E-Book
E-Book, Englisch, 220 Seiten
(Bud) Bates Securing VoIP
Keeping Your VoIP Network Safe
1. Auflage 2014
ISBN: 978-0-12-417122-0
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
1. Auflage 2014
ISBN: 978-0-12-417122-0
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Keeping Your VoIP Network Safe
E-Book, Englisch, 220 Seiten
ISBN: 978-0-12-417122-0
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Securing VoIP: Keeping Your VoIP Network Safe will show you how to take the initiative to prevent hackers from recording and exploiting your company's secrets. Drawing upon years of practical experience and using numerous examples and case studies, technology guru Bud Bates discusses the business realities that necessitate VoIP system security and the threats to VoIP over both wire and wireless networks. He also provides essential guidance on how to conduct system security audits and how to integrate your existing IT security plan with your VoIP system and security plans, helping you prevent security breaches and eavesdropping. - Explains the business case for securing VoIP Systems - Presents hands-on tools that show how to defend a VoIP network against attack. - Provides detailed case studies and real world examples drawn from the authors' consulting practice. - Discusses the pros and cons of implementing VoIP and why it may not be right for everyone. - Covers the security policies and procedures that need to be in place to keep VoIP communications safe.
Regis J. 'Bud' Bates has more than 30 years of experience in Telecommunications and Information Services and has long been considered a technology 'Guru.' He currently contributes to these fields as an author, consultant, course developer and teacher. As an Author, Bud has written numerous books on the technologies, including 'Voice and Data Communications Handbook, and the 'Broadband Telecom Handbook". As a Consultant, with clients spanning the range of Fortune 100-500 companies, Bud has been involved in the design of major voice and data networks. His innovative ideas in implementation have been profiled in trade journals and magazines. Many of his projects deal with multiple sites and countries using Frame Relay and ATM architectures. As a Teacher, Bud has develops and conducts various public and in-house seminars ranging from a managerial overview to very technical hands-on classes on Voice over IP, WiFi Networking, WIMAX networking, DWDM and IPv6. In the recent past he has focused much of his development and training activities on the convergence of three key areas; VoIP,Security and WiFi."
Regis J. 'Bud' Bates has more than 30 years of experience in Telecommunications and Information Services and has long been considered a technology 'Guru.' He currently contributes to these fields as an author, consultant, course developer and teacher. As an Author, Bud has written numerous books on the technologies, including 'Voice and Data Communications Handbook, and the 'Broadband Telecom Handbook". As a Consultant, with clients spanning the range of Fortune 100-500 companies, Bud has been involved in the design of major voice and data networks. His innovative ideas in implementation have been profiled in trade journals and magazines. Many of his projects deal with multiple sites and countries using Frame Relay and ATM architectures. As a Teacher, Bud has develops and conducts various public and in-house seminars ranging from a managerial overview to very technical hands-on classes on Voice over IP, WiFi Networking, WIMAX networking, DWDM and IPv6. In the recent past he has focused much of his development and training activities on the convergence of three key areas; VoIP,Security and WiFi."
(Bud) Bates
Securing VoIP jetzt bestellen!
Autoren/Hrsg.
Weitere Infos & Material
Chapter 1
Introduction
Abstract
No matter what the reason, there are people out there trying to breach Voice over Internet Protocol (VoIP) networks. Incidents abound regarding theft of long-distance services, denial of service attacks, eavesdropping, and just plain destructive actions. To be safe, one must understand the ways and means that penetrations occur. This includes an understanding of how voice works, how the Internet Protocol (IP) works, and what the combined networks and protocols yield. From there, due diligence is needed to understand that when placed together in a VoIP system, technological as well as policy weaknesses creep into the equation. However, once these are understood, one can be prepared to protect the systems and networks being deployed.
Keywords
Toll fraud
eavesdropping
call hijacking
technology
man-in-the-middle (MITM) attacks
denial of service (DoS)
distributed denial of service (DDoS)
telephony
TCP/IP
packets
Chapter outline
Securing Voice over Internet Protocol (VoIP): keeping your network safe 1
History of the Internet Protocol 4
What goes around comes around 6
VoIP network and potential problems 10
Some initial thoughts on VoIP 13
What are the reasons for the VoIP hacking attempts 14
Need for security and causes 23
Technology 23
Policy 25
Can a call be eavesdropped? 32
There is no Holy Grail out there 33
Summary 34
Securing Voice over Internet Protocol (VoIP): keeping your network safe
This book is intended as a primer for various organizations and individuals who may be planning to roll out a VoIP system. Generally speaking, if you have not experimented with VoIP in the past, a lot of new issues may surface that had not been considered in the older days of telephony. This book is structured in such a way as to handle those issues. In this chapter the following issues will be addressed:
1. History of telephony and why it was always considered to be safe
2. History of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite and why it was always considered unsafe
3. The convergence of voice with data networks, and introduction to VoIP
4. Ingrained weaknesses in the deployment of a VoIP system including:
a. Technological weaknesses
b. Policy weaknesses
5. Statements of what is at risk when you deploy VoIP
6. Some of the threats that are known problems
7. Toll fraud
8. Theft of services
9. Loss of confidentiality
10. Eavesdropping
11. Hijacking
12. Voice mail hacking
13. Infrastructure attacks
14. Man-in-the-middle (MITM) attacks
15. Disruption or denial-of-service (DoS) attacks
As the reader might see, the issues can be many, yet they are not insurmountable. For example, when looking at the list overall, there are some pieces that can be considered and can be shorn up together. Actually, it is best if the security policies and procedures that organizations adopt and implement fully complement each other. Moreover, when dealing with VoIP, it is imperative that the security policies and procedures match those of the organization’s information technology (IT) security, audit, and business resumption plans and they all coalesce as a single document. In fact, the closer the ties built in to blend the security, the better the installed system should work as a homogenous plan.
History of telephony
In the very beginning of the voice telephony networks, the systems and services were always considered safe. The reason for this stems from the “Bell Telephone Company” philosophy. The Bell companies always ran a telephone wire from the Central Office (CO) to the customer’s location. Different ways were used but for this discussion, the telephone wires were dedicated wires that ran from the CO along a wiring telephone pole line route to the end user’s location (i.e., residence, business, etc.). In Figure 1.1 is shown a markup of how the wires were run from the CO to the end user over a pole line route. Because these bundles of wires were large, it was difficult for anyone to break into a pole line route or a buried route of 600–1200 pairs of wires and tap into them. It was possible but less than practical to break into such a link. Note that at the end user’s location a single pair of wires was run into the customer location and a telephone set (typically an analog phone) was terminated on the wires.
Figure 1.1 The telephone company wires were run on a pole line route.
Alternatively the dedicated wires were bundled together in a conduit or buried directly in the ground. For efficiency sake, the telephone wires were bundled in 600 or 1200 pairs of unshielded twisted pairs. As the larger bundles of wires were run closer to the customer site, they were split off at manholes or handholes where the pairs ultimately got separated to bring one to four pairs to the door. Shown in Figure 1.2 is the pole line and conduit combination.
Figure 1.2 A mix of buried conduit and pole line route can also be used.
Throughout history, the telephone company CO has always been kept under lock and key. No outside personnel were allowed into the CO. The reason is obvious; the Bell Telephone Company was a natural monopoly and had total control over their wires. Entering the customer’s site was a two- or four-pair cable as might be seen in Figure 1.3. This graphic shows a four-pair connection that is typically color coded so that dial tone can be brought to the end user. Under normal circumstances, the wires were thought to be dedicated from the CO to the telephone set.
Figure 1.3 A four-pair wire was terminated at the customer location.
Quite frankly, it was difficult for anyone other than a telephone company employee to figure out how the wiring was connected and how it worked, along the route. Thus, the cabling was considered safe. This is even truer when the cables were buried under the ground in a conduit. It took special knowledge to understand the myriad wires and the color schemes as well as the labeling.
For these reasons of complexity, visibility, and color code combinations, the telephone wires were always considered safe. Moreover, the architecture of the telephone network lent itself to security as the COs were not visibly labeled, there were little (or no) windows in the central switching offices, and the buildings required a user password or a card key system to get in. This kept the infrastructure fairly secure. Rather than belabor this thought, there have been breaches but they have been few and not highly publicized.
History of the Internet protocol
Without a doubt, much has happened since the inception of the Internet in the late 1960s. To be sure, the Internet was always considered an open access network. The intent was that colleges, universities, government agencies, and certain large corporations would use the Internet to share information. Thus, it had little security placed on it in the beginning. The entire purpose was for users to openly access data, files, and text messages (mail) that could be transferred between and among computers. To facilitate this sharing a set of protocols was developed called TCP/IP. This protocol set was referred to as the DoD model in the beginning as the Internet was actually designed for the DoD under the auspices of the Defense Advanced Research Project Agency (DARPA) budgets for just this sharing of data.
Because DARPA needed the openness to share the files among many different computer systems, the protocols developed were open (no real security). As long as you knew how to connect, the access was wide open. Later, after several iterations, the need for securing the TCP/IP suite became rather obvious. Therefore, the TCP/IP in use today (still mostly IPv4), which was developed for use in 1983–1984, has been fixed like a patchwork quilt. New features were added, new security tools were added, and other tools were developed. Whereas the network was used primarily for the DoD use, it took a long time in coming. Yet in 1991 depending on how you view the evolution, the Internet became a public network to serve as the “information highway” of the future. It was then that the use and the exposure of the Internet exploded to a worldwide network accessible to all. The beginning network used a model of switches and routers that were different than the telephone companies. In fact, where the circuit-switched...
Bitte ändern Sie das Passwort
