Download Voice Over IP and Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Unix security wikipedia , lookup

Information security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Wireless security wikipedia , lookup

Airport security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Security printing wikipedia , lookup

Mobile security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript
Voice Over IP and
Security
By Thao L. Pham
CS 525
5/3/2006
tlpham VOIP/Security
1
What is VoIP?
Inexpensive phone service using the
internet which transforms analog signals
into digital signals for transmission over
the internet.
5/3/2006
tlpham VOIP/Security
2
VoIP call Flow
Analog to Digital
Converter
Data Compression
RTP Packets
UDP Packets
internet
5/3/2006
tlpham VOIP/Security
3
VoIP Components
The IP networks: supports VoIP technology, ensures
smooth transmission and prioritize packets accordingly.
The call processor or controllers: setup calls,
authorize users, calling plans and other basic telephone
features (holding, transferring,etc.)
The media or signaling gateways: call
initiation, detection, analog to digital conversion.
The subscriber terminals: provide real time
communication, can be desk phone or soft phone.
5/3/2006
tlpham VOIP/Security
4
H.323
H.323 (includes H.325 & H.245):
specifies a standardized infrastructure consists
of four major components:
Terminals: provides real time communication
Gateways: placed between circuit-switch network and IP
network.
Gatekeepers: provides call management functions,
address resolution and bandwidth control.
Multipoint Control Units: conferencing multiple
connections.
5/3/2006
tlpham VOIP/Security
5
H.323 Architecture
5/3/2006
tlpham VOIP/Security
6
Session Initiation Protocol
Discussed in another project on
Wednesday
5/3/2006
tlpham VOIP/Security
7
Security Issues
VoIP network be separated from data network:
using logical address and subnet division, virtual
LAN zoning.
ACL, IP filtering and VLAN be implemented
where there need to be a link between data
segment and IP segment.
Implement stateful firewalls: remembers traffic
information in the header when filtering packets
(for dynamic ports application). IP Soft phone
be placed behind stateful firewalls.
Use IPsec tunneling mode : encryption at header
and datagram.
5/3/2006
tlpham VOIP/Security
8
Security Issues (cont)
IPsec AH is incompatible with NAT : address
behind NAT are masked -> Encapsulating IPsec
packet in a new UDP packet.
Use SRTP: offers encryption, authentication and
periodic refreshment of session keys.
Implement strict ACL at gateways.
Implement NAT behind firewalls: issues with
incoming call.


5/3/2006
Application Level Gateway on firewalls -> associate
with overhead.
Middle boxes-> have the same risks as a traditional
box.
tlpham VOIP/Security
9
Conclusion
While VoIP is still maturing, companies are
concerned about quality, latency and
interoperability, many overlook security
issues
If not implemented properly, VoIP could
lead to serious privacy violation and
unwanted solicitation over IP telephones.
5/3/2006
tlpham VOIP/Security
10