Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Voice Over IP and Security
Document related concepts
Unix security wikipedia , lookup
Information security wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Wireless security wikipedia , lookup
Airport security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Security printing wikipedia , lookup
Mobile security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Security-focused operating system wikipedia , lookup
Transcript
Voice Over IP and Security By Thao L. Pham CS 525 5/3/2006 tlpham VOIP/Security 1 What is VoIP? Inexpensive phone service using the internet which transforms analog signals into digital signals for transmission over the internet. 5/3/2006 tlpham VOIP/Security 2 VoIP call Flow Analog to Digital Converter Data Compression RTP Packets UDP Packets internet 5/3/2006 tlpham VOIP/Security 3 VoIP Components The IP networks: supports VoIP technology, ensures smooth transmission and prioritize packets accordingly. The call processor or controllers: setup calls, authorize users, calling plans and other basic telephone features (holding, transferring,etc.) The media or signaling gateways: call initiation, detection, analog to digital conversion. The subscriber terminals: provide real time communication, can be desk phone or soft phone. 5/3/2006 tlpham VOIP/Security 4 H.323 H.323 (includes H.325 & H.245): specifies a standardized infrastructure consists of four major components: Terminals: provides real time communication Gateways: placed between circuit-switch network and IP network. Gatekeepers: provides call management functions, address resolution and bandwidth control. Multipoint Control Units: conferencing multiple connections. 5/3/2006 tlpham VOIP/Security 5 H.323 Architecture 5/3/2006 tlpham VOIP/Security 6 Session Initiation Protocol Discussed in another project on Wednesday 5/3/2006 tlpham VOIP/Security 7 Security Issues VoIP network be separated from data network: using logical address and subnet division, virtual LAN zoning. ACL, IP filtering and VLAN be implemented where there need to be a link between data segment and IP segment. Implement stateful firewalls: remembers traffic information in the header when filtering packets (for dynamic ports application). IP Soft phone be placed behind stateful firewalls. Use IPsec tunneling mode : encryption at header and datagram. 5/3/2006 tlpham VOIP/Security 8 Security Issues (cont) IPsec AH is incompatible with NAT : address behind NAT are masked -> Encapsulating IPsec packet in a new UDP packet. Use SRTP: offers encryption, authentication and periodic refreshment of session keys. Implement strict ACL at gateways. Implement NAT behind firewalls: issues with incoming call. 5/3/2006 Application Level Gateway on firewalls -> associate with overhead. Middle boxes-> have the same risks as a traditional box. tlpham VOIP/Security 9 Conclusion While VoIP is still maturing, companies are concerned about quality, latency and interoperability, many overlook security issues If not implemented properly, VoIP could lead to serious privacy violation and unwanted solicitation over IP telephones. 5/3/2006 tlpham VOIP/Security 10
