SlideShare a Scribd company logo

VoIP Security

D
Dayanand Prabhakar

This presentation describes the summary of VoIP infrastructure and related vulnerabilities and security concerns.

Technology
1 of 22
VoIP(Voice over IP) Security Dayanand Prabhakar
Project scope • Understanding VoIP • Threat profiling of VoIP application • Develop the test case and Methodologies to test VoIP application • Sample testing of one VoIP application and report presentation • Mitigation strategies • Conclusion
What is VoIP?  Routingof voice conversations over the Internet or through any other IP-based network.
Benefits  VoIP enables convergence of data, voice, and video onto single network.  Attractive opportunities – Reducing costs – Reducing complexities – Enabling progressive business gains
VoIP implementations  Business-grade VoIP telephony – Designed specifically for business grade usage  Softphones – X-lite, 3cx , Express Talk  Instant Messaging voice services – Application such as AIM, MSN, Apple iChat offer ‘voice chat’ functionality  Mobile VoIP – Requires mobile telephone with 3G or wireless connectivity – Using a mobile version of a Softphone mobile devices and telephones are capable of offering VoIP services  VoIP handsets – Requires a VoIP handset from the service provider – Offer call functionality and services similar of typical PSTN services
Protocols  Signaling Protocol – Create, modify, and terminate sessions with participants – Conferences – Proxies – Authentication  Transport /Carrier Protocol – Manages the actual voice data
Protocols  Session Initiation Protocol (SIP) – Signaling protocol – Session Initiation Protocol – Application layer control protocol for initiating VOIP sessions – Currently most favored protocol for new systems
Protocols  H.323 – One of the earliest sets of VoIP standards by ITU-T – Handles voice, video and data conferencing – Some limitations, but most VoIP traffic utilizes this today  Real-time Transport Protocol (RTP) – Used for media transfer by other protocols – Fast, scalable and efficient – RTP uses UDP
Most Common VOIP Security Mistakes 1. Treating VOIP security the same way as Network security 2. Not treating VOIP security the same way as Network security How it’s the Same How it’s Different • Uses mostly the same • Some unique protocols protocols • Traditional Security devices • Uses mostly the same (Firewalls can disrupt service) Operating Systems • People treat it like the old phone • Many of the same system threats
Complexities in VOIP Architecture
Voice over IP Threats Threats are categorized into following parameters.  Threats against availability  Threats against confidentiality  Threats against integrity  Threats against social context
Voice over IP Threats Against Availability Against Confidentiality  Call flooding  Eavesdropping  Toll Fraud  Call pattern Tracking  Call hijacking  Reconstruction  Fuzzing  TDOS
Voice over IP Threats Against Integrity Against Social context  Message  Misrepresentation Alteration  Call SPIT (Spam over  Call Rerouting Internet Telephony )  Media Alteration  Vising
What are the Threat Vectors?  OS Exploits  Signaling Attacks  Endpoint Admin Privilege Exploits  Real Time Protocol (RTP) Attacks  DoS Attacks  IP PBX &Telephony Server Exploits
Specialized Hacking Tools  BackTrack Penetration Testing Distribution – www.backtrack-linux.org/  Wireshark (http://www.wireshark.org) – Packet Sniffer  Cain and Abel (http://www.oxid.it) – Password cracker – ARP spoofing – RTP Playback  SiVuS (http://www.vopsecurity.org/html/tools.html) – VoIP Vulnerability Scanner – General Purpose VoIP packet generation, spoofing, testing tool.
Attack on VoIP
Mitigation Strategies  Create VOIP Specific Security Policies  Segmentation as appropriate – Utilize separate VLANs for voice and data  Device Hardening – Do not use default passwords – Turn off unnecessary services – Apply vendor supplied patches in a timely manner – Perform vendor installation security checklist to harden applications  Pay attention to Security Risk Assessments and planning against the VOIP infrastructure
Key Mitigation Strategies  Apply Encryption where possible  Use tools to test the network  Utilize VoIP aware Firewalls, Intrusion Prevention Systems  Continue to protect against traditional system attacks (Toll Fraud, Modem Security, Social Networking Attacks & etc.)  Avoid Single point of failure
Conclusion  VoIP is established as the future of telephones  Security is critical when designing, implementing and maintaining VoIP systems  VoIP technology should there by provide a balance between security and business needs .
References  VOIPSA – http://www.voipsa.org/  The VOIP Dilemma SANS Institute – http://www.sans.org/rr/whitepapers/voip/1452.php  NIST - Security Considerations for Voice Over IP Systems, – http://csrc.nist.gov/publications/nistpubs/800- 58/SP800-58-final.pdf  IP Telephony & VoIP: Security technical implementation guide – http://csrc.nist.gov/pcig/STIGs/VoIP-STIG-V2R2.pdf
THANK YOU Dayanand Prabhakar

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway stefansayer
 
VOIP BASIC
VOIP BASICVOIP BASIC
VOIP BASICdhara patel
 
voice over internet protocol
voice over internet protocol voice over internet protocol
voice over internet protocol jomin mathew
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)habib_786
 
Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Namra Afzal
 
Voip
VoipVoip
VoipYasin Virani
 
Voice-over-Internet Protocol (VoIP) ppt
Voice-over-Internet Protocol (VoIP) pptVoice-over-Internet Protocol (VoIP) ppt
Voice-over-Internet Protocol (VoIP) pptOECLIB Odisha Electronics Control Library
 

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway stefansayer
 
VOIP BASIC
VOIP BASICVOIP BASIC
VOIP BASICdhara patel
 
voice over internet protocol
voice over internet protocol voice over internet protocol
voice over internet protocol jomin mathew
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)habib_786
 
Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Namra Afzal
 
Voip
VoipVoip
VoipYasin Virani
 
Voice-over-Internet Protocol (VoIP) ppt
Voice-over-Internet Protocol (VoIP) pptVoice-over-Internet Protocol (VoIP) ppt
Voice-over-Internet Protocol (VoIP) pptOECLIB Odisha Electronics Control Library
 
Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatilsMostain Billah
 
VOIP
VOIPVOIP
VOIPGruppo Banca Sella
 
Voip
VoipVoip
VoipMuhammad Hamza
 
Channel coding
Channel coding Channel coding
Channel coding Ola Mashaqi @ an-najah national university
 
Voip
Voip Voip
Voip daksh bhatt
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocolSanthosh Somu
 
Wi fi technology
Wi fi technologyWi fi technology
Wi fi technologyHimanshu Shakyawar
 
Subnetting
SubnettingSubnetting
SubnettingGichelle Amon
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
internet protocols
internet protocolsinternet protocols
internet protocolsCLIFFORD BRANDES
 
Gatekeeper
GatekeeperGatekeeper
GatekeeperVNG
 
Chap 1&2(history and intro) wireless communication
Chap 1&2(history and intro) wireless communicationChap 1&2(history and intro) wireless communication
Chap 1&2(history and intro) wireless communicationasadkhan1327
 
Public Switched Telephone Network
Public Switched Telephone NetworkPublic Switched Telephone Network
Public Switched Telephone NetworkHaither Mithath
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIPPaloSanto Solutions
 
H261
H261H261
H261Videoguy
 
Mimo dr. morsi
Mimo dr. morsiMimo dr. morsi
Mimo dr. morsiTarek Nader
 
Wireless communication ppt by dinesh
Wireless communication ppt by dineshWireless communication ppt by dinesh
Wireless communication ppt by dineshDINESH TAMBE
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Multimedia networking
Multimedia networkingMultimedia networking
Multimedia networkingDr. Hamdan Al-Sabri
 
Chapter 6 - Multimedia Over Ip
Chapter 6 - Multimedia Over IpChapter 6 - Multimedia Over Ip
Chapter 6 - Multimedia Over IpPratik Pradhan
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
VOIP security
VOIP securityVOIP security
VOIP securityRohit Gurjar
 

More Related Content

What's hot

Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatilsMostain Billah
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocolSanthosh Somu
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Gatekeeper
GatekeeperGatekeeper
GatekeeperVNG
 
Chap 1&2(history and intro) wireless communication
Chap 1&2(history and intro) wireless communicationChap 1&2(history and intro) wireless communication
Chap 1&2(history and intro) wireless communicationasadkhan1327
 
Public Switched Telephone Network
Public Switched Telephone NetworkPublic Switched Telephone Network
Public Switched Telephone NetworkHaither Mithath
 
Wireless communication ppt by dinesh
Wireless communication ppt by dineshWireless communication ppt by dinesh
Wireless communication ppt by dineshDINESH TAMBE
 
Chapter 6 - Multimedia Over Ip
Chapter 6 - Multimedia Over IpChapter 6 - Multimedia Over Ip
Chapter 6 - Multimedia Over IpPratik Pradhan
 

What's hot (20)

Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatils
 
VOIP
VOIPVOIP
VOIP
 
Voip
VoipVoip
Voip
 
Channel coding
Channel coding Channel coding
Channel coding
 
Voip
Voip Voip
Voip
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocol
 
Wi fi technology
Wi fi technologyWi fi technology
Wi fi technology
 
Subnetting
SubnettingSubnetting
Subnetting
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
 
internet protocols
internet protocolsinternet protocols
internet protocols
 
Gatekeeper
GatekeeperGatekeeper
Gatekeeper
 
Chap 1&2(history and intro) wireless communication
Chap 1&2(history and intro) wireless communicationChap 1&2(history and intro) wireless communication
Chap 1&2(history and intro) wireless communication
 
Public Switched Telephone Network
Public Switched Telephone NetworkPublic Switched Telephone Network
Public Switched Telephone Network
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIP
 
H261
H261H261
H261
 
Mimo dr. morsi
Mimo dr. morsiMimo dr. morsi
Mimo dr. morsi
 
Wireless communication ppt by dinesh
Wireless communication ppt by dineshWireless communication ppt by dinesh
Wireless communication ppt by dinesh
 
802.1x
802.1x802.1x
802.1x
 
Multimedia networking
Multimedia networkingMultimedia networking
Multimedia networking
 
Chapter 6 - Multimedia Over Ip
Chapter 6 - Multimedia Over IpChapter 6 - Multimedia Over Ip
Chapter 6 - Multimedia Over Ip
 

Viewers also liked

Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)Peter R. Egli
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpointGW1992
 
VOICE OVER INTERNET PROTOCOL
VOICE OVER INTERNET PROTOCOLVOICE OVER INTERNET PROTOCOL
VOICE OVER INTERNET PROTOCOLRajan Kumar
 
Voice Over IP (VoIP) and STREAMING
Voice Over IP (VoIP) and STREAMINGVoice Over IP (VoIP) and STREAMING
Voice Over IP (VoIP) and STREAMINGRagheb Gmira
 
VoIP Security for Dummies
VoIP Security for DummiesVoIP Security for Dummies
VoIP Security for DummiesAvaya Inc.
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
Voip introduction
Voip introductionVoip introduction
Voip introductiondaksh bhatt
 
Our Internet Connection
Our Internet ConnectionOur Internet Connection
Our Internet ConnectionCSaC
 
QoS and QoE Aspects of Digital Financial Services
QoS and QoE Aspects of Digital Financial ServicesQoS and QoE Aspects of Digital Financial Services
QoS and QoE Aspects of Digital Financial ServicesITU
 
IPTV QoE Monitoring
IPTV QoE MonitoringIPTV QoE Monitoring
IPTV QoE MonitoringYoss Cohen
 
Voice and Video over IP Communications: Assessing and Improving User Experience
Voice and Video over IP Communications: Assessing and Improving User ExperienceVoice and Video over IP Communications: Assessing and Improving User Experience
Voice and Video over IP Communications: Assessing and Improving User ExperienceRADVISION Ltd.
 

Viewers also liked (17)

VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacks
 
VOIP security
VOIP securityVOIP security
VOIP security
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problems
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpoint
 
VOICE OVER INTERNET PROTOCOL
VOICE OVER INTERNET PROTOCOLVOICE OVER INTERNET PROTOCOL
VOICE OVER INTERNET PROTOCOL
 
Voice Over IP (VoIP) and STREAMING
Voice Over IP (VoIP) and STREAMINGVoice Over IP (VoIP) and STREAMING
Voice Over IP (VoIP) and STREAMING
 
VoIP Security for Dummies
VoIP Security for DummiesVoIP Security for Dummies
VoIP Security for Dummies
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
 
Voip introduction
Voip introductionVoip introduction
Voip introduction
 
Our Internet Connection
Our Internet ConnectionOur Internet Connection
Our Internet Connection
 
QoS and QoE Aspects of Digital Financial Services
QoS and QoE Aspects of Digital Financial ServicesQoS and QoE Aspects of Digital Financial Services
QoS and QoE Aspects of Digital Financial Services
 
IPTV QoE Monitoring
IPTV QoE MonitoringIPTV QoE Monitoring
IPTV QoE Monitoring
 
Voice over IP in Changing Times
Voice over IP in Changing TimesVoice over IP in Changing Times
Voice over IP in Changing Times
 
Voice and Video over IP Communications: Assessing and Improving User Experience
Voice and Video over IP Communications: Assessing and Improving User ExperienceVoice and Video over IP Communications: Assessing and Improving User Experience
Voice and Video over IP Communications: Assessing and Improving User Experience
 

Similar to VoIP Security

Voippresentation
VoippresentationVoippresentation
Voippresentationeliran2
 
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056mashiur
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
Voice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A ResearchVoice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A ResearchIJMER
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)Abdullah Shah
 
Netas Nova Cyber Security Product Family
Netas Nova Cyber Security Product FamilyNetas Nova Cyber Security Product Family
Netas Nova Cyber Security Product FamilyCagdas Tanriover
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPSean Flores
 
Raisul Haq Rajib (063435056)
Raisul Haq Rajib (063435056)Raisul Haq Rajib (063435056)
Raisul Haq Rajib (063435056)mashiur
 
Case study about voip
Case study about voipCase study about voip
Case study about voipelmudthir
 
Review of SIP based DoS attacks
Review of SIP based DoS attacksReview of SIP based DoS attacks
Review of SIP based DoS attacksEditor IJCATR
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxronak56
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxdaniahendric
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxmakdul
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51martinvoelk
 
VoIP (Voice over Internet Protocol).pdf
VoIP (Voice over Internet Protocol).pdfVoIP (Voice over Internet Protocol).pdf
VoIP (Voice over Internet Protocol).pdfOkan YILDIZ
 

Similar to VoIP Security (20)

Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
Voice over IP
Voice over IPVoice over IP
Voice over IP
 
Voippresentation
VoippresentationVoippresentation
Voippresentation
 
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
 
Voice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A ResearchVoice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A Research
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/Secuirty
 
VoIP Research Paper
VoIP Research PaperVoIP Research Paper
VoIP Research Paper
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)
 
Netas Nova Cyber Security Product Family
Netas Nova Cyber Security Product FamilyNetas Nova Cyber Security Product Family
Netas Nova Cyber Security Product Family
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
 
Raisul Haq Rajib (063435056)
Raisul Haq Rajib (063435056)Raisul Haq Rajib (063435056)
Raisul Haq Rajib (063435056)
 
How does VOIP work diagram
How does VOIP work diagramHow does VOIP work diagram
How does VOIP work diagram
 
Case study about voip
Case study about voipCase study about voip
Case study about voip
 
Review of SIP based DoS attacks
Review of SIP based DoS attacksReview of SIP based DoS attacks
Review of SIP based DoS attacks
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51
 
VoIP (Voice over Internet Protocol).pdf
VoIP (Voice over Internet Protocol).pdfVoIP (Voice over Internet Protocol).pdf
VoIP (Voice over Internet Protocol).pdf
 

Recently uploaded

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

VoIP Security

  • 1. VoIP(Voice over IP) Security Dayanand Prabhakar
  • 2. Project scope • Understanding VoIP • Threat profiling of VoIP application • Develop the test case and Methodologies to test VoIP application • Sample testing of one VoIP application and report presentation • Mitigation strategies • Conclusion
  • 3. What is VoIP?  Routingof voice conversations over the Internet or through any other IP-based network.
  • 4. Benefits  VoIP enables convergence of data, voice, and video onto single network.  Attractive opportunities – Reducing costs – Reducing complexities – Enabling progressive business gains
  • 5. VoIP implementations  Business-grade VoIP telephony – Designed specifically for business grade usage  Softphones – X-lite, 3cx , Express Talk  Instant Messaging voice services – Application such as AIM, MSN, Apple iChat offer ‘voice chat’ functionality  Mobile VoIP – Requires mobile telephone with 3G or wireless connectivity – Using a mobile version of a Softphone mobile devices and telephones are capable of offering VoIP services  VoIP handsets – Requires a VoIP handset from the service provider – Offer call functionality and services similar of typical PSTN services
  • 6. Protocols  Signaling Protocol – Create, modify, and terminate sessions with participants – Conferences – Proxies – Authentication  Transport /Carrier Protocol – Manages the actual voice data
  • 7. Protocols  Session Initiation Protocol (SIP) – Signaling protocol – Session Initiation Protocol – Application layer control protocol for initiating VOIP sessions – Currently most favored protocol for new systems
  • 8. Protocols  H.323 – One of the earliest sets of VoIP standards by ITU-T – Handles voice, video and data conferencing – Some limitations, but most VoIP traffic utilizes this today  Real-time Transport Protocol (RTP) – Used for media transfer by other protocols – Fast, scalable and efficient – RTP uses UDP
  • 9. Most Common VOIP Security Mistakes 1. Treating VOIP security the same way as Network security 2. Not treating VOIP security the same way as Network security How it’s the Same How it’s Different • Uses mostly the same • Some unique protocols protocols • Traditional Security devices • Uses mostly the same (Firewalls can disrupt service) Operating Systems • People treat it like the old phone • Many of the same system threats
  • 11. Voice over IP Threats Threats are categorized into following parameters.  Threats against availability  Threats against confidentiality  Threats against integrity  Threats against social context
  • 12. Voice over IP Threats Against Availability Against Confidentiality  Call flooding  Eavesdropping  Toll Fraud  Call pattern Tracking  Call hijacking  Reconstruction  Fuzzing  TDOS
  • 13. Voice over IP Threats Against Integrity Against Social context  Message  Misrepresentation Alteration  Call SPIT (Spam over  Call Rerouting Internet Telephony )  Media Alteration  Vising
  • 14. What are the Threat Vectors?  OS Exploits  Signaling Attacks  Endpoint Admin Privilege Exploits  Real Time Protocol (RTP) Attacks  DoS Attacks  IP PBX &Telephony Server Exploits
  • 15. Specialized Hacking Tools  BackTrack Penetration Testing Distribution – www.backtrack-linux.org/  Wireshark (http://www.wireshark.org) – Packet Sniffer  Cain and Abel (http://www.oxid.it) – Password cracker – ARP spoofing – RTP Playback  SiVuS (http://www.vopsecurity.org/html/tools.html) – VoIP Vulnerability Scanner – General Purpose VoIP packet generation, spoofing, testing tool.
  • 17.
  • 18. Mitigation Strategies  Create VOIP Specific Security Policies  Segmentation as appropriate – Utilize separate VLANs for voice and data  Device Hardening – Do not use default passwords – Turn off unnecessary services – Apply vendor supplied patches in a timely manner – Perform vendor installation security checklist to harden applications  Pay attention to Security Risk Assessments and planning against the VOIP infrastructure
  • 19. Key Mitigation Strategies  Apply Encryption where possible  Use tools to test the network  Utilize VoIP aware Firewalls, Intrusion Prevention Systems  Continue to protect against traditional system attacks (Toll Fraud, Modem Security, Social Networking Attacks & etc.)  Avoid Single point of failure
  • 20. Conclusion  VoIP is established as the future of telephones  Security is critical when designing, implementing and maintaining VoIP systems  VoIP technology should there by provide a balance between security and business needs .
  • 21. References  VOIPSA – http://www.voipsa.org/  The VOIP Dilemma SANS Institute – http://www.sans.org/rr/whitepapers/voip/1452.php  NIST - Security Considerations for Voice Over IP Systems, – http://csrc.nist.gov/publications/nistpubs/800- 58/SP800-58-final.pdf  IP Telephony & VoIP: Security technical implementation guide – http://csrc.nist.gov/pcig/STIGs/VoIP-STIG-V2R2.pdf
  • 22. THANK YOU Dayanand Prabhakar