Voice over IP Security Security best practices derived from deep analysis of the latest VoIP network threats Patrick Park VoIP security issues are becoming increasingly serious because voice networks and services cannot be protected from recent intelligent attacks and fraud by traditional systems such as firewalls and NAT alone. After analyzing threats and recent patterns of attacks and fraud, consideration needs to be given to the redesign of secure VoIP architectures with advanced protocols and intelligent products, such as Session Border Controller (SBC). Another type of security issue is how to implement lawful interception within complicated service architectures according to government requirements. Voice over IP Security focuses on the analysis of current and future threats, the evaluation of security products, the methodologies of protection, and best practices for architecture design and service deployment. This book not only covers technology concepts and issues, but also provides detailed design solutions featuring current products and protocols so that you can deploy a secure VoIP service in the real world with confidence. Voice over IP Security gives you everything you need to understand the latest security threats and design solutions to protect your VoIP network from fraud and security incidents. Patrick Park has been working on product design, network architecture design, testing, and consulting for more than 10 years. Currently Patrick works for Cisco® as a VoIP test engineer focusing on security and interoperability testing of rich media collaboration gateways. Before Patrick joined Cisco, he worked for Covad Communications as a VoIP security engineer focusing on the design and deployment of secure network architectures and lawful interception (CALEA). Patrick graduated from the Pusan National University in South Korea, where he majored in computer engineering. Understand the current and emerging threats to VoIP networks Learn about the security profiles of VoIP protocols, including SIP, H.323, and MGCP Evaluate well-known cryptographic algorithms such as DES, 3DES, AES, RAS, digital signature (DSA), and hash function (MD5, SHA, HMAC) Analyze and simulate threats with negative testing tools Secure VoIP services with SIP and other supplementary protocols Eliminate security issues on the VoIP network border by deploying an SBC Configure enterprise devices, including firewalls, Cisco Unified Communications Manager, Cisco Unified Communications Manager Express, IP phones, and multilayer switches to secure VoIP network traffic Implement lawful interception into VoIP service environments This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged networks, and implement network solutions for increased productivity. Category: Networking–IP Communication Covers: VoIP Security
VoIP (voice over IP) networks are currently being deployed by enterprises, governments, and service providers around the globe. Today, the hottest topic with engineers in the field is how to secure these networks. The book teaches practitioners how to design a highly secure VoIP network, explains Internet security basics, such as attack types and methods, and more.
Communications represent a strategic sector for privacy protection and for personal, company, national and international security. The interception, damage or lost of information during communication can generate material and non material economic damages from both a personal and collective point of view. The purpose of this book is to give the reader information relating to all aspects of communications security, beginning at the base ideas and building to reach the most advanced and updated concepts. The book will be of interest to integrated system designers, telecommunication designers, system engineers, system analysts, security managers, technicians, intelligence personnel, security personnel, police, army, private investigators, scientists, graduate and postgraduate students and anyone that needs to communicate in a secure way.
A Comprehensive Survey of Vulnerabilities and Academic Research
Author: Angelos D. Keromytis
Publisher: Springer Science & Business Media
Voice over IP (VoIP) and Internet Multimedia Subsystem technologies (IMS) are rapidly being adopted by consumers, enterprises, governments and militaries. These technologies offer higher flexibility and more features than traditional telephony (PSTN) infrastructures, as well as the potential for lower cost through equipment consolidation and, for the consumer market, new business models. However, VoIP systems also represent a higher complexity in terms of architecture, protocols and implementation, with a corresponding increase in the potential for misuse. In this book, the authors examine the current state of affairs on VoIP security through a survey of 221 known/disclosed security vulnerabilities in bug-tracking databases. We complement this with a comprehensive survey of the state of the art in VoIP security research that covers 245 papers. Juxtaposing our findings, we identify current areas of risk and deficiencies in research focus. This book should serve as a starting point for understanding the threats and risks in a rapidly evolving set of technologies that are seeing increasing deployment and use. An additional goal is to gain a better understanding of the security landscape with respect to VoIP toward directing future research in this and other similar emerging technologies.
Understanding Voice Over IP Technology provides students with the in-depth knowledge of Voice over IP technology, or making telephone calls over data networks such as the Internet, has now reached the tipping point, and is expected to eventually become the standard telephone technology. The text is flexible enough to be used in the classroom, at home, and in the workplace. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
The Perfect Reference for the Multitasked SysAdmin This is the perfect guide if VoIP engineering is not your specialty. It is the perfect introduction to VoIP security, covering exploit tools and how they can be used against VoIP (Voice over IP) systems. It gives the basics of attack methodologies used against the SIP and H.323 protocols as well as VoIP network infrastructure. * VoIP Isn’t Just Another Data Protocol IP telephony uses the Internet architecture, similar to any other data application. However, from a security administrator’s point of view, VoIP is different. Understand why. * What Functionality Is Gained, Degraded, or Enhanced on a VoIP Network? Find out the issues associated with quality of service, emergency 911 service, and the major benefits of VoIP. * The Security Considerations of Voice Messaging Learn about the types of security attacks you need to protect against within your voice messaging system. * Understand the VoIP Communication Architectures Understand what PSTN is and what it does as well as the H.323 protocol specification, and SIP Functions and features. * The Support Protocols of VoIP Environments Learn the services, features, and security implications of DNS, TFTP, HTTP, SNMP, DHCP, RSVP, SDP, and SKINNY. * Securing the Whole VoIP Infrastructure Learn about Denial-of-Service attacks, VoIP service disruption, call hijacking and interception, H.323-specific attacks, and SIP-specific attacks. * Authorized Access Begins with Authentication Learn the methods of verifying both the user identity and the device identity in order to secure a VoIP network. * Understand Skype Security Skype does not log a history like other VoIP solutions; understand the implications of conducting business over a Skype connection. * Get the Basics of a VoIP Security Policy Use a sample VoIP Security Policy to understand the components of a complete policy. Provides system administrators with hundreds of tips, tricks, and scripts to complete administration tasks more quickly and efficiently Short on theory, history, and technical data that ultimately is not helpful in performing their jobs Avoid the time drains associated with securing VoIP
5th International Conference, ICISS 2009 Kolkata, India, December 14-18, 2009 Proceedings
Author: Atul Prakash
Publisher: Springer Science & Business Media
Category: Business & Economics
This book constitutes the refereed proceedings of the 5th International Conference on Information Systems Security, ICISS 2009, held in Kolkata, India, in December 2009. The 17 revised full papers and 4 short papers, presented together with 4 keynote talks were carefully reviewed and selected from 85 initial submissions. The papers are organized in topical sections on authentication, verification, systems security, behavior analysis, database security, and cryptography.
Voice Over Internet Protocol Security has been designed to help the reader fully understand, prepare for and mediate current security and QoS risks in today’s complex and ever changing converged network environment and it will help you secure your VoIP network whether you are at the planning, implementation, or post-implementation phase of your VoIP infrastructure. * This book will teach you how to plan for and implement VoIP security solutions in converged network infrastructures. Whether you have picked up this book out of curiosity or professional interest . . . it is not too late to read this book and gain a deep understanding of what needs to be done in a VoIP implementation. * In the rush to be first to market or to implement the latest and greatest technology, many current implementations of VoIP infrastructures, both large and small, have been implemented with minimal thought to QoS and almost no thought to security and interoperability.
The focus of this book is on mechanisms that affect the VoIP user satisfaction while not explicitly involved in the media session. The book thus investigates and proposes cross-layer techniques for realizing time-efficient control mechanisms for VoIP.
SSL (secure socket layer) and TLS (Transport Layer Security) are widely deployed security protocols that are used in all kinds of web-based e-commerce and e-business applications and are part of most contemporary security systems available today. This practical book provides a comprehensive introduction to these protocols, offering you a solid understanding of their design. You find discussions on the advantages and disadvantages of using SSL/TLS protocols compared to other Internet security protocols. This authoritative resource shows how to properly employ SSL and TLS and configure security solutions that are based on the use of the SSL/TLS protocols.
Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way "This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies." --Ron Gula, CTO of Tenable Network Security Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks. Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardware Fortify Cisco, Avaya, and Asterisk systems Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation Thwart number harvesting, call pattern tracking, and conversation eavesdropping Measure and maintain VoIP network quality of service and VoIP conversation quality Stop DoS and packet flood-based attacks from disrupting SIP proxies and phones Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks Avoid insertion/mixing of malicious audio Learn about voice SPAM/SPIT and how to prevent it Defend against voice phishing and identity theft scams
This book addresses three important issues in VoIP networks: Quality of Service, pricing and security. In addressing Quality of Service (QoS), it introduces the notion of delay not exceeding an upper limit, termed the bounded delay, to measure the Quality of Service in VoIP networks. Queuing models are introduced to measure performance in terms of bounded delays. Closed form solutions relating the impact of bounding delays on throughput of VoIP traffic are provided. Traffic that exceeds the delay threshold is treated as lost throughput. The results addressed can be used in scaling resources in a VoIP network for different thresholds of acceptable delays. Both single and multiple switching points are addressed. The same notion and analysis are also applied on jitter, another important indicator of the VoIP QoS This book also develops a pricing model based on the Quality of Service provided in VoIP networks. It presents the impact of quality of VoIP service demanded by the customer on the transmission resources required by the network using an analytical approach. In addition, it extends and applies the delay throughput analysis developed for VoIP networks in assessing the impact of risks constituted by a number of transportation channels, where the risk associated with each channel can be quantified by a known distribution. Finally, the book explores areas for future research that can be built on the foundation of research presented.
The only guide to the CISCO Secure Access Control Server, this resource examines the concepts and configuration of the Cisco Secure ACS. Users will learn how to configure a network access server to authenticate, authorize, and account for individual network users that telecommute from an unsecured site into the secure corporate network.
Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a comprehensive, up-to-date reference.
The need for information security management has never been greater. With constantly changing technology, external intrusions, and internal thefts of data, information security officers face threats at every turn. The Information Security Management Handbook on CD-ROM, 2006 Edition is now available. Containing the complete contents of the Information Security Management Handbook, this is a resource that is portable, linked and searchable by keyword. In addition to an electronic version of the most comprehensive resource for information security management, this CD-ROM contains an extra volume's worth of information that is not found anywhere else, including chapters from other security and networking books that have never appeared in the print editions. Exportable text and hard copies are available at the click of a mouse. The Handbook's numerous authors present the ten domains of the Information Security Common Body of Knowledge (CBK) ®. The CD-ROM serves as an everyday reference for information security practitioners and an important tool for any one preparing for the Certified Information System Security Professional (CISSP) ® examination. New content to this Edition: Sensitive/Critical Data Access Controls Role-Based Access Control Smartcards A Guide to Evaluating Tokens Identity Management-Benefits and Challenges An Examination of Firewall Architectures The Five "W's" and Designing a Secure Identity Based Self-Defending Network Maintaining Network Security-Availability via Intelligent Agents PBX Firewalls: Closing the Back Door Voice over WLAN Spam Wars: How to Deal with Junk E-Mail Auditing the Telephony System: Defenses against Communications Security Breaches and Toll Fraud The "Controls" Matrix Information Security Governance
In the digital world, the need to protect communications increases every day. While traditional digital encryption methods are useful, there are many other options for hiding your information. Information Hiding in Speech Signals for Secure Communication provides a number of methods to hide secret speech information using a variety of digital speech coding standards. Professor Zhijun Wu has conducted years of research in the field of speech information hiding, and brings his state-of-the-art techniques to readers of this book, including a mathematical model for information hiding, the core concepts of secure speech communication, the ABS-based information hiding algorithm, and much more. This book shows how to implement a secure speech communication system, including applications to various network security states. Readers will find information hiding algorithms and techniques (embedding and extracting) that are capable of withstanding the advanced forms of attack. The book presents concepts and applications for all of the most widely used speech coding standards, including G.711, G.721, G.728, G.729 and GSM, along with corresponding hiding and extraction algorithms. Readers will also learn how to use a speech covert communication system over an IP network as well as a speech secure communication system applied in PSTN. Presents information hiding theory and the mathematical model used for information hiding in speech. Provides a number of methods to hide secret speech information using the most common digital speech coding standards. A combination of practice and theory enables programmers and system designers not only to implement tried and true encryption procedures, but also to consider probable future developments in their designs.
The real-world guide to securing Cisco-based IP telephony applications, devices, and networks Cisco IP telephony leverages converged networks to dramatically reduce TCO and improve ROI. However, its critical importance to business communications and deep integration with enterprise IP networks make it susceptible to attacks that legacy telecom systems did not face. Now, there’s a comprehensive guide to securing the IP telephony components that ride atop data network infrastructures–and thereby providing IP telephony services that are safer, more resilient, more stable, and more scalable. Securing Cisco IP Telephony Networks provides comprehensive, up-to-date details for securing Cisco IP telephony equipment, underlying infrastructure, and telephony applications. Drawing on ten years of experience, senior network consultant Akhil Behl offers a complete security framework for use in any Cisco IP telephony environment. You’ll find best practices and detailed configuration examples for securing Cisco Unified Communications Manager (CUCM), Cisco Unity/Unity Connection, Cisco Unified Presence, Cisco Voice Gateways, Cisco IP Telephony Endpoints, and many other Cisco IP Telephony applications. The book showcases easy-to-follow Cisco IP Telephony applications and network security-centric examples in every chapter. This guide is invaluable to every technical professional and IT decision-maker concerned with securing Cisco IP telephony networks, including network engineers, administrators, architects, managers, security analysts, IT directors, and consultants. Recognize vulnerabilities caused by IP network integration, as well as VoIP’s unique security requirements Discover how hackers target IP telephony networks and proactively protect against each facet of their attacks Implement a flexible, proven methodology for end-to-end Cisco IP Telephony security Use a layered (defense-in-depth) approach that builds on underlying network security design Secure CUCM, Cisco Unity/Unity Connection, CUPS, CUCM Express, and Cisco Unity Express platforms against internal and external threats Establish physical security, Layer 2 and Layer 3 security, and Cisco ASA-based perimeter security Complete coverage of Cisco IP Telephony encryption and authentication fundamentals Configure Cisco IOS Voice Gateways to help prevent toll fraud and deter attacks Secure Cisco Voice Gatekeepers and Cisco Unified Border Element (CUBE) against rogue endpoints and other attack vectors Secure Cisco IP telephony endpoints–Cisco Unified IP Phones (wired, wireless, and soft phone) from malicious insiders and external threats This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged networks, and implement network solutions for increased productivity.
Voice Over IP (VoIP) phone lines now represent over 50% of all new phone line installations. Every one of these new VoIP phone lines and handsets must now be protected from malicious hackers because these devices now reside on the network and are accessible from the Internet just like any server or workstation. This book will cover a wide variety of the publicly available exploit tools and how they can be used specifically against VoIP (Voice over IP) Telephony systems. The book will cover the attack methodologies that are used against the SIP and H.323 protocols as well as VoIP network infrastructure. Significant emphasis will be placed on both attack and defense techniques. This book is designed to be very hands on and scenario intensive · More VoIP phone lines are being installed every day than traditional PBX phone lines · VoIP is vulnerable to the same range of attacks of any network device · VoIP phones can receive as many Spam voice mails as your e-mail can receive Spam e-mails, and as result must have the same types of anti-spam capabilities
This book responds to the growing need to secure critical infrastructure by creating a starting place for new researchers in secure telecommunications networks. It is the first book to discuss securing current and next generation telecommunications networks by the security community. The book not only discusses emerging threats and systems vulnerability, but also presents the open questions posed by network evolution and defense mechanisms. It is designed for professionals and researchers in telecommunications. The book is also recommended as a secondary text for graduate-level students in computer science and electrical engineering.