Voice over IP Security, Rough Cuts

Rough Cuts

  • Available to Safari Subscribers
  • About Rough Cuts

    • Rough Cuts are manuscripts that are developed but not yet published, available through Safari. Rough Cuts provide you access to the very latest information on a given topic and offer you the opportunity to interact with the author to influence the final publication.

Not for Sale
  • Description
  • Sample Content
  • Updates
  • Copyright 2009
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 384
  • Edition: 1st
  • Rough Cuts
  • ISBN-10: 1-58705-822-7
  • ISBN-13: 978-1-58705-822-6

This is a working draft of a pre-release book. It is available before the published date as part of the Rough Cuts service.

Voice over IP Security

Security best practices derived from deep analysis of the latest VoIP network threats

Patrick Park

VoIP security issues are becoming increasingly serious because voice networks and services cannot be protected from recent intelligent attacks and fraud by traditional systems such as firewalls and NAT alone. After analyzing threats and recent patterns of attacks and fraud, consideration needs to be given to the redesign of secure VoIP architectures with advanced protocols and intelligent products, such as Session Border Controller (SBC). Another type of security issue is how to implement lawful interception within complicated service architectures according to government requirements.

Voice over IP Security focuses on the analysis of current and future threats, the evaluation of security products, the methodologies of protection, and best practices for architecture design and service deployment. This book not only covers technology concepts and issues, but also provides detailed design solutions featuring current products and protocols so that you can deploy a secure VoIP service in the real world with confidence.

Voice over IP Security gives you everything you need to understand the latest security threats and design solutions to protect your VoIP network from fraud and security incidents.

Patrick Park has been working on product design, network architecture design, testing, and consulting for more than 10 years. Currently Patrick works for Cisco® as a VoIP test engineer focusing on security and interoperability testing of rich media collaboration gateways. Before Patrick joined Cisco, he worked for Covad Communications as a VoIP security engineer focusing on the design and deployment of secure network architectures and lawful interception (CALEA). Patrick graduated from the Pusan National University in South Korea, where he majored in computer engineering.

Understand the current and emerging threats to VoIP networks

Learn about the security profiles of VoIP protocols, including SIP, H.323, and MGCP

Evaluate well-known cryptographic algorithms such as DES, 3DES, AES, RAS, digital signature (DSA), and hash function (MD5, SHA, HMAC)

Analyze and simulate threats with negative testing tools

Secure VoIP services with SIP and other supplementary protocols

Eliminate security issues on the VoIP network border by deploying an SBC

Configure enterprise devices, including firewalls, Cisco Unified Communications Manager, Cisco Unified Communications Manager Express, IP phones, and multilayer switches to secure VoIP network traffic

Implement lawful interception into VoIP service environments

This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged

networks, and implement network

solutions for increased productivity.

Category: Networking—IP Communication

Table of Contents

Introduction

Part I: VoIP Security Fundamentals 3

Chapter 1: Working with VoIP 5

    VoIP Benefits 6

    VoIP Disadvantages 8

    Sources of Vulnerability 10

        IP-Based Network Infrastructure 10

        Open or Public Networks 11

        Open VoIP Protocol 11

        Exposed Interface 11

        Real-Time Communications 11

        Mobility 11

        Lack of Security Features and Devices 11

        Voice and Data Integration 12

    Vulnerable Components 12

    Myths Versus Reality 14

        Legacy Versus VoIP Systems 14

        Protecting Networks Using Strict Authentication and Encryption 14

        Protecting Networks Using a Data Security Infrastructure 15

    Summary 15

    End Notes 16

    References 16

Chapter 2: VoIP Threat Taxonomy 19

    Threats Against Availability 20

        Call Flooding 20

        Malformed Messages (Protocol Fuzzing) 22

        Spoofed Messages 24

            Call Teardown 25

            Toll Fraud 26

        Call Hijacking 26

            Registration Hijacking 27

            Media Session Hijacking 27

            Server Impersonating 28

        QoS Abuse 29

    Threats Against Confidentiality 30

        Eavesdropping Media 30

        Call Pattern Tracking 32

        Data Mining 33

        Reconstruction 34

    Threats Against Integrity 34

        Message Alteration 35

            Call Rerouting 35

            Call Black Holing 36

        Media Alteration 37