VOIP - Securing Voice Over Internet Protocol (VoIP)

Summary

This in-depth training class is designed to provide the attendee a detailed technical perspective on VoIP Security and its underlying technology enablers with specifics on how to properly mitigate your security risk. Common VoIP attacks will be documented and countermeasures provided. All technical aspects of VoIP security including threats and vulnerabilities and protection mechanisms to secure signalling and media will be covered. Taking this course will enable you to build the solid foundation necessary to intelligently discuss and understand VoIP technologies.

Duration

5 days

Audience

This vendor-neutral course is suited to IT staff members responsible for securing networks. This course is for IT Managers, Network Engineers, Telecom Managers, Convergence Engineers, Security Managers, IT Auditors, Technical Project Managers, Security Engineers, Security Administrators, Telecom Technicians, or any technical professional working with or planning to work with IP Telephony and/or VoIP.

Prerequisites

We build on basic knowledge of IP and carrier services in this course, so a working knowledge of telecommunications and data networking basics is desirable. Our “TCP/IP: Fundamentals” course is highly recommended.

Course Objectives

• Upon completion of this course the student will be able to:
• Learn “Voice over IP” - what is does, and how it works
• Understand IP-Telephony and Converged Network Security
• Learn the VoIP Security issues
• Identify VoIP Security Features
• Examine VoIP best practices to support risk mitigation
• Understand the threats and security holes with VoIP call control protocols H.323, SIP, and MGCP
• Understand TCP/IP, SIP, MPLS and other key enablers  

Student Materials

The student kit includes a comprehensive workbook and other necessary materials for this class.

Course Outline

VoIP Network Security Design

This section focuses on best practices and design guidelines to maintain QoS while ensuring IP Telephony network security.

• Voice Network Designs
• Service Provider Voice Network Designs
• VPN (Virtual Private Networks) and VoIP
• VON (Voice over network)
• Internet voice over IP

IP Telephony & Converged Network Security Issues

In this section, you will get an overview of the most common types of attacks in any IP network, and will focus on those attacks that significantly impact an IP Telephony network.

Sources of attacks

• Internal
• External
• All Networks (Especially VOIP) are targets
• Types of attacks
• Denial of Service (DOS)
• TCP/IP insecurity
• Eavesdropping
• Sniffing/Snooping/Wiretapping

Tools of the Trade

• Sniffer Pro
• Etherpeek
• Packet Spoofing
• Replay
• Message Integrity
• Phreaking
• Management Tools
• Best Practices

IP Telephony Operating System Level Security

This section explores the specific issues with the applications that drive IP Telephony networks and the proper designs to mitigate the effects of attacks.

• Authentication
• Operating System Security
• Key Services and Protocols
• DNS
• Active Directory
• IIS
• DHCP
• Secure Telnet
• SNMP
• Terminal Services

Network Access Security

This section reviews Network Access including how Network Access security impacts QoS in VoIP and what your trade-offs are with regard to service and performance against security.

VoIP Requirements

• Stateful Firewalls
• Proxy Servers
• Soft Phones
• Unified Messaging
• Signalling vs. Payload
• NAT
• Full Cone NAT
• Restricted Cone NAT
• Port Restricted Cone
• Symmetric NAT
• Issues with Firewalls & NAT
• Dynamic Port Assignment
• VoIP Issues with Firewalls & NAT
• Call Setup
• Media Stream
• Latency
• Application Level Gateways
• Proxy Servers
• Placement of Proxy Servers
• Overcoming NAT Issues
• STUN
• TURN
• ICE  

IP Telephony Application Security

This section provides you with information on potential attacks that may be waged against your IP Telephony Applications.
Vendor IP PBX Security

• Toll Fraud (Phone Phreaking)
• Physical Security
• Access Security
• User Security (Identity Spoofing)
• Administrative Access 

Physical Security

This section deals with general hardware access security-related issues, objectives, and examples.

• Hardware Access
• Biometrics and other security measures
• Human Engineering / Social Engineering

Protocol Security

This section delves into the protocols that are common in an IP Telephony network. Special care will be given to each protocol’s security-related issues and appropriate configurations to reduce risks.

• H.323
• Architecture
• Gatekeeper
• Gateways
• MCU
• Endpoints
• Operation (Diagram a VoIP)
• Protocols
• H.225
• H.245
• RAS
• Q.931
• RTP & SRTP
• H.235 (v2, Annex D, E, F, v3, G)
• MIKEY
• Security Issues & Risk Mitigation
• Port Usage
• Firewall Considerations
• NAT Considerations
• SIP
• Architecture
• Proxy Server
• Redirect Server
• Location Server
• Registrar
• Endpoints
• Operation (Diagram a VoIP)
• SIP Security Features
• HTTP Digest Authentication
• MIME & SMIME
• Confidentiality
• RTP & SRTP
• SDP
• TLS
• IPSec
• SIP Authenticated Identity Body
• SIP Authenticated Identity Management
• Security Issues & Risk Mitigation
  

Protocol Security

• MGCP, Megaco/H.248
• Architecture
• Call Agent
• Gateways
• Endpoints
• Operation (Diagram a VoIP call)
• Similarities & Differences
• Security Issues
• IPSec
• RTP Encryption

Attack Mitigation

This section covers common attacks in any data network and some of the tools Hackers will use to exploit the IP Telephony network.

• Unauthorized Access
• Toll Fraud
• Denial of Service
• IP Spoofing
• Packet Sniffers - Interception and mitigation
• Virus and Trojan-horse applications
• Caller Identity Spoofing
• Repudiation
• Application Layer Attack Mitigation