* Veraz proprietary information notice: This document and
* Veraz proprietary information notice: This document and the contents therein are the property of Veraz Networks Inc. Any duplication, reproduction, or transmission to unauthorized parties without prior written permission Veraz Networks Proprietary Confidential of Veraz Networks Inc. is prohibited. The and recipient of this document, by its retention and use, agrees to protect the information contained herein from loss, theft, or transfer to third parties. 1 Security The Big Challenge of IP Telephony Yaron Oppenheim Director Product Marketing February 2003 Agenda The Problem Why is it critical ?
It should be protected & it can be protected Vulnerability points Security strategy and measures MG Control Switch Control protocol - MGCP Inter Control Switch communication The voice itself Management activity Veraz Networks Proprietary and Confidential 3 Veraz An introduction Veraz is a privately held company formed by the merger of ECI-NGTS and Nexverse Networks Global provider of end-to-end, carrier-grade Packet Telephony solutions Best-in-Class Integrated Solution Open, Best-of-Breed Softswitch & Media Gateway platforms Driving some of the largest softswitch-based VoIP deployments in the market
Market leader for carrier-class Digital Compression Multiplexing Equipment (DCME) Over $2B installed base Over 700 carrier customers in 140 countries Finland Current & on-going revenue stream Global Presence and Track Record 20 years of experience in delivering to carriers worldwide 100% ownership of advanced DSP technology Global sales & support infrastructure Veraz Networks Proprietary and Confidential Russia London Paris Spain Morocco Virginia Mexico City Fort
Lauderdale Beijing Frankfurt Turkey Korea India Israel solutions Japan Hong Kong Taiwan Malaysia Chile Philippines Brazil South Africa Singapore
Sydney Argentina 4 The Problem Attacks on the Internet 38% of the organizations Web sites suffered unauthorized access or misuse within the last 12 months Government Web site thousands of attacks per day Fraud on the Internet The main obstacle to e-commerce Money that is lost Money that is invested in securing IT installations Growing segment in a recessionary period Is IP Telephony much different ? Veraz Networks Proprietary and Confidential 5 IP Telephony network Feature Server
SIP Proxy/ Feature Server 3G Mobile H.323 Gatekeeper PDA IAD H.323 H.323 Gateway Enterprise SIP Devices Residence/ Branch/SMB Enterprise Veraz Networks Proprietary and Confidential
6 Potential Threats to Network Security Intranet and Internet Most of the intruders from within the organization Internal threats Disgruntled employees Social engineering Former employees External threats Hackers Hacking by mistake Veraz Networks Proprietary and Confidential 7 Typical Security Attacks Unauthorized access
Denial of Service - DOS Eavesdropping Masquerade Modification of information Content modification Sending the information at another time Information theft Veraz Networks Proprietary and Confidential 8 Why is it critical ? Because : A lot of money can be lost The image of the company is a high priority Veraz Networks Proprietary and Confidential 9 It should be protected & it can be protected IP Telephony will not be widely deployed without a reasonable security solution !
Veraz Networks Proprietary and Confidential 10 Security you have to protect 360o The hacker needs only one vulnerability point. Feature Server SS7/ SCP/STP/ HLR SIP/H.323/ XML/JCC SS7 ISUP/TCAP IS-41 I-Gate 4000 SIP/H.323/ XML/JCC ANSI/ETSI/ITU/UK/Japan SS7 ISUP/TCAP MGCP
PSTN IP/ATM Network IAD SIP Enterprise 3G SIP Proxy/ Mobile Feature Server PDA H.323 Gatekeeper IAD H.323 H.323 Gateway SIP Devices
Residence/ Branch/SMB Enterprise Veraz Networks Proprietary and Confidential 11 Vulnerability points Internet/ Intranet VerazView CDR HTTP SNMP EC CMI CMI IP Network RE CCP/SG
MGCP I-Gate 4000 Pro I-Gate 4000 Veraz Networks Proprietary and Confidential RTP I-Gate 4000 12 You have to protect them all Call Control Element (CCE) Signaling Gateway (SG) Routing engine (RE) Event Collector (EC)
CDR Manager Management Media Gateway (I-Gare 4000/PRO) Management System (VerazView) Links between elements Veraz Networks Proprietary and Confidential 13 Defense strategy Access to the IP Telephony Network Element is allowed by using the MANAGEMENT SYSTEM only The Management System should be highly secured ALL the information traveling from NE to NE (and from the MS to NE) should be encrypted and authenticated. Veraz Networks Proprietary and Confidential 14 MG security The only way to access the Media Gateway is by using the management system. Blocking unnecessary protocols HTTP, Telnet, etc
Protecting the MG from unauthorized access Firewall functionality Predefined list of IP's Predefined protocols Application (MGCP) aware Location of the Firewall IP Network I-Gate 4000 Pro I-Gate 4000 Veraz Networks Proprietary and Confidential 15 Control Switch elements Unix-based elements CCP SG EMS
RE EC CDR Access to the IP Telephony Network Element is allowed by using the MANAGEMENT SYSTEM only Block unnecessary protocols Access control Firewall Veraz Networks Proprietary and Confidential 16 MG Call Control Platform channel MGCP, H.248 IPSEC the de facto standard Provides protection (encryption & authentication) to each IP packet Authentication, Integrity, Confidentiality IPSEC Authentication Header (AH) IPSEC Encapsulation Security Payload (ESP) IKE Internet Key Exchange (RFC 2409) VerazView
CDR Internet/ Intranet Session Key Long-term key EC RE IP Network I-Gate 4000 CCP /SG MGCP I-Gate 4000 Pro I-Gate 4000 Veraz Networks Proprietary and Confidential 17 IPsec implementation External Boxes Check Point
Symantec Cisco Embedded Implementation Pros & cons Vulnerability Cost Management Veraz Networks Proprietary and Confidential 18 Control Switch elements comm. CMI communication CCP - EC CCP - SG CCP - RE EC - CDR manager Internet/ Intranet
EMS CDR EC RE CCP /SG IP Network I-Gate 4000 Pro I-Gate 4000 Veraz Networks Proprietary and Confidential 19 Voice - RTP IP Network SRTP IPsec Veraz Networks Proprietary and Confidential 20
Management System Security The Management System is the gate to the system Veraz Networks Proprietary and Confidential 21 MS Architecture Management System Server Management server Database server Hi-Availability PC with Web Browser (Client) Veraz Networks Proprietary and Confidential PC with Web Browser (Client) WAN WBM Client Operating System
independent Web browser Graphical User Interface Does not require installation PC with Web Browser (Client) VerazView Server I-Gate 4000 I-Gate 4000 Control Switch elements 22 Vulnerability Points Management System Network Elements channel Eavesdropping Information Theft Mgmt. System
WBM client MS Server Intrusion D.O.S. Masquerade Modification of Information SG Internet/ Intranet IP Network Control SW Mgmt. System Server - VerazView MS WBM client and connection Eavesdropping Intrusion
Information Theft -I-Gate 4000 Vulnerability at one of the VoIP elements can harm the entire IP Telephony network Veraz Networks Proprietary and Confidential 23 Access Control User ID and Password much more than that ! Validity of user IDs Password generation Password validity rules Length Structure Time to Live Password History Forced password change
Prevent repetitive intrusion attempts Inform the user of the previous login time Users access levels Etc. etc Veraz Networks Proprietary and Confidential 24 Security Administrator Who are the active users ? Force Logout Suspend What are the users doing ? Veraz Networks Proprietary and Confidential 25 Web-Based Management All you need is a Web browser OS independent HW independent Can be shared
with other applications Low bandwidth WBM Openness and Vulnerability Management System VerazView Mgmt. System WBM client SG Internet/ Intranet IP Network Control SW Mgmt. System Server - VerazView I-Gate 4000 Veraz Networks Proprietary and Confidential
- 26 WBM Encryption SSL Secured Socket Layer Provides encryption, authentication & integrity of data stream. Encryption of the Management Information SSL is the most popular method to secure Internet transport Used by Web browsers and servers The protocol that incorporates SSL and HTTP is HTTPS Powerful encryption method Internet/ Intranet IP Telephony Internet/ Intranet network SSL Veraz Networks Proprietary and Confidential
27 Separating Internet Server from MS To secure the IP Network from hackers: Internet Server separated from the MS Server MS Internet Server located in demilitarized zone (DMZ) The Internet Protection from hackers: Secured Protocol Firewall Internet Server Mgmt Secured Protocol Server IP NETWORK WBM
Control SW Control SW MG Media Gateway Veraz Networks Proprietary and Confidential 28 Disaster Recovery Web Client MS Servers at two remote locations RAID Array Disk No single point of failure Main Location Alternate Location
Veraz Networks Proprietary and Confidential Main Location 29 Questions? Yaron Oppenheim Director [email protected] Veraz Networks Proprietary and Confidential 31
Wood, coal, gasoline, and natural gas are fuels that contain chemical energy . Types and Forms of Energy. Gateway To Technology. Unit 3- Lesson 3.1- Investigating Energy. Wood, coal, gasoline, and natural gas are fuels that contain chemical energy. When...
Times New Roman Arial Narrow Verdana new_invest_04 Microsoft Excel Chart Aeronomy, Space Physics, and Astrophysics Program Antarctic Research South Pole Station Aeronomy, Space and Astrophysics Research AMANDA - Antarctic Muon and Neutrino Detector Array IceCube Radio Astronomy (Sub-MM and Infrared)...
Patrick Gannon President & CEO LRC - X Limerick, Ireland 14 September 2005 Agenda Vision for Future Global eBusiness Business Benefits of Open Standards OASIS Role in Localisation Standards Symbiotic Benefits of Localisation and Open Standards Vision for Future Global...
Al mismo tiempo, sin embargo, han ocasionado también problemas y riesgos que requieren un análisis serio y exhaustivo. El aumento de la contaminación, el uso de sustancias tóxicas, el deterioro progresivo del medio ambiente, la desertización, el empobrecimiento de la...
Running Records. The DRA (Developmental Reading Assessment) is the formal district assessment that includes administration of a running record. Informal running records can be administered using any piece of leveled text. The running record helps you find: Appropriate student text...
Themes in Of Mice and Men. The Elusive American Dream "live off the fatta the lan" Lennie's quote. Race and Discrimination. Crooks, the black stable hand. Handicaps and Isolation. Lennie, Crooks, Candy (Useful but all handicapped) Friendship and brotherhood. George...
While other factors are important, ash disposal appears to have significant impact on ETs. Landfills with medium ash content had greater tendency for ETs than low or high ash contents. ETLF cells were larger in size (site area, waste-in-place) and...
Ready to download the document? Go ahead and hit continue!