantify the costs • Determine appropriate levels of protection

8. The Paradigm Must Change: A Network-Based Systems Approach • An automatedsecurity system is required to address unknown (or “Day Zero”) threats • Security must be applied at multiple layers of the system to address sophisticated blended threats and defend against multiple avenues of attack • All elements of the security system must be integrated to initiate a coordinated response

9. INFRASTRUCTURE ENDPOINTS APPLICATIONS CALL CONTROL Protect All Levels of IP Communications Messaging, Customer Care, and Other Application Software VALUE-ADDED COMPONENTS IP Phones, Video Terminals, and Other Delivery Devices USER INTERFACES IP COMMUNICATIONS SYSTEM Infrastructure and Protocols for Call Management and Operation SYSTEM CONFIG AND OPERATION Secure, Reliable Communications that Connects All of the Other Components TRANSPORT

10. PRIVACY PROTECTION CONTROL Applications X X X Endpoints X X X Call Control X X X Infrastructure X X X Security Preparation -Only as Strong as the Weakest Link A measured approach to securing the entire network is critical

11. Infrastructure VLAN segmentation Layer 2 protection Firewall / IDS QoS and thresholds Secure VPN Wireless security Gateway SRTP Applications Secure voice messaging LDAP Multi-level admin Toll fraud protection https management Hardened platforms h.323 and SIP signaling Internet Endpoints Digital certificates Authenticated phones GARP protection TLS protected signaling SRTP media encryption Centralized management • Call Management • Hardened Windows OS • Digital certificates • Signed software images • TLS signaling • Integrated CSA • SSL enabled directory Secure IP CommunicationsSystems Approach in Action Intranet

12. Identity Media authorization Keying protocols Firewall transit Standards Bodies in Action IETF ITU SIP Forum SIPit Security interoperability SIP over TLS Interconnection H.235 framework Signaling protection Protocol streams

13. There is Nothing to Fear Except Fear Itself • IP Communications solutions can be as secure, or more secure, than traditional PBX systems • Security remains a top issue of IP Communications customers • A comprehensive, systems approach is best • The industry is committed to delivering the most secure, reliable solutions possible • The future holds great promise for new applications

14. More Information • www.nist.gov • www.cert.org • Your vendor or partner