Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
An Overview of VoIP Security                                        -Pushhttp://null.co.in/                         http:/...
VoIP…      • Voice over IP      • Transmission of “voice” over packet-switched        (data)networks,      • Voice analog ...
Analog Voice                       Signals                                     101010101010                               ...
Components Involved…      •    Traditional Telephone Networks,      •    Computer Networks,      •    VoIP Hardware,      ...
VoIP Traffic Factors…      •    Latency      •    Jitter      •    Packet Loss      •    Speed / Bandwidth      • QoS….htt...
Protocols used…      •    Vendor Proprietary,      •    SIP      •    H.323      •    RTSP      •    RTPhttp://null.co.in/...
Features                                  SIP and H.323               H.323                                      SIP    Mu...
SIP Call Flowhttp://null.co.in/   http://nullcon.net/
H.323Call Flowhttp://null.co.in/   http://nullcon.net/
H.323Call Flowhttp://null.co.in/   http://nullcon.net/
Attacks Vectors      • Vulnerabilities of both Data and Telephone        Networks      • CIA Triadhttp://null.co.in/      ...
Availability Threats…      •    SIP Bombing      •    Man in the Middle/Call Hijacking      •    Eavesdropping      •    R...
Integrity Threats…      •    Caller Identification spoofing      •    Proxy Impersonation      •    Call Redirection      ...
Confidentiality Threats…      •    Eavesdropping of phone conversation.      •    Unauthorized access attack.      •    De...
Standard Guidelines      •    Separate Infrasrtucture      •    Do not integrate Data and VoIP Networks      •    VoIP-awa...
Thanks you.http://null.co.in/                 http://nullcon.net/
Próxima SlideShare
Cargando en…5
×

Introduction to VoIP Security

3.124 visualizaciones

Publicado el

null Pune Meet March 2012

  • Inicia sesión para ver los comentarios

  • Sé el primero en recomendar esto

Introduction to VoIP Security

  1. 1. An Overview of VoIP Security -Pushhttp://null.co.in/ http://nullcon.net/
  2. 2. VoIP… • Voice over IP • Transmission of “voice” over packet-switched (data)networks, • Voice analog signals are converted to digital bits – “Sampled” • Sampled bits are transmitted into Packetshttp://null.co.in/ http://nullcon.net/
  3. 3. Analog Voice Signals 101010101010 1101101101 101010101010 Analog Voice 1101101101 Signals 101010101010 1101101101 Internet 101010101010 101010101010 1101101101 1101101101http://null.co.in/ http://nullcon.net/
  4. 4. Components Involved… • Traditional Telephone Networks, • Computer Networks, • VoIP Hardware, • Gateways • Proxy Servers • Redirect Servers • VoIP Software, • IDS – IPS - Firewallshttp://null.co.in/ http://nullcon.net/
  5. 5. VoIP Traffic Factors… • Latency • Jitter • Packet Loss • Speed / Bandwidth • QoS….http://null.co.in/ http://nullcon.net/
  6. 6. Protocols used… • Vendor Proprietary, • SIP • H.323 • RTSP • RTPhttp://null.co.in/ http://nullcon.net/
  7. 7. Features SIP and H.323 H.323 SIP Multimedia support Yes No Complexity High Low Reliability Efficint failure handling Inefficint failure handling Message Encoding Supported for narrowband and broadband Supported for broadband Interoperability Yes No Load Balancing Yes No Call signalling 1 RAS message exchange 3 exchange messages Statelessness While direct calling While it is not forking Address resolution Supported not supported Addressing Flexible Only URI type addressing supported Billing Available at gatekeeper Not available Capability Negotiation Good Limited PSTN internetworking Supported not supported Services Through web browser Not through web browser Video and data conferencing Lip synchronization supported. Lip synchronization not supported. Transport protocol Reliable Unreliable Firewall/NAT support Yes No Authentication Via H.235. Via HTTP (Digest and Basic), SSL, PGP, S/MIME. DTMF Carriage Through audio stream No carriagehttp://null.co.in/ http://nullcon.net/
  8. 8. SIP Call Flowhttp://null.co.in/ http://nullcon.net/
  9. 9. H.323Call Flowhttp://null.co.in/ http://nullcon.net/
  10. 10. H.323Call Flowhttp://null.co.in/ http://nullcon.net/
  11. 11. Attacks Vectors • Vulnerabilities of both Data and Telephone Networks • CIA Triadhttp://null.co.in/ http://nullcon.net/
  12. 12. Availability Threats… • SIP Bombing • Man in the Middle/Call Hijacking • Eavesdropping • RTP Insertion attacks • SIP-BYE DoS • Multiple Account Registration with the same namehttp://null.co.in/ http://nullcon.net/
  13. 13. Integrity Threats… • Caller Identification spoofing • Proxy Impersonation • Call Redirection • UDP flooding attack • Registration Removal • Registration Additionhttp://null.co.in/ http://nullcon.net/
  14. 14. Confidentiality Threats… • Eavesdropping of phone conversation. • Unauthorized access attack. • Default passwords. • TOLL FRAUDhttp://null.co.in/ http://nullcon.net/
  15. 15. Standard Guidelines • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLShttp://null.co.in/ http://nullcon.net/
  16. 16. Thanks you.http://null.co.in/ http://nullcon.net/

×