Voice over Internet Protocol Vo IP Security Affects

Convergence Ø “Today’s networks are being architected with converged, real time, voice, data, and

Vo. IP Security Ø “Security must prevent theft of service, authenticate users, and repel

Vo. IP Security Challenges Ø Quality of Service Ø Network Elements Ø Security Breaches

Quality of Service (Qo. S) “Quality of Service (Qo. S) refers to the capacity

QOS Ø “The key to conquering Qo. S issues like latency and bandwidth congestion

Security Breaches Ø Access Ø Ø Ø Disruption Ø Ø Ø Unauthentication - intrusion

Network Elements Denial of Service (Do. S) – see slide # 7 Ø Power

IP Security Profiles Ø ITU – T H. 234 v 2 & v 3

Bottom Line and Discussion Ø Expectations for Vo. IP will be based on the

References (1) Broadcom. “Critical Steps for Successful Vo. IP Deployment. ” White Paper October

Slides: 11

Download presentation

Voice over Internet Protocol (Vo. IP) Security Affects on the IP Network Architecture Net@Edu Conference ICS – Wireless Group Meeting Tempe, Arizona February 6, 2005 Jose J. Valdes, Jr. Colorado State University 1

Convergence Ø “Today’s networks are being architected with converged, real time, voice, data, and video applications in mind. ” Ø “It is this ability to integrate voice, data, and video applications using a single network infrastructure that makes deployment of IP telephony platform a essential step toward creating a next-generation network. ” Ø The next-generation network has different and extended architectural requirements, in part because of Vo. IP, e. g. , security. (1) 2

Vo. IP Security Ø “Security must prevent theft of service, authenticate users, and repel a range of attacks from outside and inside the firewall. ” Ø “With the introduction of VOIP, the need for security is compounded because now we must protect two invaluable assets, our data and our voice. ” (video and mobile). Ø “The key to securing VOIP is to use the security mechanisms like those deployed in the data networks (firewall, encryption, antivirus, pop-up protection, O. S. updates, etc. ). ” (2) (3) 3

Vo. IP Security Challenges Ø Quality of Service Ø Network Elements Ø Security Breaches Ø Denial of Service (Do. S) Power failure Viruses, Trojan Horse Physical security Operating System Life and Safety (E-911) Access Ø Disruption Ø Confidentiality and privacy Ø 802. 11 (Qo. S) Latency Ø Jitter Ø Packet loss Ø Ø Ø Ø Protocols Ø H. 323 Ø SIP 4

Quality of Service (Qo. S) “Quality of Service (Qo. S) refers to the capacity of a network to provide better service to selected network traffic over various technologies …, and IP routed networks …” (4) Ø Latency is the time it takes for data to get from the source to the destination and is introduced from various network and Vo. IP components, e. g. , encryption encoding and decoding. Ø Jitter is introduced when data packets have different latency and packets become out of sequence. Ø Packet loss is when data packets do not arrive at the destination or arrive too late to be processed. Ø (4) 5

QOS Ø “The key to conquering Qo. S issues like latency and bandwidth congestion is speed. ” Ø “…every facet of network traversal must be completed quickly in Vo. IP. ” Ø Firewalls/NAT traversal and traffic encryption/decryption are latency producers and network congestion generators, but must effective means to secure a network. The “good and bad news”. (3) 6

Security Breaches Ø Access Ø Ø Ø Disruption Ø Ø Ø Unauthentication - intrusion detection and application access control Protection and updating of administrative passwords Denial of Service (Do. S) – VLAN, firewall, routers, digital certificates Network congestion – Qo. S, increased bandwidth Confidentiality and Privacy Ø Eavesdropping & IP spoofing 7

Network Elements Denial of Service (Do. S) – see slide # 7 Ø Power failure – UPS, generators Ø Viruses, Trojan Horse – application and O. S. patches and updates, security policies Ø Physical security – access controls, policies Ø Operating System – patches, updates Ø Life and Safety (E-911) – static IP address, relocation policies Ø Ø 802. 11 evolving IP mobile devices or dual mode with cellular 8

IP Security Profiles Ø ITU – T H. 234 v 2 & v 3 defines different security profiles for product interoperability under the H. 323 suite of protocols’ Annex D, E, and F. Suite designed for real time audio, video, multimedia, and data. Ø SIP security features described in RFC 3261 (IETF). Designed for Vo. IP and updated for video and messaging. Ø Some will argue that these protocols were designed from different perspectives. 9

Bottom Line and Discussion Ø Expectations for Vo. IP will be based on the performance and availability of legacy telephony systems!! Ø How will Vo. IP affect the IP network architecture? Ø Will “traditional” IP security mechanisms and policies be effective or detrimental to Vo. IP on a convergent network? Ø How to identify the accommodations or “trade offs” that will be acceptable in support of Vo. IP on a convergent network? 10

References (1) Broadcom. “Critical Steps for Successful Vo. IP Deployment. ” White Paper October 2004 Broadcom Corporation Irvine, CA. (2) Shore, Joel. “IP Telephony Security: An Overview. ” Network. World URL: networkworld@reprintbuyer. com Kuhn, R. D. , Walsh, T. J. , & Fries, S. , “Security Considerations for Voice Over IP Systems: Recommendations of the National Institute of Standards and Technology. ” National Institute of Standards and Technology, Gaithersburg, MD. January 2005. Cisco. “Internetworking Technology Handbook. ” 2003. URL: http: //www. cisco. com/univercd/cc/td/doc/cisintwrk/ito_doc (26 October 2004) Tucker, G. S. , “Voice Over Internet Protocol (Vo. IP) and Security. ” GIAC Security Essentials Certification (GSEC), v 1. 4 c, option 1, 26 October 2004 11 (3) (4) (5)