Voice over IP Security, Rough Cuts
- By Patrick Park
- Published Aug 12, 2008 by Cisco Press.
Rough Cuts
- Available to Safari Subscribers
- About Rough Cuts
Rough Cuts are manuscripts that are developed but not yet published, available through Safari. Rough Cuts provide you access to the very latest information on a given topic and offer you the opportunity to interact with the author to influence the final publication.
- Copyright 2009
- Dimensions: 7-3/8" x 9-1/8"
- Pages: 384
- Edition: 1st
- Rough Cuts
- ISBN-10: 1-58705-822-7
- ISBN-13: 978-1-58705-822-6
This is a working draft of a pre-release book. It is available before the published date as part of the Rough Cuts service.
Voice over IP Security
Security best practices derived from deep analysis of the latest VoIP network threats
Patrick Park
VoIP security issues are becoming increasingly serious because voice networks and services cannot be protected from recent intelligent attacks and fraud by traditional systems such as firewalls and NAT alone. After analyzing threats and recent patterns of attacks and fraud, consideration needs to be given to the redesign of secure VoIP architectures with advanced protocols and intelligent products, such as Session Border Controller (SBC). Another type of security issue is how to implement lawful interception within complicated service architectures according to government requirements.
Voice over IP Security focuses on the analysis of current and future threats, the evaluation of security products, the methodologies of protection, and best practices for architecture design and service deployment. This book not only covers technology concepts and issues, but also provides detailed design solutions featuring current products and protocols so that you can deploy a secure VoIP service in the real world with confidence.
Voice over IP Security gives you everything you need to understand the latest security threats and design solutions to protect your VoIP network from fraud and security incidents.
Patrick Park has been working on product design, network architecture design, testing, and consulting for more than 10 years. Currently Patrick works for Cisco® as a VoIP test engineer focusing on security and interoperability testing of rich media collaboration gateways. Before Patrick joined Cisco, he worked for Covad Communications as a VoIP security engineer focusing on the design and deployment of secure network architectures and lawful interception (CALEA). Patrick graduated from the Pusan National University in South Korea, where he majored in computer engineering.
Understand the current and emerging threats to VoIP networks
Learn about the security profiles of VoIP protocols, including SIP, H.323, and MGCP
Evaluate well-known cryptographic algorithms such as DES, 3DES, AES, RAS, digital signature (DSA), and hash function (MD5, SHA, HMAC)
Analyze and simulate threats with negative testing tools
Secure VoIP services with SIP and other supplementary protocols
Eliminate security issues on the VoIP network border by deploying an SBC
Configure enterprise devices, including firewalls, Cisco Unified Communications Manager, Cisco Unified Communications Manager Express, IP phones, and multilayer switches to secure VoIP network traffic
Implement lawful interception into VoIP service environments
This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged
networks, and implement network
solutions for increased productivity.
Category: Networking—IP Communication
Table of Contents
Introduction
Part I: VoIP Security Fundamentals 3
Chapter 1: Working with VoIP 5
VoIP Benefits 6
VoIP Disadvantages 8
Sources of Vulnerability 10
IP-Based Network Infrastructure 10
Open or Public Networks 11
Open VoIP Protocol 11
Exposed Interface 11
Real-Time Communications 11
Mobility 11
Lack of Security Features and Devices 11
Voice and Data Integration 12
Vulnerable Components 12
Myths Versus Reality 14
Legacy Versus VoIP Systems 14
Protecting Networks Using Strict Authentication and Encryption 14
Protecting Networks Using a Data Security Infrastructure 15
Summary 15
End Notes 16
References 16
Chapter 2: VoIP Threat Taxonomy 19
Threats Against Availability 20
Call Flooding 20
Malformed Messages (Protocol Fuzzing) 22
Spoofed Messages 24
Call Teardown 25
Toll Fraud 26
Call Hijacking 26
Registration Hijacking 27
Media Session Hijacking 27
Server Impersonating 28
QoS Abuse 29
Threats Against Confidentiality 30
Eavesdropping Media 30
Call Pattern Tracking 32
Data Mining 33
Reconstruction 34
Threats Against Integrity 34
Message Alteration 35
Call Rerouting 35
Call Black Holing 36
Media Alteration 37