1 / 14

A Comparison of Traditional Telephony Security with VoIP

A Comparison of Traditional Telephony Security with VoIP. Roy Ford. Agenda. Into to Telephony (Traditional and VoIP) Security Risks Risk Mitigations Conclusions. The Telephone. PBX. Phone Switch. T1 Trunk. Local Loop. Call Setup. SS7 Network. The Telephone.

Download Presentation

A Comparison of Traditional Telephony Security with VoIP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Comparison of Traditional Telephony Security with VoIP Roy Ford

  2. Agenda • Into to Telephony (Traditional and VoIP) • Security Risks • Risk Mitigations • Conclusions

  3. The Telephone PBX Phone Switch T1 Trunk Local Loop Call Setup SS7 Network

  4. The Telephone • Mixture of Analog and Multiplexed digital technology • Centralized switches that provide power and establish circuits between phones • 2 Types of signaling • In-band DTMF signaling at phone • Out-of-band signaling between Switch nodes over the SS7 network

  5. VoIP SIP Servers Gateway LAN Internet PSTN

  6. VoIP • Distributed architecture of Phones, gateways and servers over an IP Network • 2 Protocols used to carry voice and signaling • Real Time Protocol (RTP) carries voice in UDP packets • Session Initialization Protocol (SIP) does call setup

  7. SIP Invite INVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds Max-Forwards: 70 To: Bob <sip:bob@biloxi.com> From: Alice <sip:alice@atlanta.com>;tag=1928301774 Call-ID: a84b4c76e66710@pc33.atlanta.com CSeq: 314159 INVITE Contact: <sip:alice@pc33.atlanta.com> Content-Type: application/sdp Content-Length: 142

  8. SIP Call Setup

  9. Traditional Telephony Risks • Wire Tapping • Toll Fraud • Phone Phreaking • Call Forward All • Caller ID Spoofing & SS7 Security • User Identification

  10. VoIP Risks • Denial of Service • Man in the Middle • Caller ID Spoofing and interception of Call Setup Information • Toll Fraud • User Authentication • Device Web Servers • VoIP Fuzzing

  11. VoIP and Firewalls • VoIP does not like Firewalls • Firewall Techniques • VoIP Aware firewalls • STUN • TURN

  12. Risk Mitigation - Traditional • Physical Security • Physical plant & Access Console • Wire Tap protection • Proper Configuration of Call Forwarding • Toll Fraud • Caller ID Spoofing

  13. Risk Mitigation - VoIP • Segregation of VoIP Traffic • DoS isolation • Encryption • Man in the Middle protection • Server Configuration • Toll Fraud • User Authentication • Device Web Servers • Just Say No • VoIP Fuzzing

  14. Conclusions • Encryption required for VoIP • Infrastructure issues with VoIP and Traditional Telephony Similar • The phone is an attack vector in VoIP

More Related