Scribd Logo
Upload

Welcome to Scribd!

  • VOIP Security

    Uploaded by

    shaddiebitok
    54 views12 pages
    VOIP Multimedia

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    VOIP Multimedia

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    54 views12 pages

    VOIP Security

    Uploaded by

    shaddiebitok
    VOIP Multimedia

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    Sipera Overview

    Femto-Cell
    Security Requirements
    Sipera Systems

    Internet Transformation
    Todays Internet

    Transactional
    In-band Signaling

    VPN

    E-Commerce

    Enterprises
    Enterprises

    Consumers
    Consumers

    Application

    Capability

    Old Internet

    Collaboration
    Out-band Signaling

    SOA
    Enterprises
    Enterprises

    IMS

    Web 2.0

    Carriers
    Carriers

    Consumers
    Consumers

    OS Focused
    Viral Threats

    State-Full
    Security

    State-less

    Store and Forward

    Protocol Aware
    Domain Aware
    Real-time

    Sipera Systems

    Security Layers
    Apps.

    L6 L7

    End Points

    L4 L6

    Visiting

    L1 L3

    Access

    Home

    Sipera
    Focus

    Standards
    Focus

    Glossary
    End Points
    L1 L3
    Data Store
    Client Space
    Device Management

    Visiting
    Local Data Caching
    Access Aware Policy
    Access
    L1 L3
    QoS
    Aggregation Point

    Sipera Systems

    Home
    Data Store
    Applications Interface
    Service Control Environment
    Foreign Network Peering Points

    Femto-Cell Business Drivers


    Operator business case issues:
    ! Handset Subsidies
    ! Backhaul

    Femto-Cell business case drivers:


    ! Better indoor coverage
    ! Subsidized backhaul (Leverage broadband)
    Connection
    Layer Security

    Application
    Layer Security

    Sipera Systems

    Enablement
    Features

    Real-time IP services
    requires special attention to security
    IMS Offers a large suite of services that can be accessed through Cellular Network as well as via Internet.
    Offering IMS services creates possibilities of zombies attack and hacker attacks .
    Attacks are possible despite subscription authentication & IPSec/TLS encryption.
    PDSN/PDG provides authentication and encryption but
    does not protect against zombie and hacker attacks.

    Call
    Server

    PDG

    IMS core

    PDSN
    DOrA

    CSCF

    Media
    Gateway

    Femto

    GW

    Internet

    Mobile
    Access

    Broadband

    ~ 1/2 Billion
    users

    Protocol fuzzing
    Flood attacks
    Distributed attacks
    Zombies
    Stealth attacks
    Bad guys could be
    IMS SPAM
    customers

    Zombies
    BAD GUYS

    Sipera Systems

    Building a VoIP/SIP Attack


    IPSEC

    SIP
    Server

    PBX

    Registrar

    Media
    Server

    MGW

    Download Tools
    +
    Valid Subscription

    APPs
    Server

    IVR

    MGW

    VoIP/SIP Sniffing Tools

    AuthTool, Cain & Abel, NetDude, Oreka, PSIPDump, SIPomatic, SIPv6 Analyzer,
    VOIPong, VOMIT, Wireshark

    VoIP/SIP Scanning & Enum


    Tools

    enumIAX, iWar, Nessus - SIP-Scan, SIPcrack, SIPSCAN, SiVuS, SMAP,


    VLANping

    VoIP/SIP Packet Creation &


    Flooding Tools

    IAXFlooder, INVITE Flooder, kphone-ddos, RTP Flooder, Scapy, SIPBomber,


    SIPNess, SIPp, SIPsak

    VoIP/SIP Signaling
    Manipulation tools

    BYE Teardown, Phone Rebooter, RedirectionPoison, RegistrationAdder,


    RegistrationEraser, RegistrationHacker, SIP-Kill, SIP-Proxy-Kill, SIP-RedirectRTP

    VoIP Media Manipulation Tools

    RTP InsertSound, RTP MixSound, RTP Proxy

    Sipera Systems

    Unique SIP Application Layer Attacks


    Signaling attacks
    on infrastructure

    SIP

    Signaling attacks
    on end users

    SIP

    Media attacks

    RTP/
    RTCP

    Fuzzing

    >20000

    Misuse/Spoofing

    19

    Fuzzing

    10

    Reconnaissance

    Session Anomalies

    Floods

    Flood

    >60

    Stealth

    Misuse/Spoofing

    Distributed Flood

    >40

    Spam

    Total

    21

    Total

    >20108

    Total

    36

    In 2 years, Sipera VIPER lab has discovered thousands of


    attacks for SIP/UMA/IMS networks
    Proactive approach to finding threats and attacks
    Also create vaccines for previously unidentified threats

    Expertise behind Sipera IPCS products and Sipera LAVA


    tools
    Sipera Systems

    SIP Network Protection Levels


    Un-authorized Firewall DoSData IPS
    Ping to CSCF

    SGW

    Firewall DoS Data IPS

    IPCS

    SIP Core

    ICMP Flood
    TCP Syn Flood
    HTTP Fuzzing

    Valid IPSec
    tunnels

    Microsoft OS Virus
    Legitimate IKE traffic
    Un-authorized Ping to CSCF
    ICMP Flood
    OS Virus

    SIP Core

    SIP Register Flood


    Presence Update with Spoofed IMSI
    RTP Flood
    VCC Subscribe Fuzzing
    Legitimate Traffic
    Stealth Attack
    SIP SPAM

    Sipera Systems

    Femto-cell
    Deployment Model
    VoIP
    Infrastructure
    F/W NAT
    Traversal

    SIP
    AS

    Domain
    Policies

    AAA
    DMZ

    Internal F/W
    Sipera
    IPCS 520

    L4-L7 IPS

    Secure
    Sip
    Trunking

    External F/W
    Femto

    Internet

    Sipera
    IPCS 310

    Femto

    Femto

    Enterprise

    Sipera Systems

    Femto-Cell Integration
    Sipera
    IPCS EMS

    Femto
    Broadband
    AAA

    HSS

    Apps

    Chrg

    Internet Access
    & IP Core
    Out-of-Band
    Network

    Border
    Router

    Sipera IPCS
    (other nodes)

    SIP Server

    Call Server

    SGW

    MGCF
    MRFC
    BGCF
    SGF

    P/S/I CSCF
    SLF/PDF/IBCF

    IMS core
    Sipera
    IPCS

    DOrA

    Mobile
    Access
    &Core

    ABGF
    IBGF

    PDSN

    MGW
    MRFP
    T-MGF

    Media Gateway
    IP-IP GW

    Sipera Systems

    10

    Feature Enablement
    F/W NAT Traversal
    TFTP Config Proxy
    Reverse HTTP Proxy

    AAA server

    VoIP Infrastructure

    DMZ

    3. Authenticate
    incoming user
    Internal
    Firewall
    +NAT

    External
    Firewall
    +NAT

    Wireless Core
    Sipera
    IPCS

    3. Media RTP
    4. Signaling
    over TCP/UDP
    1.

    Static Firewall Channel:


    to enable secure channel
    between two IPCS

    5060 always open


    2. TLS Setup
    Internet
    4. Signaling over TLS
    5. SRTP/ERTP Media

    100 - 1000 media ports


    4. Fingerprint Verification
    DoS/DDoS and Fuzzing Prevention
    Anomaly Detection and Prevention
    Behavior Learning
    Voice SPAM Prevention

    5. Media Anomaly Detection and Prevention

    Sipera Systems

    11

    Sipera Overview

    Company

    Founded in November 2003


    HQ in Richardson, Texas
    Current Headcount: 76
    Experienced management team
    Tier 1 VC Funded

    Pure Security for VoIP, Mobile, Multimedia


    Sipera Systems provides comprehensive, application-layer security to enable
    pervasive, real-time unified communications (VoIP)

    Sipera Systems

    12

    You might also like