SlideShare une entreprise Scribd logo
1  sur  43
Télécharger pour lire hors ligne
SIP Trunking & Security
in an Enterprise Network




      Dan York, CISSP
 VOIPSA Best Practices Chair



                          September 17, 2008
© 2008 VOIPSA and Owners as Marked
Privacy        Availability


                                     Compliance              Confidence



                                       Mobility         Cost Avoidance

                                           Business Continuity




© 2008 VOIPSA and Owners as Marked
© 2008 VOIPSA and Owners as Marked
© 2008 VOIPSA and Owners as Marked
© 2008 VOIPSA and Owners as Marked
© 2008 VOIPSA and Owners as Marked
TDM security is relatively simple...



                                                                PSTN
                                                               Gateways




                                            TDM
                                           Switch



                                                    Physical
                                     Voicemail       Wiring




© 2008 VOIPSA and Owners as Marked
VoIP security is more complex



                                     Operating           Desktop                                PSTN
                                                                               E-mail
                                     Systems              PCs                                  Gateways
                                                                              Systems
                                                                   Network           Web
                                             Firewalls
                                                                   Switches         Servers
                                 Standards
                                                          Voice over                             PDAs
                                                                               Wireless
                                              Instant         IP               Devices
                                             Messaging
                                                                                          Directories
                                                                   Internet
                                      Databases
                                                                               Physical
                                                    Voicemail
                                                                                Wiring




© 2008 VOIPSA and Owners as Marked
VoIP can be more
                   secure than the PSTN
                 if it is properly deployed.


© 2008 VOIPSA and Owners as Marked
VoIP Security Concerns
Security concerns in telephony are not new…




                                     Image courtesy of the Computer History Museum




© 2008 VOIPSA and Owners as Marked
Nor are our attempts to protect against threats…




                                     Image courtesy of Mike Sandman – http://www.sandman.com/




© 2008 VOIPSA and Owners as Marked
Security Aspects of IP Telephony




                                              Media /
                                               Voice


                                     Manage   TCP/IP   Call
                                      ment    Network Control


                                               PSTN


                                               Policy




© 2008 VOIPSA and Owners as Marked
Media


            Eavesdropping

                                     Degraded Voice Quality

                   Encryption
                         Virtual LANs (VLANs)
                                         Packet Filtering


© 2008 VOIPSA and Owners as Marked
Signaling


              Denial of Service
                                     Impersonation
                                                 Toll Fraud
                 Encryption
                      Encrypted Phone Software
                                  Proper Programming


© 2008 VOIPSA and Owners as Marked
Management


            Web Interfaces
                                     APIs!
                                             Phones!
           Encryption
                Change Default Passwords!
                                       Patches? We don’t need...



© 2008 VOIPSA and Owners as Marked
PSTN
© 2008 VOIPSA and Owners as Marked
Geography



© 2008 VOIPSA and Owners as Marked
Internet   LAN




© 2008 VOIPSA and Owners as Marked
SIP Trunking
The Challenge of SIP Trunking



                                                                             PSTN

                                                               SIP Service
                                                                Provider
                                                    Internet

                                           IP-PBX


                                     LAN




© 2008 VOIPSA and Owners as Marked
SIP Trunking



                                                                            PSTN

                                                              SIP Service
                                                               Provider
                                                    Carrier
                                                    Network
                                           IP-PBX


                                     LAN




© 2008 VOIPSA and Owners as Marked
The Challenge of SIP Trunking



                                                                             PSTN

                                                               SIP Service
                                                                Provider
                                                    Internet

                                           IP-PBX


                                     LAN




© 2008 VOIPSA and Owners as Marked
SIP Trunking - Business Continuity



                                                                             PSTN

                                                               SIP Service
                                                                Provider


                                                               SIP Service
                                                    Internet    Provider
                                           IP-PBX


                                     LAN




© 2008 VOIPSA and Owners as Marked
SIP Trunking - Business Continuity



                                                                             PSTN

                                                               SIP Service
                                                                Provider


                                                               SIP Service
                                                    Internet    Provider
                                           IP-PBX

                                                               SIP Service
                                     LAN                        Provider




© 2008 VOIPSA and Owners as Marked
Cloud Computing
Geography



© 2008 VOIPSA and Owners as Marked
Moving Voice Applications into “the Cloud”




                                                                 Application
                                                                  Platform
                                                    Internet /
                                                      WAN
                                           IP-PBX


                                     LAN                                       PSTN




© 2008 VOIPSA and Owners as Marked
Moving Telephony into “the Cloud”




                                                                    Hosted
                                                                   “IP-PBX”
                                                      Internet /
                                                        WAN
                                           Firewall


                                     LAN                                      PSTN




© 2008 VOIPSA and Owners as Marked
Can you trust “the Cloud”
                    to be there?



© 2008 VOIPSA and Owners as Marked
Questions for SIP Trunk Providers or Cloud
   Computing Platforms?
  • What kind of availability guarantees / Service Level Agreements (SLAs)
    does the platform vendor provide?
  • What kind of geographic redundancy is built into the underlying network?
  • What kind of network redundancy is built into the underlying network?
  • What kind of physical redundancy is built into the data centers?
  • What kind of monitoring does the vendor perform?
  • What kind of scalability is in the cloud computing platform?
  • What kind of security, both network and physical, is part of the computing
    platform?
  • Finally, what will the vendor do if there is downtime? Will the downtime
    be reflected in your bill?




© 2008 VOIPSA and Owners as Marked
Spam / SPIT
What about SPIT?                       (“SPam over Internet Telephony”)

  • What does a traditional telemarketer need?
  • Makes for great headlines, but not yet a significant threat
  • Fear is script/tool that:
        – Iterates through calling SIP addresses:
           • 111@sip.company.com, 112@sip.company.com, …
           • Opens an audio stream if call is answered (by person or voicemail)
        – Steals VoIP credentials and uses account to make calls
  • Reality is that today such direct connections
    are generally not allowed
  • This will change as companies make greater use
    of SIP trunking and/or directly connect IP-PBX
    systems to the Internet (and allow incoming calls
                                                                                  SPAM
    from any other IP endpoint)
  • Until that time, PSTN is de facto firewall




© 2008 VOIPSA and Owners as Marked
Resources
What is the Industry Doing to Help?




         Security Vendors                VoIP Vendors

         “The Sky Is Falling!”           “Don’t Worry, Trust Us!”
         (Buy our products!)               (Buy our products!)




© 2008 VOIPSA and Owners as Marked
Voice Over IP Security Alliance (VOIPSA)

  •   www.voipsa.org – 100 members from VoIP and security industries
  •   VOIPSEC mailing list – www.voipsa.org/VOIPSEC/
  •   “Voice of VOIPSA” Blog – www.voipsa.org/blog
  •   Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com
  •   VoIP Security Threat Taxonomy
  •   Best Practices Project underway now
                                                                                     Security
                                                                                     Research




                                     Market and Social        Classification        Best Practices      Outreach
                                      Objectives and          Taxonomy of             for VoIP      Communication
                                       Constraints           Security Threats
                                                                                     Security         of Findings


                                                                                      Security
                                                                                      System
                                                                                      Testing

                                 LEGEND          Published      Active Now      Ongoing




© 2008 VOIPSA and Owners as Marked
www.voipsa.org/Resources/tools.php




© 2008 VOIPSA and Owners as Marked
© 2008 VOIPSA and Owners as Marked
Tools, tools, tools...

     •   UDP Flooder                 •   Asteroid
     •   IAX Flooder                 •   enumIAX
     •   IAX Enumerator              •   iWar
     •   ohrwurm RTP Fuzzer          •   StegRTP
     •   RTP Flooder                 •   VoiPong
     •   INVITE Flooder              •   Web Interface for SIP Trace
     •   AuthTool                    •   SIPScan
     •   BYE Teardown                •   SIPCrack
     •   Redirect Poison             •   SiVuS
     •   Registration Hijacker       •   SIPVicious Tool Suite
     •   Registration Eraser         •   SIPBomber
     •   RTP InsertSound             •   SIPsak
     •   RTP MixSound                •   SIP bot
     •   SPITTER


© 2008 VOIPSA and Owners as Marked
Security Links

    • VoIP Security Alliance - http://www.voipsa.org/
          – Threat Taxonomy          - http://www.voipsa.org/Activities/taxonomy.php
          – VOIPSEC email list       - http://www.voipsa.org/VOIPSEC/
          – Weblog                   - http://www.voipsa.org/blog/
          – Security Tools list      - http://www.voipsa.org/Resources/tools.php
          – Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com


    • NIST SP800-58, “Security Considerations for VoIP Systems”
          – http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf
    • Network Security Tools
          – http://sectools.org/
    • Hacking Exposed VoIP site and tools
          – http://www.hackingvoip.com/




© 2008 VOIPSA and Owners as Marked
VoIP can be more
                   secure than the PSTN
                 if it is properly deployed.


© 2008 VOIPSA and Owners as Marked
Q&eh?




      www.voipsa.org




Dan York - dyork@voxeo.com

Contenu connexe

Tendances

Sip trunking - future of tomorrow communications
Sip trunking  -  future of tomorrow communicationsSip trunking  -  future of tomorrow communications
Sip trunking - future of tomorrow communicationsRanjit Patel
 
smart ms voip for lte networks
smart ms voip for lte networkssmart ms voip for lte networks
smart ms voip for lte networksStreamWIDE
 
Pbx presentation ingate_itexpoeast2014
Pbx presentation ingate_itexpoeast2014Pbx presentation ingate_itexpoeast2014
Pbx presentation ingate_itexpoeast2014Atif Ahmad
 
Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatilsMostain Billah
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?broadconnect
 
Voip introduction
Voip introductionVoip introduction
Voip introductiondaksh bhatt
 
VoIP - Technology To Business Models
VoIP - Technology To Business ModelsVoIP - Technology To Business Models
VoIP - Technology To Business Modelsguesta5f2fb
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllersstefansayer
 
VOIP business model
VOIP business modelVOIP business model
VOIP business modelLatte Media
 
VoIP Phones - Future of VoIP Telephone Systems
VoIP Phones - Future of VoIP Telephone SystemsVoIP Phones - Future of VoIP Telephone Systems
VoIP Phones - Future of VoIP Telephone SystemsNick Fitt
 
Askozia NGN white paper - 2016, English
Askozia NGN white paper - 2016, EnglishAskozia NGN white paper - 2016, English
Askozia NGN white paper - 2016, EnglishAskozia
 
Six ways to get more from SIP trunks
Six ways to get more from SIP trunksSix ways to get more from SIP trunks
Six ways to get more from SIP trunksFredrik Henning
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpointGW1992
 
voice over internet protocol
voice over internet protocol voice over internet protocol
voice over internet protocol jomin mathew
 
Voice over internet protocol (VoIP)
 Voice over internet protocol (VoIP)  Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Namra Afzal
 

Tendances (20)

Sip trunking - future of tomorrow communications
Sip trunking  -  future of tomorrow communicationsSip trunking  -  future of tomorrow communications
Sip trunking - future of tomorrow communications
 
smart ms voip for lte networks
smart ms voip for lte networkssmart ms voip for lte networks
smart ms voip for lte networks
 
Pbx presentation ingate_itexpoeast2014
Pbx presentation ingate_itexpoeast2014Pbx presentation ingate_itexpoeast2014
Pbx presentation ingate_itexpoeast2014
 
Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatils
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?
 
Voip introduction
Voip introductionVoip introduction
Voip introduction
 
Voip
VoipVoip
Voip
 
VoIP - Technology To Business Models
VoIP - Technology To Business ModelsVoIP - Technology To Business Models
VoIP - Technology To Business Models
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllers
 
VOIP business model
VOIP business modelVOIP business model
VOIP business model
 
Voip
VoipVoip
Voip
 
VoIP Phones - Future of VoIP Telephone Systems
VoIP Phones - Future of VoIP Telephone SystemsVoIP Phones - Future of VoIP Telephone Systems
VoIP Phones - Future of VoIP Telephone Systems
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIP
 
Voip
VoipVoip
Voip
 
Askozia NGN white paper - 2016, English
Askozia NGN white paper - 2016, EnglishAskozia NGN white paper - 2016, English
Askozia NGN white paper - 2016, English
 
Six ways to get more from SIP trunks
Six ways to get more from SIP trunksSix ways to get more from SIP trunks
Six ways to get more from SIP trunks
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpoint
 
voice over internet protocol
voice over internet protocol voice over internet protocol
voice over internet protocol
 
VOIP
VOIPVOIP
VOIP
 
Voice over internet protocol (VoIP)
 Voice over internet protocol (VoIP)  Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP)
 

En vedette

Network Critical
Network CriticalNetwork Critical
Network Criticalgigamon
 
New Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing PerformanceNew Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing PerformanceTCC Group
 
Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003Adrian Cockcroft
 
Cctv And Ip Surveillance
Cctv And Ip SurveillanceCctv And Ip Surveillance
Cctv And Ip Surveillancefaleepay
 
Secure Network Design with High-Availability & VoIP
Secure Network Design with High-Availability & VoIPSecure Network Design with High-Availability & VoIP
Secure Network Design with High-Availability & VoIPArpan Patel
 
Ip, Sip Transformation Creating A Roadmap
Ip, Sip Transformation   Creating A RoadmapIp, Sip Transformation   Creating A Roadmap
Ip, Sip Transformation Creating A RoadmapMikael Morillon
 
Accenture portugal-telecom-it-strategy-transformation
Accenture portugal-telecom-it-strategy-transformationAccenture portugal-telecom-it-strategy-transformation
Accenture portugal-telecom-it-strategy-transformationCMR WORLD TECH
 
S13. sip trunk to trunk 2015 1002
S13. sip trunk to trunk 2015 1002S13. sip trunk to trunk 2015 1002
S13. sip trunk to trunk 2015 1002Nam Nguyen
 
E-Business Transformation: Challenges and Opportunities for Telecom Operators
E-Business Transformation: Challenges and Opportunities for Telecom OperatorsE-Business Transformation: Challenges and Opportunities for Telecom Operators
E-Business Transformation: Challenges and Opportunities for Telecom OperatorsFlorian Gröne
 
Evolution or Revolution? Strategies for Telecom Billing Transformation
Evolution or Revolution? Strategies for Telecom Billing TransformationEvolution or Revolution? Strategies for Telecom Billing Transformation
Evolution or Revolution? Strategies for Telecom Billing TransformationFlorian Gröne
 
Business Transformation Telecom
Business Transformation   TelecomBusiness Transformation   Telecom
Business Transformation TelecomAnurag Agrawal
 
SIP Trunking Case Study (Medtronic) Part 2
SIP Trunking Case Study (Medtronic) Part 2SIP Trunking Case Study (Medtronic) Part 2
SIP Trunking Case Study (Medtronic) Part 2ekrapf
 

En vedette (17)

Network Critical
Network CriticalNetwork Critical
Network Critical
 
Pro Viva Emmanuel
Pro Viva EmmanuelPro Viva Emmanuel
Pro Viva Emmanuel
 
New Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing PerformanceNew Frameworks for Measuring Capacity and Assessing Performance
New Frameworks for Measuring Capacity and Assessing Performance
 
Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003Capacity Planning for Virtualized Datacenters - Sun Network 2003
Capacity Planning for Virtualized Datacenters - Sun Network 2003
 
Cctv And Ip Surveillance
Cctv And Ip SurveillanceCctv And Ip Surveillance
Cctv And Ip Surveillance
 
BBC - What is IPTV?
BBC - What is IPTV?BBC - What is IPTV?
BBC - What is IPTV?
 
Secure Network Design with High-Availability & VoIP
Secure Network Design with High-Availability & VoIPSecure Network Design with High-Availability & VoIP
Secure Network Design with High-Availability & VoIP
 
Ip, Sip Transformation Creating A Roadmap
Ip, Sip Transformation   Creating A RoadmapIp, Sip Transformation   Creating A Roadmap
Ip, Sip Transformation Creating A Roadmap
 
Accenture portugal-telecom-it-strategy-transformation
Accenture portugal-telecom-it-strategy-transformationAccenture portugal-telecom-it-strategy-transformation
Accenture portugal-telecom-it-strategy-transformation
 
S13. sip trunk to trunk 2015 1002
S13. sip trunk to trunk 2015 1002S13. sip trunk to trunk 2015 1002
S13. sip trunk to trunk 2015 1002
 
E-Business Transformation: Challenges and Opportunities for Telecom Operators
E-Business Transformation: Challenges and Opportunities for Telecom OperatorsE-Business Transformation: Challenges and Opportunities for Telecom Operators
E-Business Transformation: Challenges and Opportunities for Telecom Operators
 
SIP security in IP telephony
SIP security in IP telephonySIP security in IP telephony
SIP security in IP telephony
 
Evolution or Revolution? Strategies for Telecom Billing Transformation
Evolution or Revolution? Strategies for Telecom Billing TransformationEvolution or Revolution? Strategies for Telecom Billing Transformation
Evolution or Revolution? Strategies for Telecom Billing Transformation
 
Business Transformation Telecom
Business Transformation   TelecomBusiness Transformation   Telecom
Business Transformation Telecom
 
SIP Trunking Case Study (Medtronic) Part 2
SIP Trunking Case Study (Medtronic) Part 2SIP Trunking Case Study (Medtronic) Part 2
SIP Trunking Case Study (Medtronic) Part 2
 
Introduction To SIP
Introduction  To  SIPIntroduction  To  SIP
Introduction To SIP
 
RTP & RTCP
RTP & RTCPRTP & RTCP
RTP & RTCP
 

Similaire à SIP Trunking & Security in an Enterprise Network

Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowDan York
 
Sip trunking slides_-_ot_partner_conference
Sip trunking slides_-_ot_partner_conferenceSip trunking slides_-_ot_partner_conference
Sip trunking slides_-_ot_partner_conferenceThe Fax Guys
 
Explanation of voip
Explanation of voipExplanation of voip
Explanation of voiphuntysen
 
VoIP - seminar at IASRI, New Delhi
VoIP - seminar at IASRI, New DelhiVoIP - seminar at IASRI, New Delhi
VoIP - seminar at IASRI, New DelhiNishikant Taksande
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...SSA KPI
 
IP Telephony Security 101
IP Telephony Security 101IP Telephony Security 101
IP Telephony Security 101Dan York
 
VSC Wholesale & Retail Softswitch
VSC Wholesale & Retail SoftswitchVSC Wholesale & Retail Softswitch
VSC Wholesale & Retail Softswitchmytlaw
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Michael Graves
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...IMEX Research
 
2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cmeYves Jean Louis
 
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...Radisys Corporation
 
Ipecs sbg-1000 brochure
Ipecs sbg-1000 brochureIpecs sbg-1000 brochure
Ipecs sbg-1000 brochureWill Morey
 
3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_DempseyFOMS011
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Newlink
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Newlink
 
Russian broadband market survey 20070418
Russian broadband market survey 20070418Russian broadband market survey 20070418
Russian broadband market survey 20070418Serena Cheng
 

Similaire à SIP Trunking & Security in an Enterprise Network (20)

Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To Know
 
New Convergence
New ConvergenceNew Convergence
New Convergence
 
Sip trunking slides_-_ot_partner_conference
Sip trunking slides_-_ot_partner_conferenceSip trunking slides_-_ot_partner_conference
Sip trunking slides_-_ot_partner_conference
 
Explanation of voip
Explanation of voipExplanation of voip
Explanation of voip
 
VoIP - seminar at IASRI, New Delhi
VoIP - seminar at IASRI, New DelhiVoIP - seminar at IASRI, New Delhi
VoIP - seminar at IASRI, New Delhi
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
 
Voip
VoipVoip
Voip
 
IP Telephony Security 101
IP Telephony Security 101IP Telephony Security 101
IP Telephony Security 101
 
VSC Wholesale & Retail Softswitch
VSC Wholesale & Retail SoftswitchVSC Wholesale & Retail Softswitch
VSC Wholesale & Retail Softswitch
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
 
2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme
 
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
Leveraging IMS for VoLTE and RCS Services in LTE Networks Presented by Adnan ...
 
Ipecs sbg-1000 brochure
Ipecs sbg-1000 brochureIpecs sbg-1000 brochure
Ipecs sbg-1000 brochure
 
3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02
 
Russian broadband market survey 20070418
Russian broadband market survey 20070418Russian broadband market survey 20070418
Russian broadband market survey 20070418
 

Plus de Dan York

Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Dan York
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?Dan York
 
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?Dan York
 
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Dan York
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDan York
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
 
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...Dan York
 
How IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItHow IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItDan York
 
SIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and SecuritySIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and SecurityDan York
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveDan York
 
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLOSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLDan York
 
Recording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeRecording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeDan York
 
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesDan York
 
BLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationBLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationDan York
 
ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)Dan York
 

Plus de Dan York (15)

Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
 
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
 
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
 
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
 
How IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItHow IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About It
 
SIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and SecuritySIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and Security
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin Steve
 
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLOSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
 
Recording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeRecording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/Skype
 
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
 
BLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationBLISS Problem Statement and Motivation
BLISS Problem Statement and Motivation
 
ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)
 

Dernier

UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kitJamie (Taka) Wang
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 

Dernier (20)

UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kit
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 

SIP Trunking & Security in an Enterprise Network

  • 1. SIP Trunking & Security in an Enterprise Network Dan York, CISSP VOIPSA Best Practices Chair September 17, 2008
  • 2. © 2008 VOIPSA and Owners as Marked
  • 3. Privacy Availability Compliance Confidence Mobility Cost Avoidance Business Continuity © 2008 VOIPSA and Owners as Marked
  • 4. © 2008 VOIPSA and Owners as Marked
  • 5. © 2008 VOIPSA and Owners as Marked
  • 6. © 2008 VOIPSA and Owners as Marked
  • 7. © 2008 VOIPSA and Owners as Marked
  • 8. TDM security is relatively simple... PSTN Gateways TDM Switch Physical Voicemail Wiring © 2008 VOIPSA and Owners as Marked
  • 9. VoIP security is more complex Operating Desktop PSTN E-mail Systems PCs Gateways Systems Network Web Firewalls Switches Servers Standards Voice over PDAs Wireless Instant IP Devices Messaging Directories Internet Databases Physical Voicemail Wiring © 2008 VOIPSA and Owners as Marked
  • 10. VoIP can be more secure than the PSTN if it is properly deployed. © 2008 VOIPSA and Owners as Marked
  • 12. Security concerns in telephony are not new… Image courtesy of the Computer History Museum © 2008 VOIPSA and Owners as Marked
  • 13. Nor are our attempts to protect against threats… Image courtesy of Mike Sandman – http://www.sandman.com/ © 2008 VOIPSA and Owners as Marked
  • 14. Security Aspects of IP Telephony Media / Voice Manage TCP/IP Call ment Network Control PSTN Policy © 2008 VOIPSA and Owners as Marked
  • 15. Media Eavesdropping Degraded Voice Quality Encryption Virtual LANs (VLANs) Packet Filtering © 2008 VOIPSA and Owners as Marked
  • 16. Signaling Denial of Service Impersonation Toll Fraud Encryption Encrypted Phone Software Proper Programming © 2008 VOIPSA and Owners as Marked
  • 17. Management Web Interfaces APIs! Phones! Encryption Change Default Passwords! Patches? We don’t need... © 2008 VOIPSA and Owners as Marked
  • 18. PSTN © 2008 VOIPSA and Owners as Marked
  • 19. Geography © 2008 VOIPSA and Owners as Marked
  • 20. Internet LAN © 2008 VOIPSA and Owners as Marked
  • 22. The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN © 2008 VOIPSA and Owners as Marked
  • 23. SIP Trunking PSTN SIP Service Provider Carrier Network IP-PBX LAN © 2008 VOIPSA and Owners as Marked
  • 24. The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN © 2008 VOIPSA and Owners as Marked
  • 25. SIP Trunking - Business Continuity PSTN SIP Service Provider SIP Service Internet Provider IP-PBX LAN © 2008 VOIPSA and Owners as Marked
  • 26. SIP Trunking - Business Continuity PSTN SIP Service Provider SIP Service Internet Provider IP-PBX SIP Service LAN Provider © 2008 VOIPSA and Owners as Marked
  • 28. Geography © 2008 VOIPSA and Owners as Marked
  • 29. Moving Voice Applications into “the Cloud” Application Platform Internet / WAN IP-PBX LAN PSTN © 2008 VOIPSA and Owners as Marked
  • 30. Moving Telephony into “the Cloud” Hosted “IP-PBX” Internet / WAN Firewall LAN PSTN © 2008 VOIPSA and Owners as Marked
  • 31. Can you trust “the Cloud” to be there? © 2008 VOIPSA and Owners as Marked
  • 32. Questions for SIP Trunk Providers or Cloud Computing Platforms? • What kind of availability guarantees / Service Level Agreements (SLAs) does the platform vendor provide? • What kind of geographic redundancy is built into the underlying network? • What kind of network redundancy is built into the underlying network? • What kind of physical redundancy is built into the data centers? • What kind of monitoring does the vendor perform? • What kind of scalability is in the cloud computing platform? • What kind of security, both network and physical, is part of the computing platform? • Finally, what will the vendor do if there is downtime? Will the downtime be reflected in your bill? © 2008 VOIPSA and Owners as Marked
  • 34. What about SPIT? (“SPam over Internet Telephony”) • What does a traditional telemarketer need? • Makes for great headlines, but not yet a significant threat • Fear is script/tool that: – Iterates through calling SIP addresses: • 111@sip.company.com, 112@sip.company.com, … • Opens an audio stream if call is answered (by person or voicemail) – Steals VoIP credentials and uses account to make calls • Reality is that today such direct connections are generally not allowed • This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls SPAM from any other IP endpoint) • Until that time, PSTN is de facto firewall © 2008 VOIPSA and Owners as Marked
  • 36. What is the Industry Doing to Help? Security Vendors VoIP Vendors “The Sky Is Falling!” “Don’t Worry, Trust Us!” (Buy our products!) (Buy our products!) © 2008 VOIPSA and Owners as Marked
  • 37. Voice Over IP Security Alliance (VOIPSA) • www.voipsa.org – 100 members from VoIP and security industries • VOIPSEC mailing list – www.voipsa.org/VOIPSEC/ • “Voice of VOIPSA” Blog – www.voipsa.org/blog • Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com • VoIP Security Threat Taxonomy • Best Practices Project underway now Security Research Market and Social Classification Best Practices Outreach Objectives and Taxonomy of for VoIP Communication Constraints Security Threats Security of Findings Security System Testing LEGEND Published Active Now Ongoing © 2008 VOIPSA and Owners as Marked
  • 39. © 2008 VOIPSA and Owners as Marked
  • 40. Tools, tools, tools... • UDP Flooder • Asteroid • IAX Flooder • enumIAX • IAX Enumerator • iWar • ohrwurm RTP Fuzzer • StegRTP • RTP Flooder • VoiPong • INVITE Flooder • Web Interface for SIP Trace • AuthTool • SIPScan • BYE Teardown • SIPCrack • Redirect Poison • SiVuS • Registration Hijacker • SIPVicious Tool Suite • Registration Eraser • SIPBomber • RTP InsertSound • SIPsak • RTP MixSound • SIP bot • SPITTER © 2008 VOIPSA and Owners as Marked
  • 41. Security Links • VoIP Security Alliance - http://www.voipsa.org/ – Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php – VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ – Weblog - http://www.voipsa.org/blog/ – Security Tools list - http://www.voipsa.org/Resources/tools.php – Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com • NIST SP800-58, “Security Considerations for VoIP Systems” – http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf • Network Security Tools – http://sectools.org/ • Hacking Exposed VoIP site and tools – http://www.hackingvoip.com/ © 2008 VOIPSA and Owners as Marked
  • 42. VoIP can be more secure than the PSTN if it is properly deployed. © 2008 VOIPSA and Owners as Marked
  • 43. Q&eh? www.voipsa.org Dan York - dyork@voxeo.com