SlideShare a Scribd company logo

Maheen.Mehnaz 071618056

M
mashiur
Technology
1 of 15
Download to read offline
15 April 2008 IP Telephony Security: Deploying Secure IP Telephony in t he aspect of Net work infrastructure The objective is to integrate IP telephony and traditional data services onto a shared network infrastructure without compromising the security of either service. Protective mechanisms against all types of attacks must be applied in a holistic manner throughout the enterprise network.
15 April 2008 IP Telephony Security: Deploying Secure IP Telephony in t he aspect of Net work infrastructure Prepared by : Maheen mehnaz ID # 071-618-056 Ete ~ 605 Section ~ 02 Prepared for : Dr. Mashiur Rahman N o r t h So u t h U n ive r s it y
IP Telephony Security Abstract This paper provides best-practice information to interested parties for designing and implementing secure IP telephony networks. Many enterprises, whether large or small, are now considering implementation of IP Telephony systems and services in their networks. What has been a separate circuit switched telephony network on its own, is with the advent of IP Telephony suddenly a part of the IT and IP infrastructure, available and manageable as virtually any other application within that framework. Questions then arise whether telephony is as secure as it was when it was a technology and network on its own, or if even IP Telephony may compromise the integrity and availability of other applications, especially if IP Telephony becomes integrated with these other applications. And one has to also consider the impact of IP Telephony calls originating from an external IP network. This document has the purpose to clarify the issues mentioned above and provides an outline for the measures, which need to be taken in order to securely implement IP Telephony in enterprise networks. As we will see, already today there are technologies and products available that can be installed and used to secure the usage of IP Telephony as well as other related applications. I
IP Telephony Security April 15, 2008 Contents Introduction ........................................................................................................................... 2 Section: 1 ............................................................................................................................... 2 Identifying and Understanding the Risks .............................................................................. 2 Threats in voice over IP (VoIP)............................................................................................. 2 Section: 2 ............................................................................................................................... 3 Attacks against the IP Telephony Network ........................................................................... 3 Packet Sniffers/Call Interception....................................................................................... 3 Virus and Trojan-Horse Applications ............................................................................... 3 Toll Fraud .............................................................................................................................. 3 IP Spoofing............................................................................................................................ 3 Denial of Service ................................................................................................................... 3 Application Layer Attacks..................................................................................................... 4 Section: 3 ............................................................................................................................... 4 Security Solutions of IP Telephony....................................................................................... 4 Encryption ..................................................................................................................... 4 Section: 4 ............................................................................................................................... 6 Designing Guidelines for Small IP Telephony system ..................................................... 7 Section: 5 ............................................................................................................................... 9 Defining a Security Framework ..8 Section: 6 ............................................................................................................................. 10 1
IP Telephony Security April 15, 2008 Introduction As voice over IP (VoIP) installations increasingly evolve from PBX trunking over private data networks to IP telephony (IPT)-based it becomes increasingly important to recognize and address associated security issues. The risk and threat to enterprises deploying IP telephony are very real, and although few incidents have been reported in public, these are expected to increase in number as IP telephony deployments increase in number and size. To mitigate these threats appropriately, the actual risks must be identified and mapped to a security framework. This framework can then be used to establish security requirements for the products used to obtain an appropriate level of security for the IPT solution. However, since IP telephony is a service that enables direct communication between end- user IP phones throughout an enterprise, it is critical that security measures allow this type of peer-to-peer traffic flow while protecting the telephony service. Section: 1 Identifying and Understanding the Risks IP telephony is still a young technology with rapidly evolving products, and the initial focus typically is on issues other than security, such as telephony-grade reliability, voice quality, and telephony features. General security risks can be grouped into the four areas: 1. Interception and impersonation of IPT sessions invading privacy or tampering with information 2. Intrusion of other network services facilitated by the IPT implementation 3. Non-authorized or fraudulent use of IPT equipment 4. Malicious degradation of voice service (denial-of-service, virus, and hacker attacks) Threats in voice over IP (VoIP) Threats associated with VoIP are narrowed into the following categories: Service disruption and annoyance The attempt to disrupt the VoIP service, including management, provisioning, access, and operations. Attacks in this category can affect any network element that supports the VoIP service, including routers, DNS servers, SIP proxies, session border controllers, and so on. Eavesdropping and traffic analysis The attack aims to extract verbal or textual (for example, credit card number or pin) content from a conversation or analyze communications between parties to establish communication patterns, which can later be used to support other attacks. Masquerading and impersonation In this category, targets include users, end user devices, and network elements and can be realized by manipulating the signaling or media streams remotely or through unauthorized access to VoIP components (for example, signaling gateways, the SIP registrar, or DNS servers). For example, if a telecommunications provider is using only caller ID information 2
IP Telephony Security April 15, 2008 to authenticate subscribers to their voice mailboxes, it is possible for an attacker to spoof caller ID information to gain access to a user s voice mailbox. Unauthorized access The difference between masquerading and unauthorized access is that the attacker does not need to impersonate another user or network element, but rather can gain direct access using a vulnerability such as a buffer overflow, default configuration, and poor signaling or network access controls. Fraud Fraud can be realized by manipulating the signaling messages or the configuration of VoIP components, including the billing systems. Section: 2 Attacks against the IP Telephony Network Packet Sniffers/Call Interception A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a particular collision domain. Sniffers are used legitimately in networks today to aid in troubleshooting and traffic analysis. Virus and Trojan-Horse Applications The primary vulnerabilities for end-user workstations are viruses and Trojan horse attacks. Viruses refer to malicious software that is attached to another program to execute a particular unwanted function on a user's workstation. Toll Fraud This attack constitutes theft of service, namely phone calls. There are numerous methods the hacker could use to accomplish this task. In its basic case toll fraud includes an unauthorized user accessing an unattended IP phone to place calls. A more complex attack might include placing a rogue IP phone or gateway on the network to place unauthorized calls. IP Spoofing An IP spoofing attack occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer. A hacker can do this in one of two ways. The hacker uses either an IP address that is within the range of trusted IP addresses for a network or an authorized external IP address that is trusted. Denial of Service Certainly the most publicized form of attack, denial of service (DoS) attacks are also among the most difficult to completely eliminate. Even among the hacker community, DoS attacks are regarded as trivial and considered bad form because they require so little effort to execute. These attacks include the following: TCP SYN Flood Ping of Death UDP fragment flood 3
IP Telephony Security April 15, 2008 ICMP fragment flood If not properly mitigated, all of these sample DoS attacks could render a voice segment unusable. Application Layer Attacks Application layer attacks can be implemented using several different methods. One of the most common methods is exploiting well-known weaknesses in software that are commonly found on servers, such as send mail, HTTP, and FTP. By exploiting these weaknesses, hackers can gain access to a computer with the permissions of the account running the application. Section: 3 Security Solutions of IP Telephony Encryption S/MIME (Secure/Multipurpose Internet Mail Extensions). Provides a way to send and receive secure MIME data. Based on the MIME standard, S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption) and by hop-by-hop SIPS (requires Transport Layer Security, TLS, on whole signaling path). A client/server protocol that allows peers to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery Key exchange done using MIKEY (Multimedia Internet KEYing). A key management scheme that can be used for real-time applications (both for peer-to-peer communication and group communication) supporting SRTP Denial of service (DoS) attacks DoS against SIP (over UDP). ICMP Error Message (Port Unreachable, Protocol Unreachable, Network Unreachable) sent to the target where a caller is sending SIP (over UDP) messages Using SIP CANCEL message. Preventing UAs from making and receiving calls and making UAs drop the call and using SIP BYE message DoS attacks Example Preventing SIP Client-A from making call 4
IP Telephony Security April 15, 2008 The attacker messages cancel a pending request with same Call-ID,TO, From Cseq fields SIP Client-A drops the call just initiated Call Hijacking After INVITE message, a 301 Moved Permanently message would hijack the call towards whomever the attacker decides (himself of another client) Identity Theft Registering address instead of other (if requires authentication might use another type of attack) 5
IP Telephony Security April 15, 2008 SPAM over Internet Telephony (SPIT) Same thread as with email (hundreds of calls just with publicity messages, the phone is ringing all day, etc.). Problem increase with respect to traditional telephony Solutions of SPAM over Internet Telephony (SPIT) Most E-mail filters rely on content analysis. But in voice calls, it is too late to analyze media for spamming. Voice Spam Detection is difficult Detection in real time before the media arrives Great variety of solution Black lists (worst case) White list (it is ok) Grey-listing (faulty system that would be preventable) Section: 4 Designing Secure IP Telephony Solutions Small IP Telephony Design The small IP telephony design utilizes the small network design. The corporate Internet module has been modified to support voice services including Public Switched Telephone Network (PSTN) access for WAN backup and local calls, and VLANs for data/voice segmentation. The campus has been modified to support IP phones, PC-based IP Phones, proxy services, and VLANs. The entire small business design is shown in here for reference: Figure 1 Small Network Detailed Model Voice Threats Mitigated Unauthorized access This type of access is mitigated through filtering at the firewall. Toll fraud Access control limits only known telephony devices from communicating with one another. Denial of service TCP setup controls limit exposure to the call-processing manager. 6
IP Telephony Security April 15, 2008 IP spoofing RFC 2827 and 1918 filters are placed at the Internet service provider (ISP) edge and local firewall router. Designing Guidelines for Small IP Telephony system Designing include routing, NAT, VLAN, voice services, VPN, and stateful firewall. Router setup is the greatest flexibility for the small network because the router supports all the advanced services that may be necessary in today s networks. Firewall must be setup cause: First, firewalls are generally Ethernet only, requiring some conversion to access PSTN and the WAN. This access would then most likely occur through the use of an additional router. Second, firewalls in this small scale of a design generally do not support enough interfaces or VLANs to provide segmentation between the Internet edge, public service, data, and voice segments. Third, for the branch mode of operation, firewalls do not support the same backup voice services for local call processing that routers do in case of head end failure. Medium IP Telephony Design Medium IP telephony design has been modified to support IP phones, PC-based IP Phones, voice services, proxy services, PSTN for WAN backup and local calls, and VLANs for data/voice segmentation. The entire medium business design is shown here for reference: Figure 2 Medium Network Detailed Model Voice Threats Mitigated Packet sniffers/call interception A switched infrastructure limits the effectiveness of sniffing. 7
IP Telephony Security April 15, 2008 Virus and Trojan-horse applications Host-based virus scanning prevents most viruses and many Trojan horses. Unauthorized access This type of access is mitigated through the use of HIDS and application access control. Application layer attacks Operating systems, davices, and applications are kept up-to- date with the latest security fixes, and most servers are additionally protected by HIDS. Toll fraud The call-processing manager will not allow unknown phones to be configured. Denial of service Separation of the voice and data segments significantly reduces the likelihood of an attack. Large IP Telephony Design Some changes have been made to the design, including: PC-based IP Phones were added to data segments of the R&D and marketing user groups. An additional voice segment was added for the voice-mail system. PSTN for local calls was added to the edge distribution module. The call-processing segment in the server module was made highly available and front ended with a pair of stateful firewalls. HIDS was installed on all voice-related services. NIDS was tuned to the correct flows in the voice and related segments. The entire enterprise design is shown in Figure for reference: Figure 3 Large Network Detailed Model Voice Threats Mitigated Packet sniffers/call interception A switched infrastructure limits the effectiveness of sniffing. 8
IP Telephony Security April 15, 2008 Virus and Trojan-horse applications Host-based virus scanning prevents most viruses and many Trojan horses. Unauthorized access This type of access is mitigated through the use of HIDS and application access control. Caller identity spoofing Arpwatch notifies the administrator of the unknown device. Toll fraud Access control limits only known telephony networks from communicating with one another. Section: 5 Defining a Security Framework Two main principles of a security framework are the simplification of design and configuration, and the limitation of exposure. A useful strategy is to divide the actual solution into domains and to limit access rights to each domain depending on functions and associated trust levels within each domain. Figure 4 Conceptual IP Telephony Security Model End-User Devices: IP Phone The IP phone is an end-user device that provides voice and call signaling connections, and in some cases, advanced feature support, Web browsing, wireless connectivity, etc. 1. Must authenticate itself to the call control server or a proxy server upon initial registration. 2. Must support strong authentication for any remote configuration or software upgrade. 9
IP Telephony Security April 15, 2008 3. Should support a configurable access control list to control any incoming traffic (e.g., H.323/SIP, RTP, HTTP, FTP, DHCP). 4. When supporting an additional Ethernet port for PC connectivity, should have this implemented via a switching function combined with VLAN functionality. IPT Media related server: The Voice Gateway The voice gateway is a network entity that provides media conversion (and in some cases, signaling conversion) between the IP network and the public switched telephone network. 1. Must support strong authentication for any configuration or software upgrades. 2. Provides denial-of-service protection on the IP interface. 3. Should be configured to route calls only via the call control server. 4. Has a server component that should be configured with both virus protection and host- based intrusion detection. 5. Should support a media protocol authentication on a per-packet basis. IPT Call Control-Related Servers: The Call Control Server It contains all routing, service, and user information, and it can control access to servers containing this information. 1. Is a software entity typically implemented on commercially availably operating systems. All standard security precautions should be taken turning off all unused services, keeping patching of OS and services up-to-date, and using only the operating system for the call control server. 2. Implemented on secure operating systems (e.g., Linux, Unix) by leading vendors. 3. Should have all user or device access to servers authenticated and authorized. 4. Must support strong authentication for any configuration or software upgrades. 5. Should support application-level, hop-by-hop signaling message authentication. 6. Should support encryption of call setup information. IPT Operational and Management Access All IPT operational and management access must be restricted and accessed only via strong authentication control. Section: 6 Conclusion After all VoIP technology reaches across the globe penetrating all types of markets. In Bangladesh now Call Center(s) are establishing everywhere so security system should be taken as the size of networks and enterprise. It is true that VoIP security is an issue and one that is being addressed. More and more VoIP service providers are looking at ways to provide VoIP security for their customers to remove the vulnerability that exists for security risks. 10
IP Telephony Security April 15, 2008 Every business regardless of size has concern over keeping their business dealings safe and secure. One of the challenges seen today has to do with computers and hackers. Since VoIP or Voice over IP technology uses the computer to create voice streams, many business owners have questions regarding VoIP security. Appendix: Architecture Taxonomy Firewall: Stateful packet-filtering device that maintains state tables for IP-based protocols. Traffic is allowed to cross the firewall only if it conforms to the access-control filters defined, or if it is part of an already established session in the state table. Router: A wide spectrum of flexible network devices, which provide many routing and security services for all performance requirements. Most devices are modular and have a range of LAN and WAN physical interfaces. Host IDS: Host intrusion detection system is a software application that monitors activity on an individual host. Monitoring techniques can include validating operating system and application calls, checking log files, file system information, and network connections. Network IDS: Network intrusion detection system. Typically used in a nondisruptive manner, this device captures traffic on a LAN segment and tries to match the real-time traffic against known attack signatures. Signatures range from atomic (single packet and direction) signatures to composite (multipacket) signatures requiring state tables and Layer 7 application tracking. Application server: Provides application services directly or indirectly for enterprise end users. Services can include workflow, general office, and security applications. Management server: Provides network management services for the operators of enterprise networks. Services can include general configuration management, monitoring of network security devices, and operation of the security functions. Call-process manager: Provides call setup/establishment and customizable user-based configurations; also known as IP PBX. Voice-mail system: Provides IP-based voice-mail storage and autoattendant. PC-based IP Phone: Any application that has the ability to reside on a user system (for example, desktop) and place calls to other IP telephony systems over the IP network. 11
IP Telephony Security April 15, 2008 Voice-enabled router: A router as defined previously with the additional capabilities of call processing (as listed previously) and legacy voice systems support (for example, Public Switched Telephone Network [PSTN]). References RFC 2543 SIP: Session Initiation Protocol: http://www.cisco.com/warp/public/788/voip/voice_rfcs.html RFC 2705 MGCP: Media Gateway Control Protocol http://www.ietf.org/rfc/rfc2705.txt?number=2705 Partner Product References Diagram legend 12

Recommended

Authentication service security
Authentication service securityAuthentication service security
Authentication service securityG Prachi
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesFaizan Shaikh
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Mobile device security
Mobile device securityMobile device security
Mobile device securityLisa Herrera
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 

Recommended

Authentication service security
Authentication service securityAuthentication service security
Authentication service securityG Prachi
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesFaizan Shaikh
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Mobile device security
Mobile device securityMobile device security
Mobile device securityLisa Herrera
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityimtnoida112
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber CrimeDeepak Kumar
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityAnkit Ranjan
 
Cyber security awareness - iWeek2017
Cyber security awareness - iWeek2017Cyber security awareness - iWeek2017
Cyber security awareness - iWeek2017dotZADNA
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeAbir Rahman
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its securityAshwini Awatare
 
CYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURCYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURDr. Sushma H.B
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYabdul talha
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeHarendra Singh
 
Digital safety
Digital safetyDigital safety
Digital safetyPankaj Kumar Jadwani
 
Method and apparatus for network immunization
Method and apparatus for network immunizationMethod and apparatus for network immunization
Method and apparatus for network immunizationTal Lavian Ph.D.
 
Ete411 Lec7
Ete411 Lec7Ete411 Lec7
Ete411 Lec7mashiur
 

More Related Content

What's hot

Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber CrimeDeepak Kumar
 
Cyber security awareness - iWeek2017
Cyber security awareness - iWeek2017Cyber security awareness - iWeek2017
Cyber security awareness - iWeek2017dotZADNA
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its securityAshwini Awatare
 
CYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURCYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURDr. Sushma H.B
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYabdul talha
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 

What's hot (20)

Mobile security
Mobile securityMobile security
Mobile security
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Mobile security
Mobile securityMobile security
Mobile security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber Crime
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber security awareness - iWeek2017
Cyber security awareness - iWeek2017Cyber security awareness - iWeek2017
Cyber security awareness - iWeek2017
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crimes and its security
Cyber crimes and its securityCyber crimes and its security
Cyber crimes and its security
 
CYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURCYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOUR
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Digital safety
Digital safetyDigital safety
Digital safety
 

Viewers also liked

Method and apparatus for network immunization
Method and apparatus for network immunizationMethod and apparatus for network immunization
Method and apparatus for network immunizationTal Lavian Ph.D.
 
Ete411 Lec7
Ete411 Lec7Ete411 Lec7
Ete411 Lec7mashiur
 
Ete411 Lec14
Ete411 Lec14Ete411 Lec14
Ete411 Lec14mashiur
 
Md Iqbal Hossain 063478056
Md Iqbal Hossain 063478056Md Iqbal Hossain 063478056
Md Iqbal Hossain 063478056mashiur
 
Mohibul Islam Id# 071681056
Mohibul Islam Id# 071681056Mohibul Islam Id# 071681056
Mohibul Islam Id# 071681056mashiur
 
Stentofon VOIP
Stentofon VOIPStentofon VOIP
Stentofon VOIPkerryorr
 
Sk M Rezaul Karim 072899056
Sk M Rezaul Karim 072899056Sk M Rezaul Karim 072899056
Sk M Rezaul Karim 072899056mashiur
 
ETE405-lec4.pptx
ETE405-lec4.pptxETE405-lec4.pptx
ETE405-lec4.pptxmashiur
 
Alpha Com E
Alpha Com EAlpha Com E
Alpha Com Ekerryorr
 
Trabalho de Internet
Trabalho de InternetTrabalho de Internet
Trabalho de Internetticrica
 
Istiaque Al Mahmood (073742556)
Istiaque Al Mahmood (073742556)Istiaque Al Mahmood (073742556)
Istiaque Al Mahmood (073742556)mashiur
 
Ete411 Lec12
Ete411 Lec12Ete411 Lec12
Ete411 Lec12mashiur
 
Md Akramul Huq Chowdhury Id 061779056
Md Akramul Huq Chowdhury Id 061779056Md Akramul Huq Chowdhury Id 061779056
Md Akramul Huq Chowdhury Id 061779056mashiur
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Michael Graves
 
DPI BOX: deep packet inspection for ISP traffic management
DPI BOX: deep packet inspection for ISP traffic managementDPI BOX: deep packet inspection for ISP traffic management
DPI BOX: deep packet inspection for ISP traffic managementIlya Mikov
 
Razin Kabir (063452556)
Razin Kabir (063452556)Razin Kabir (063452556)
Razin Kabir (063452556)mashiur
 
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test MethodologyDeep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test MethodologyIxia
 

Viewers also liked (20)

Method and apparatus for network immunization
Method and apparatus for network immunizationMethod and apparatus for network immunization
Method and apparatus for network immunization
 
Ete411 Lec7
Ete411 Lec7Ete411 Lec7
Ete411 Lec7
 
Ete411 Lec14
Ete411 Lec14Ete411 Lec14
Ete411 Lec14
 
Md Iqbal Hossain 063478056
Md Iqbal Hossain 063478056Md Iqbal Hossain 063478056
Md Iqbal Hossain 063478056
 
Mohibul Islam Id# 071681056
Mohibul Islam Id# 071681056Mohibul Islam Id# 071681056
Mohibul Islam Id# 071681056
 
Stentofon VOIP
Stentofon VOIPStentofon VOIP
Stentofon VOIP
 
Sk M Rezaul Karim 072899056
Sk M Rezaul Karim 072899056Sk M Rezaul Karim 072899056
Sk M Rezaul Karim 072899056
 
ETE405-lec4.pptx
ETE405-lec4.pptxETE405-lec4.pptx
ETE405-lec4.pptx
 
Alpha Com E
Alpha Com EAlpha Com E
Alpha Com E
 
Trabalho de Internet
Trabalho de InternetTrabalho de Internet
Trabalho de Internet
 
Istiaque Al Mahmood (073742556)
Istiaque Al Mahmood (073742556)Istiaque Al Mahmood (073742556)
Istiaque Al Mahmood (073742556)
 
Ete411 Lec12
Ete411 Lec12Ete411 Lec12
Ete411 Lec12
 
MWC 2010 DPI
MWC 2010 DPIMWC 2010 DPI
MWC 2010 DPI
 
Intelligent Mobile Broadband
Intelligent Mobile BroadbandIntelligent Mobile Broadband
Intelligent Mobile Broadband
 
Md Akramul Huq Chowdhury Id 061779056
Md Akramul Huq Chowdhury Id 061779056Md Akramul Huq Chowdhury Id 061779056
Md Akramul Huq Chowdhury Id 061779056
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010
 
DPI BOX: deep packet inspection for ISP traffic management
DPI BOX: deep packet inspection for ISP traffic managementDPI BOX: deep packet inspection for ISP traffic management
DPI BOX: deep packet inspection for ISP traffic management
 
Razin Kabir (063452556)
Razin Kabir (063452556)Razin Kabir (063452556)
Razin Kabir (063452556)
 
Deep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test MethodologyDeep Packet Inspection (DPI) Test Methodology
Deep Packet Inspection (DPI) Test Methodology
 

Similar to Maheen.Mehnaz 071618056

Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056mashiur
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Moon Technolabs Pvt. Ltd.
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxronak56
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxdaniahendric
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxmakdul
 
Internet of Things IoT Security Perspective
Internet of Things IoT Security PerspectiveInternet of Things IoT Security Perspective
Internet of Things IoT Security Perspectiveijtsrd
 
Threats In Vo Ip
Threats In Vo IpThreats In Vo Ip
Threats In Vo Ipguest209a2c
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51martinvoelk
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking securityFlowroute
 
ITU Security in Telecommunications & Information Technology
ITU Security in Telecommunications & Information TechnologyITU Security in Telecommunications & Information Technology
ITU Security in Telecommunications & Information TechnologyITU
 
Recomended ip telephony architecture
Recomended ip telephony architectureRecomended ip telephony architecture
Recomended ip telephony architectureFeras Ajjawi
 
White paper surveillancepointmarket
White paper surveillancepointmarketWhite paper surveillancepointmarket
White paper surveillancepointmarketFinite Moments
 
Netas Nova Cyber Security Product Family
Netas Nova Cyber Security Product FamilyNetas Nova Cyber Security Product Family
Netas Nova Cyber Security Product FamilyCagdas Tanriover
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docxTHE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docxrtodd33
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
 

Similar to Maheen.Mehnaz 071618056 (20)

Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
Internet of Things IoT Security Perspective
Internet of Things IoT Security PerspectiveInternet of Things IoT Security Perspective
Internet of Things IoT Security Perspective
 
Threats In Vo Ip
Threats In Vo IpThreats In Vo Ip
Threats In Vo Ip
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking security
 
ITU Security in Telecommunications & Information Technology
ITU Security in Telecommunications & Information TechnologyITU Security in Telecommunications & Information Technology
ITU Security in Telecommunications & Information Technology
 
Recomended ip telephony architecture
Recomended ip telephony architectureRecomended ip telephony architecture
Recomended ip telephony architecture
 
White paper surveillancepointmarket
White paper surveillancepointmarketWhite paper surveillancepointmarket
White paper surveillancepointmarket
 
VoIP Research Paper
VoIP Research PaperVoIP Research Paper
VoIP Research Paper
 
Netas Nova Cyber Security Product Family
Netas Nova Cyber Security Product FamilyNetas Nova Cyber Security Product Family
Netas Nova Cyber Security Product Family
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docxTHE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
THE GOOD SEED DROP-IN, Website - (goodseedcdc.org) MISSION.docx
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 

More from mashiur

Touseef Kamal062159056
Touseef Kamal062159056Touseef Kamal062159056
Touseef Kamal062159056mashiur
 
Towfique 063382056
Towfique 063382056Towfique 063382056
Towfique 063382056mashiur
 
Tasmiah Binte Zilani (071649556)
Tasmiah Binte Zilani (071649556)Tasmiah Binte Zilani (071649556)
Tasmiah Binte Zilani (071649556)mashiur
 
Syeda Farhana Shirin Id#062681056
Syeda Farhana Shirin Id#062681056Syeda Farhana Shirin Id#062681056
Syeda Farhana Shirin Id#062681056mashiur
 
Shihab Uddin 062483056
Shihab Uddin 062483056Shihab Uddin 062483056
Shihab Uddin 062483056mashiur
 
Shakhawat Hossain (062364056)
Shakhawat Hossain (062364056)Shakhawat Hossain (062364056)
Shakhawat Hossain (062364056)mashiur
 
Shahriar Khaled 062473056
Shahriar Khaled 062473056Shahriar Khaled 062473056
Shahriar Khaled 062473056mashiur
 
Shahnshah Sarker 072802556
Shahnshah Sarker 072802556Shahnshah Sarker 072802556
Shahnshah Sarker 072802556mashiur
 
Shah M Saklaen 072809056
Shah M Saklaen 072809056Shah M Saklaen 072809056
Shah M Saklaen 072809056mashiur
 
Sayef Almaji (063170056)
Sayef Almaji (063170056)Sayef Almaji (063170056)
Sayef Almaji (063170056)mashiur
 
Shah Md Zobair(063560056)
Shah Md Zobair(063560056)Shah Md Zobair(063560056)
Shah Md Zobair(063560056)mashiur
 
Shahed.Anwar 061708556
Shahed.Anwar 061708556Shahed.Anwar 061708556
Shahed.Anwar 061708556mashiur
 
Sajjad Hossain 071297056
Sajjad Hossain 071297056Sajjad Hossain 071297056
Sajjad Hossain 071297056mashiur
 
S K Ashikur Rahman (072874556)
S K Ashikur Rahman (072874556)S K Ashikur Rahman (072874556)
S K Ashikur Rahman (072874556)mashiur
 
Rumana Rashid Riti (Id 053 507 056)
Rumana Rashid Riti (Id 053 507 056)Rumana Rashid Riti (Id 053 507 056)
Rumana Rashid Riti (Id 053 507 056)mashiur
 
Rumana Akther Id#072842056
Rumana Akther Id#072842056Rumana Akther Id#072842056
Rumana Akther Id#072842056mashiur
 
Ridhwana Mohammad (071403056)
Ridhwana Mohammad (071403056)Ridhwana Mohammad (071403056)
Ridhwana Mohammad (071403056)mashiur
 
Riaz Rahman (072878056)
Riaz Rahman (072878056)Riaz Rahman (072878056)
Riaz Rahman (072878056)mashiur
 
Rubaiyet Rashid Romel (063454056)
Rubaiyet Rashid Romel (063454056)Rubaiyet Rashid Romel (063454056)
Rubaiyet Rashid Romel (063454056)mashiur
 
Rehana Zakia (063411056)
Rehana Zakia (063411056)Rehana Zakia (063411056)
Rehana Zakia (063411056)mashiur
 

More from mashiur (20)

Touseef Kamal062159056
Touseef Kamal062159056Touseef Kamal062159056
Touseef Kamal062159056
 
Towfique 063382056
Towfique 063382056Towfique 063382056
Towfique 063382056
 
Tasmiah Binte Zilani (071649556)
Tasmiah Binte Zilani (071649556)Tasmiah Binte Zilani (071649556)
Tasmiah Binte Zilani (071649556)
 
Syeda Farhana Shirin Id#062681056
Syeda Farhana Shirin Id#062681056Syeda Farhana Shirin Id#062681056
Syeda Farhana Shirin Id#062681056
 
Shihab Uddin 062483056
Shihab Uddin 062483056Shihab Uddin 062483056
Shihab Uddin 062483056
 
Shakhawat Hossain (062364056)
Shakhawat Hossain (062364056)Shakhawat Hossain (062364056)
Shakhawat Hossain (062364056)
 
Shahriar Khaled 062473056
Shahriar Khaled 062473056Shahriar Khaled 062473056
Shahriar Khaled 062473056
 
Shahnshah Sarker 072802556
Shahnshah Sarker 072802556Shahnshah Sarker 072802556
Shahnshah Sarker 072802556
 
Shah M Saklaen 072809056
Shah M Saklaen 072809056Shah M Saklaen 072809056
Shah M Saklaen 072809056
 
Sayef Almaji (063170056)
Sayef Almaji (063170056)Sayef Almaji (063170056)
Sayef Almaji (063170056)
 
Shah Md Zobair(063560056)
Shah Md Zobair(063560056)Shah Md Zobair(063560056)
Shah Md Zobair(063560056)
 
Shahed.Anwar 061708556
Shahed.Anwar 061708556Shahed.Anwar 061708556
Shahed.Anwar 061708556
 
Sajjad Hossain 071297056
Sajjad Hossain 071297056Sajjad Hossain 071297056
Sajjad Hossain 071297056
 
S K Ashikur Rahman (072874556)
S K Ashikur Rahman (072874556)S K Ashikur Rahman (072874556)
S K Ashikur Rahman (072874556)
 
Rumana Rashid Riti (Id 053 507 056)
Rumana Rashid Riti (Id 053 507 056)Rumana Rashid Riti (Id 053 507 056)
Rumana Rashid Riti (Id 053 507 056)
 
Rumana Akther Id#072842056
Rumana Akther Id#072842056Rumana Akther Id#072842056
Rumana Akther Id#072842056
 
Ridhwana Mohammad (071403056)
Ridhwana Mohammad (071403056)Ridhwana Mohammad (071403056)
Ridhwana Mohammad (071403056)
 
Riaz Rahman (072878056)
Riaz Rahman (072878056)Riaz Rahman (072878056)
Riaz Rahman (072878056)
 
Rubaiyet Rashid Romel (063454056)
Rubaiyet Rashid Romel (063454056)Rubaiyet Rashid Romel (063454056)
Rubaiyet Rashid Romel (063454056)
 
Rehana Zakia (063411056)
Rehana Zakia (063411056)Rehana Zakia (063411056)
Rehana Zakia (063411056)
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

Maheen.Mehnaz 071618056

  • 1. 15 April 2008 IP Telephony Security: Deploying Secure IP Telephony in t he aspect of Net work infrastructure The objective is to integrate IP telephony and traditional data services onto a shared network infrastructure without compromising the security of either service. Protective mechanisms against all types of attacks must be applied in a holistic manner throughout the enterprise network.
  • 2. 15 April 2008 IP Telephony Security: Deploying Secure IP Telephony in t he aspect of Net work infrastructure Prepared by : Maheen mehnaz ID # 071-618-056 Ete ~ 605 Section ~ 02 Prepared for : Dr. Mashiur Rahman N o r t h So u t h U n ive r s it y
  • 3. IP Telephony Security Abstract This paper provides best-practice information to interested parties for designing and implementing secure IP telephony networks. Many enterprises, whether large or small, are now considering implementation of IP Telephony systems and services in their networks. What has been a separate circuit switched telephony network on its own, is with the advent of IP Telephony suddenly a part of the IT and IP infrastructure, available and manageable as virtually any other application within that framework. Questions then arise whether telephony is as secure as it was when it was a technology and network on its own, or if even IP Telephony may compromise the integrity and availability of other applications, especially if IP Telephony becomes integrated with these other applications. And one has to also consider the impact of IP Telephony calls originating from an external IP network. This document has the purpose to clarify the issues mentioned above and provides an outline for the measures, which need to be taken in order to securely implement IP Telephony in enterprise networks. As we will see, already today there are technologies and products available that can be installed and used to secure the usage of IP Telephony as well as other related applications. I
  • 4. IP Telephony Security April 15, 2008 Contents Introduction ........................................................................................................................... 2 Section: 1 ............................................................................................................................... 2 Identifying and Understanding the Risks .............................................................................. 2 Threats in voice over IP (VoIP)............................................................................................. 2 Section: 2 ............................................................................................................................... 3 Attacks against the IP Telephony Network ........................................................................... 3 Packet Sniffers/Call Interception....................................................................................... 3 Virus and Trojan-Horse Applications ............................................................................... 3 Toll Fraud .............................................................................................................................. 3 IP Spoofing............................................................................................................................ 3 Denial of Service ................................................................................................................... 3 Application Layer Attacks..................................................................................................... 4 Section: 3 ............................................................................................................................... 4 Security Solutions of IP Telephony....................................................................................... 4 Encryption ..................................................................................................................... 4 Section: 4 ............................................................................................................................... 6 Designing Guidelines for Small IP Telephony system ..................................................... 7 Section: 5 ............................................................................................................................... 9 Defining a Security Framework ..8 Section: 6 ............................................................................................................................. 10 1
  • 5. IP Telephony Security April 15, 2008 Introduction As voice over IP (VoIP) installations increasingly evolve from PBX trunking over private data networks to IP telephony (IPT)-based it becomes increasingly important to recognize and address associated security issues. The risk and threat to enterprises deploying IP telephony are very real, and although few incidents have been reported in public, these are expected to increase in number as IP telephony deployments increase in number and size. To mitigate these threats appropriately, the actual risks must be identified and mapped to a security framework. This framework can then be used to establish security requirements for the products used to obtain an appropriate level of security for the IPT solution. However, since IP telephony is a service that enables direct communication between end- user IP phones throughout an enterprise, it is critical that security measures allow this type of peer-to-peer traffic flow while protecting the telephony service. Section: 1 Identifying and Understanding the Risks IP telephony is still a young technology with rapidly evolving products, and the initial focus typically is on issues other than security, such as telephony-grade reliability, voice quality, and telephony features. General security risks can be grouped into the four areas: 1. Interception and impersonation of IPT sessions invading privacy or tampering with information 2. Intrusion of other network services facilitated by the IPT implementation 3. Non-authorized or fraudulent use of IPT equipment 4. Malicious degradation of voice service (denial-of-service, virus, and hacker attacks) Threats in voice over IP (VoIP) Threats associated with VoIP are narrowed into the following categories: Service disruption and annoyance The attempt to disrupt the VoIP service, including management, provisioning, access, and operations. Attacks in this category can affect any network element that supports the VoIP service, including routers, DNS servers, SIP proxies, session border controllers, and so on. Eavesdropping and traffic analysis The attack aims to extract verbal or textual (for example, credit card number or pin) content from a conversation or analyze communications between parties to establish communication patterns, which can later be used to support other attacks. Masquerading and impersonation In this category, targets include users, end user devices, and network elements and can be realized by manipulating the signaling or media streams remotely or through unauthorized access to VoIP components (for example, signaling gateways, the SIP registrar, or DNS servers). For example, if a telecommunications provider is using only caller ID information 2
  • 6. IP Telephony Security April 15, 2008 to authenticate subscribers to their voice mailboxes, it is possible for an attacker to spoof caller ID information to gain access to a user s voice mailbox. Unauthorized access The difference between masquerading and unauthorized access is that the attacker does not need to impersonate another user or network element, but rather can gain direct access using a vulnerability such as a buffer overflow, default configuration, and poor signaling or network access controls. Fraud Fraud can be realized by manipulating the signaling messages or the configuration of VoIP components, including the billing systems. Section: 2 Attacks against the IP Telephony Network Packet Sniffers/Call Interception A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a particular collision domain. Sniffers are used legitimately in networks today to aid in troubleshooting and traffic analysis. Virus and Trojan-Horse Applications The primary vulnerabilities for end-user workstations are viruses and Trojan horse attacks. Viruses refer to malicious software that is attached to another program to execute a particular unwanted function on a user's workstation. Toll Fraud This attack constitutes theft of service, namely phone calls. There are numerous methods the hacker could use to accomplish this task. In its basic case toll fraud includes an unauthorized user accessing an unattended IP phone to place calls. A more complex attack might include placing a rogue IP phone or gateway on the network to place unauthorized calls. IP Spoofing An IP spoofing attack occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer. A hacker can do this in one of two ways. The hacker uses either an IP address that is within the range of trusted IP addresses for a network or an authorized external IP address that is trusted. Denial of Service Certainly the most publicized form of attack, denial of service (DoS) attacks are also among the most difficult to completely eliminate. Even among the hacker community, DoS attacks are regarded as trivial and considered bad form because they require so little effort to execute. These attacks include the following: TCP SYN Flood Ping of Death UDP fragment flood 3
  • 7. IP Telephony Security April 15, 2008 ICMP fragment flood If not properly mitigated, all of these sample DoS attacks could render a voice segment unusable. Application Layer Attacks Application layer attacks can be implemented using several different methods. One of the most common methods is exploiting well-known weaknesses in software that are commonly found on servers, such as send mail, HTTP, and FTP. By exploiting these weaknesses, hackers can gain access to a computer with the permissions of the account running the application. Section: 3 Security Solutions of IP Telephony Encryption S/MIME (Secure/Multipurpose Internet Mail Extensions). Provides a way to send and receive secure MIME data. Based on the MIME standard, S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption) and by hop-by-hop SIPS (requires Transport Layer Security, TLS, on whole signaling path). A client/server protocol that allows peers to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery Key exchange done using MIKEY (Multimedia Internet KEYing). A key management scheme that can be used for real-time applications (both for peer-to-peer communication and group communication) supporting SRTP Denial of service (DoS) attacks DoS against SIP (over UDP). ICMP Error Message (Port Unreachable, Protocol Unreachable, Network Unreachable) sent to the target where a caller is sending SIP (over UDP) messages Using SIP CANCEL message. Preventing UAs from making and receiving calls and making UAs drop the call and using SIP BYE message DoS attacks Example Preventing SIP Client-A from making call 4
  • 8. IP Telephony Security April 15, 2008 The attacker messages cancel a pending request with same Call-ID,TO, From Cseq fields SIP Client-A drops the call just initiated Call Hijacking After INVITE message, a 301 Moved Permanently message would hijack the call towards whomever the attacker decides (himself of another client) Identity Theft Registering address instead of other (if requires authentication might use another type of attack) 5
  • 9. IP Telephony Security April 15, 2008 SPAM over Internet Telephony (SPIT) Same thread as with email (hundreds of calls just with publicity messages, the phone is ringing all day, etc.). Problem increase with respect to traditional telephony Solutions of SPAM over Internet Telephony (SPIT) Most E-mail filters rely on content analysis. But in voice calls, it is too late to analyze media for spamming. Voice Spam Detection is difficult Detection in real time before the media arrives Great variety of solution Black lists (worst case) White list (it is ok) Grey-listing (faulty system that would be preventable) Section: 4 Designing Secure IP Telephony Solutions Small IP Telephony Design The small IP telephony design utilizes the small network design. The corporate Internet module has been modified to support voice services including Public Switched Telephone Network (PSTN) access for WAN backup and local calls, and VLANs for data/voice segmentation. The campus has been modified to support IP phones, PC-based IP Phones, proxy services, and VLANs. The entire small business design is shown in here for reference: Figure 1 Small Network Detailed Model Voice Threats Mitigated Unauthorized access This type of access is mitigated through filtering at the firewall. Toll fraud Access control limits only known telephony devices from communicating with one another. Denial of service TCP setup controls limit exposure to the call-processing manager. 6
  • 10. IP Telephony Security April 15, 2008 IP spoofing RFC 2827 and 1918 filters are placed at the Internet service provider (ISP) edge and local firewall router. Designing Guidelines for Small IP Telephony system Designing include routing, NAT, VLAN, voice services, VPN, and stateful firewall. Router setup is the greatest flexibility for the small network because the router supports all the advanced services that may be necessary in today s networks. Firewall must be setup cause: First, firewalls are generally Ethernet only, requiring some conversion to access PSTN and the WAN. This access would then most likely occur through the use of an additional router. Second, firewalls in this small scale of a design generally do not support enough interfaces or VLANs to provide segmentation between the Internet edge, public service, data, and voice segments. Third, for the branch mode of operation, firewalls do not support the same backup voice services for local call processing that routers do in case of head end failure. Medium IP Telephony Design Medium IP telephony design has been modified to support IP phones, PC-based IP Phones, voice services, proxy services, PSTN for WAN backup and local calls, and VLANs for data/voice segmentation. The entire medium business design is shown here for reference: Figure 2 Medium Network Detailed Model Voice Threats Mitigated Packet sniffers/call interception A switched infrastructure limits the effectiveness of sniffing. 7
  • 11. IP Telephony Security April 15, 2008 Virus and Trojan-horse applications Host-based virus scanning prevents most viruses and many Trojan horses. Unauthorized access This type of access is mitigated through the use of HIDS and application access control. Application layer attacks Operating systems, davices, and applications are kept up-to- date with the latest security fixes, and most servers are additionally protected by HIDS. Toll fraud The call-processing manager will not allow unknown phones to be configured. Denial of service Separation of the voice and data segments significantly reduces the likelihood of an attack. Large IP Telephony Design Some changes have been made to the design, including: PC-based IP Phones were added to data segments of the R&D and marketing user groups. An additional voice segment was added for the voice-mail system. PSTN for local calls was added to the edge distribution module. The call-processing segment in the server module was made highly available and front ended with a pair of stateful firewalls. HIDS was installed on all voice-related services. NIDS was tuned to the correct flows in the voice and related segments. The entire enterprise design is shown in Figure for reference: Figure 3 Large Network Detailed Model Voice Threats Mitigated Packet sniffers/call interception A switched infrastructure limits the effectiveness of sniffing. 8
  • 12. IP Telephony Security April 15, 2008 Virus and Trojan-horse applications Host-based virus scanning prevents most viruses and many Trojan horses. Unauthorized access This type of access is mitigated through the use of HIDS and application access control. Caller identity spoofing Arpwatch notifies the administrator of the unknown device. Toll fraud Access control limits only known telephony networks from communicating with one another. Section: 5 Defining a Security Framework Two main principles of a security framework are the simplification of design and configuration, and the limitation of exposure. A useful strategy is to divide the actual solution into domains and to limit access rights to each domain depending on functions and associated trust levels within each domain. Figure 4 Conceptual IP Telephony Security Model End-User Devices: IP Phone The IP phone is an end-user device that provides voice and call signaling connections, and in some cases, advanced feature support, Web browsing, wireless connectivity, etc. 1. Must authenticate itself to the call control server or a proxy server upon initial registration. 2. Must support strong authentication for any remote configuration or software upgrade. 9
  • 13. IP Telephony Security April 15, 2008 3. Should support a configurable access control list to control any incoming traffic (e.g., H.323/SIP, RTP, HTTP, FTP, DHCP). 4. When supporting an additional Ethernet port for PC connectivity, should have this implemented via a switching function combined with VLAN functionality. IPT Media related server: The Voice Gateway The voice gateway is a network entity that provides media conversion (and in some cases, signaling conversion) between the IP network and the public switched telephone network. 1. Must support strong authentication for any configuration or software upgrades. 2. Provides denial-of-service protection on the IP interface. 3. Should be configured to route calls only via the call control server. 4. Has a server component that should be configured with both virus protection and host- based intrusion detection. 5. Should support a media protocol authentication on a per-packet basis. IPT Call Control-Related Servers: The Call Control Server It contains all routing, service, and user information, and it can control access to servers containing this information. 1. Is a software entity typically implemented on commercially availably operating systems. All standard security precautions should be taken turning off all unused services, keeping patching of OS and services up-to-date, and using only the operating system for the call control server. 2. Implemented on secure operating systems (e.g., Linux, Unix) by leading vendors. 3. Should have all user or device access to servers authenticated and authorized. 4. Must support strong authentication for any configuration or software upgrades. 5. Should support application-level, hop-by-hop signaling message authentication. 6. Should support encryption of call setup information. IPT Operational and Management Access All IPT operational and management access must be restricted and accessed only via strong authentication control. Section: 6 Conclusion After all VoIP technology reaches across the globe penetrating all types of markets. In Bangladesh now Call Center(s) are establishing everywhere so security system should be taken as the size of networks and enterprise. It is true that VoIP security is an issue and one that is being addressed. More and more VoIP service providers are looking at ways to provide VoIP security for their customers to remove the vulnerability that exists for security risks. 10
  • 14. IP Telephony Security April 15, 2008 Every business regardless of size has concern over keeping their business dealings safe and secure. One of the challenges seen today has to do with computers and hackers. Since VoIP or Voice over IP technology uses the computer to create voice streams, many business owners have questions regarding VoIP security. Appendix: Architecture Taxonomy Firewall: Stateful packet-filtering device that maintains state tables for IP-based protocols. Traffic is allowed to cross the firewall only if it conforms to the access-control filters defined, or if it is part of an already established session in the state table. Router: A wide spectrum of flexible network devices, which provide many routing and security services for all performance requirements. Most devices are modular and have a range of LAN and WAN physical interfaces. Host IDS: Host intrusion detection system is a software application that monitors activity on an individual host. Monitoring techniques can include validating operating system and application calls, checking log files, file system information, and network connections. Network IDS: Network intrusion detection system. Typically used in a nondisruptive manner, this device captures traffic on a LAN segment and tries to match the real-time traffic against known attack signatures. Signatures range from atomic (single packet and direction) signatures to composite (multipacket) signatures requiring state tables and Layer 7 application tracking. Application server: Provides application services directly or indirectly for enterprise end users. Services can include workflow, general office, and security applications. Management server: Provides network management services for the operators of enterprise networks. Services can include general configuration management, monitoring of network security devices, and operation of the security functions. Call-process manager: Provides call setup/establishment and customizable user-based configurations; also known as IP PBX. Voice-mail system: Provides IP-based voice-mail storage and autoattendant. PC-based IP Phone: Any application that has the ability to reside on a user system (for example, desktop) and place calls to other IP telephony systems over the IP network. 11
  • 15. IP Telephony Security April 15, 2008 Voice-enabled router: A router as defined previously with the additional capabilities of call processing (as listed previously) and legacy voice systems support (for example, Public Switched Telephone Network [PSTN]). References RFC 2543 SIP: Session Initiation Protocol: http://www.cisco.com/warp/public/788/voip/voice_rfcs.html RFC 2705 MGCP: Media Gateway Control Protocol http://www.ietf.org/rfc/rfc2705.txt?number=2705 Partner Product References Diagram legend 12