โ Scribed by Park, Patrick
No coin nor oath required. For personal study only.
Voice over IP Security Security best practices derived from deep analysis of the latest VoIP network threats Patrick Park VoIP security issues are becoming increasingly serious because voice networks and services cannot be protected from recent intelligent attacks and fraud by traditional systems such as firewalls and NAT alone. After analyzing threats and recent patterns of attacks and fraud, consideration needs to be given to the redesign of secure VoIP architectures with advanced protocols and intelligent products, such as Session Border Controller (SBC). Another type of security issue is how to implement lawful interception within complicated service architectures according to government requirements. Voice over IP Security focuses on the analysis of current and future threats, the evaluation of security products, the methodologies of protection, and best practices for architecture design and service deployment. This book not only covers technology concepts and issues, but also provides detailed design solutions featuring current products and protocols so that you can deploy a secure VoIP service in the real world with confidence. Voice over IP Security gives you everything you need to understand the latest security threats and design solutions to protect your VoIP network from fraud and security incidents. Patrick Park has been working on product design, network architecture design, testing, and consulting for more than 10 years. Currently Patrick works for Cisco(R) as a VoIP test engineer focusing on security and interoperability testing of rich media collaboration gateways. Before Patrick joined Cisco, he worked for Covad Communications as a VoIP security engineer focusing on the design and deployment of secure network architectures and lawful interception (CALEA). Patrick graduated from the Pusan National University in South Korea, where he majored in computer engineering. Understand the current and emerging threats to VoIP networksLearn about the security profiles of VoIP protocols, including SIP, H.323, and MGCPEvaluate well-known cryptographic algorithms such as DES, 3DES, AES, RAS, digital signature (DSA), and hash function (MD5, SHA, HMAC)Analyze and simulate threats with negative testing toolsSecure VoIP services with SIP and other supplementary protocolsEliminate security issues on the VoIP network border by deploying an SBCConfigure enterprise devices, including firewalls, Cisco Unified Communications Manager, Cisco Unified Communications Manager Express, IP phones, and multilayer switches to secure VoIP network trafficImplement lawful interception into VoIP service environments This IP communications book is part of the Cisco Press(R) Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged networks, and implement network solutions for increased productivity. Category: Networking--IP CommunicationCovers: VoIP Security
Contents......Page 8
Introduction......Page 18
Part I: VoIP Security Fundamentals......Page 22
Chapter 1 Working with VoIP......Page 24
VoIP Benefits......Page 25
VoIP Disadvantages......Page 27
Sources of Vulnerability......Page 29
Vulnerable Components......Page 31
Myths Versus Reality......Page 33
Summary......Page 34
References......Page 35
Chapter 2 VoIP Threat Taxonomy......Page 38
Threats Against Availability......Page 39
Threats Against Confidentiality......Page 49
Threats Against Integrity......Page 53
Threats Against Social Context......Page 57
Summary......Page 62
References......Page 63
Chapter 3 Security Profiles in VoIP Protocols......Page 66
H.323......Page 67
SIP......Page 76
MGCP......Page 93
Summary......Page 97
End Notes......Page 98
References......Page 99
Chapter 4 Cryptography......Page 102
Symmetric (Private) Key Cryptography......Page 103
Asymmetric (Public) Key Cryptography......Page 111
Hashing......Page 115
Key Management......Page 119
Summary......Page 122
References......Page 123
Chapter 5 VoIP Network Elements......Page 126
Security Devices......Page 127
Service Devices......Page 135
Summary......Page 139
End Notes......Page 140
References......Page 141
Part II: VoIP Security Best Practices......Page 144
Chapter 6 Analysis and Simulation of Current Threats......Page 146
Denial of Service......Page 147
Malformed Messages......Page 162
Sniffing/Eavesdropping......Page 173
Spoofing/Identity Theft......Page 181
VoIP Spam......Page 184
Summary......Page 191
References......Page 192
Authentication......Page 194
Encryption......Page 201
Transport and Network Layer Security......Page 212
Threat Model and Prevention......Page 214
Limitations......Page 217
End Notes......Page 219
References......Page 220
Chapter 8 Protection with Session Border Controller......Page 222
Border Issues......Page 223
SBC Functionality......Page 227
Service Architecture Design......Page 247
Summary......Page 264
References......Page 265
Firewall......Page 268
Unified Communications Manager Express......Page 278
Unified Communications Manager......Page 286
Access Devices......Page 296
Summary......Page 305
References......Page 306
Part III: Lawful Interception (CALEA)......Page 308
Chapter 10 Lawful Interception Fundamentals......Page 310
Definition and Background......Page 311
Requirements from Law Enforcement Agents......Page 312
Reference Model from an Architectural Perspective......Page 313
Request and Response Interfaces......Page 316
Operational Considerations......Page 319
Summary......Page 323
End Notes......Page 324
Chapter 11 Lawful Interception Implementation......Page 326
Intercept Request Interface......Page 327
Call Data and Content Connection Interfaces......Page 348
Interface Between MD and LEA......Page 358
Summary......Page 360
References......Page 361
A......Page 364
C......Page 365
D......Page 367
E......Page 368
G......Page 369
I......Page 370
L......Page 371
M......Page 372
P......Page 373
R......Page 375
S......Page 376
T......Page 378
U......Page 379
Z......Page 380
๐ SIMILAR VOLUMES
Voice over IP Security ย Security best practices derived from deep analysis of the latest VoIP network threats ย Patrick Park ย VoIP security issues are becoming increasingly serious because voice networks and services cannot be protected from recent intelligent attacks and fraud by traditiona
Showing you how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems, this book covers all hardware-specific and network-centered security issues as well as countermeasures and implementation techniques.
Presents the answers to configuration and troubleshooting problems, both basic and advanced concepts. Designed to get your voice over IP networks up and running. DLC: Internet telephony.