Research of the IPTelephony for the Czech Armed

Research of the IP-Telephony for the Czech Armed Forces Lt. Bc. Zburníková Lucie

Main points of presentation characteristic of IP-telephony aims of the scientific work Do. S attacks prevention and response overall summary 2

Aims of the scientific work to create a possible network diagram to categorize the Do. S attacks to make the total and actual list of them to propose the form of detection and counteraction against them 3

Network diagram 4

Categories and types of Denial of Service attacks • Direct Denial of Service attacks: Single-tier attacks Dual-tier attacks Triple-tier ‘distributed’ attacks • Indirect Denial of Service attacks: The Love. Bug virus Code Red and Nimda worms 5

Direct Denial of Service attacks § Single-tier Do. S Attacks (1990 -1997) § § Examples: Ping of Death, SYN floods, other malformed packet attacks Dual-tier Do. S Attacks (late 1997) Example: Smurf Triple-tier DDo. S Attacks (1998 -2000) Examples: TFN 2 K, Stacheldraht, Mstream 6

Compare of the attacks Ø Older attacks are ineffective or of low danger. Ø The attempts that use new vulnerabilities of systems have low lifetime. Ø Flood attacks are simple, but dangerous. Ø DDo. S flood attacks cause serious problems which can shift of any server. Ø Some new attempts can combine number of different simple attacks and can use DDos. 7

Prevention and Response Intrusion detection system (IDS) ü ü ü network intrusion detection system protocol-based intrusion detection system (Example: Snort) application protocol-based intrusion detection system host-based intrusion detection system hybrid intrusion detection system (Example: Prelude) Intrusion prevention system (Self)defence against Do. S attacks 8

Network-based vs. hostbased system + • It's able to verify if attack was succesful or not. Host. Based • The functionality isn't affected by transmission or using the encryption. • It's able to prevent the attack. • It protects all terminal station on the monitoring net. Network • -Based It has no influence on function of the terminal stations / servers. • It's able to detect Do. S attacks. • It uses server as a source. • The possibility of usage depends on OS. • The extensibility - requires installation of one agent / server. • There are more difficult implement. in the environment of the switching LAN. • Monitoring above 1 Gb/s is the problem for now. • Generally it can't for-actively stop the attack.

IDS on platforms of Cisco Solution Set Switch Sensor Router Sensor Firewall Sensor Network Sensor Host Sensor Mgmt Catalyst 6500 IDS Module 1700 2600 501 506 E 4210 3600 3700 515 E 525 4235 Standard Edition Secure Command Line 7 xxx 535 4250 Web Server Edition Web UI Embedded Mgr Cisco. Works VMS 10

General defence The systems for detection (and prevention) unauthorized intersection get past accessories for security nets by the firewalls. We obtain high level of defence in the face of unauthorized activities by the combination of net IDS and IDS for servers. The correct function of IDS has to be supported by regular plotting the adventitious information and upgrade of the system. 11

Overall summary Vo. IP telephony has a great potential to bring considerable advantages into telecommunications in comparison with standard technologies. The main advantage is cost reduction especially in the case of long distance calls. It offers quality phone services including secure voice and development prevention and response. 12

Thank you for your attention