Security Checklist For Voip Service Providers
Security Checklist For Voip Service Providers
It is often said that understanding the problem is 90% of the solution, and VoIP security is no exception. It is fear of the unknown which is likely to elicit встраиваемая техника вытяжки a knee-jerk reaction of panic, so the first step is to understand the threats and then classify them. We also have to ask the question: what does security mean to me and what does it mean to my customers?
Security to the customer means protecting their device and identity and the continuity of their service. Security to the service provider means protecting their network their revenue and their customers. In this feature we will look at service disruption and service theft.
Disruption
A service can be disrupted by breaking the user’s device, flooding the IP network with traffic or breaking the service provider’s infrastructure. Disruption is usually achieved through either Logic Attacks or Flood Attacks or Application Layer Attacks.
• Logic attacks exploit vulnerabilities in protocols or their implementations, e.g. Ping of death, Teardrop, Land etc.
• Flood attacks disable targets through traffic volume; a flood attack can originate from a single platform or from multiple platforms.
• Application Layer Attacks include: SIP-SPAM, and identity forging.
We can also divide the attacks into IP layer and SIP layer thus:
IP Logic Attack / IP Flood Attack
SIP Logic Attack / SIP Flood Attack
Application Layer attack
IP Logic Attacks
IP Logic attacks on SIP devices are no different to any other IP device; these include well known exploits such as: Ping of death, Teardrop, Land, Chargen and Out of sequence packets. All of these can disable a device which has not been fully tested to protect itself against these exploits.
IP Flood Attacks
IP Flood attacks include: SYN flood attack (TCP SYN Floods are one of the oldest DoS attacks
in existence), Smurf Attack, Fraggle attack and the list goes on… These attacks are designed either to overcome the device by tying up resources or to simply overwhelm the network through shear weight of traffic.
SIP Logic Attacks
SIP logic автомобильный gps навигатор attacks exploit weaknesses in SIP signalling implementations. Incomplete or incorrect fields, invalid message types can disable not only client devices but also core network devices. This type of attack can be countered by thorough testing of any devices against suites such at the IETF SIP Torture test developed through the SIPiT Events or the PROTOS Test-Suite, developed by the University of Oulu.
A more sophisticated attack can be to inject messages into a call to terminate it prematurely. This type of attack can be largely avoided by the use of strong authentication techniques, thus, the injected packet would not be authenticated and therefore would be rejected.
SIP Flood Attacks
SIP flood attacks exploit weaknesses higher up the communications stack that require more processing resources. As a consequence, it takes a much smaller flood to cause disruption. For example, one or more devices may send multiple registrations or call requests to a server.
Countering this type of disruption requires network based devices like Session Border Controllers (SBCs) to police the signalling stream and rate limit registrations and calls to Softswitches to predetermined limits. Acting as a proxy in the signalling stream the выбор жк телевизора SBC can also filter inappropriate protocols, IP DoS attacks and invalid SIP messages. This helps compartmentalise the network and restricts any disruption to just one network segment.
Protect the User Device
These devices will typically be incapable of rate limiting and may be overrun by flood attacks. This means they are subject to both logic and flood attacks. Again the user device will benefit from the стиральные машины neff protection afforded by network based SBCs blocking DoS attacks and invalid SIP messages.
Service Theft
A simple example of service theft is to signal that a voice call it being made but exchange video data. This hits the подбор ноутбука service provider on two fronts: a) loss of revenue by billing for стиральная машина электролюкс only a voice call and b) potential degradation in service quality for other users resulting in dissatisfaction.
The structure of a VoIP call with separate media and signalling streams has lead to some innovative ploys. For example, a стиральная машина аристон rogue PC client which transports media in the RTCP quality monitoring stream, this is not policed in most networks. Another ploy is to transport media in the call signalling then failing the call before billing commences. Not only цифровые видеокамеры sony does this mean a free call but repeated call set can cause huge signalling rates which are a DoS attack in themselves.
The solution is to police all components of the call. SBCs police the signalling and the media to ensure that the call is executed вытяжка Kaiser as requested and that RTCP traffic is within expected bounds.
Conclusion
Security is a vast subject and needs to be ubiquitous in its implementation. Take care of the fundamentals first:
Test, authenticate, protect, block, limit and police.
• Test network elements against standard IP and SIP test suites to ensure they can survive IP and SIP logic attacks
• Implement strong authentication, identifying your users protects their identity, protect their service and combats disruption.
• Protect the Network by compartmentalizing it to restrict the range of any disruption.
• Block malicious or inappropriate traffic – do not propagate the problem.
• Limit the rate of traffic телевизоры samsung to core elements to ensure the survivability of the service.
• Police all aspects of the traffic flowing across the network to prevent fraudulent or inappropriate use.
A secure and dependable service brings with it benefits to users and provider alike. It will build user confidence which in turn creates dependable revenue for the service provider and by addressing the basics from day one, need not be complex or expensive.
For more information on a range of VoIP topics: multimedia networks, security and IMS there is a number of free White Papers available from Newport Networks.
Dave Gladwin works for Newport Networks and has worked in the telecoms sector for 25 years and VoIP for the last 10 years.
The First Kiss
The First Kiss
It was a few days after Christmas, 1969. I was loaded down with cash from grandparents, uncles, aunts, and others who years before had given up trying to figure me out. I’m talking about tens of dollars and it was burning a big hole in my pocket.
Little did I know, this gift of cash would be the first domino to fall in a chain of dominos that would lead to the gift of euphoria.
I received a call from my close girl-type friend, Shirley, completely out of the blue. She was going to Willowbrook Mall with a girlfriend, and wanted to know if I would like to join them. Reluctant at first, I felt that hole burning where the cash was pocketed. I wanted to buy the Crosby, Stills and Nash album released the prior June. After a little more thought, the first domino fell. I met them at the corner of Bloomfield and Ridgewood Avenues to pick up the bus that would drag us out to the Willowbrook Mall.
I didn’t offer to drive them in the family car because I couldn’t. I was only weeks from turning eighteen and I did not have my license yet. I was afflicted with Boring Oldest Brother Syndrome, BOBS), a disease that attacks the maturity system; for example rendering one to postpone getting one’s driver’s license for as long as one possibly can. It’s quite crippling really.
Happily, I met them at the bus stop.
Shirley introduced me to Sue. It took, oh let’s see, about 3.7 seconds. Nope, I think less. I’m pretty sure it was when I heard the “ue” sound of her name that I instantly felt something deep inside my chest, a ping right below the top of the rib cage, like an electric shock only it didn’t hurt; it felt really goofy, really exhilarating.
She was beautiful. Her hair smelled like the freshest Breck shampoo for color treated hair I had ever laid nose on. And she was awash in Shalimar perfume, sending my olfactory glands into nasal nirvana.
During the bus ride to the mall, surprisingly I was overcome by an eerie confidence that pushed me to new heights of flirtatious wit. I was on top of someone else’s game and loving it! By the time we had arrived at the mall, I was hooked. Oh boy was I hooked. We had giggled our way into some kind of magic. And the very best part, as I would learn later from Shirley, who by then had been ordained the puppet master of Bob’s love world, was that Sue didn’t just like me, she ‘LIKED’ me—as in capital letters—‘LIKED’ me!
How quickly one’s fortunes change when suddenly plunged духовые шкафы into the throes of youthful romantic chase. We walked the long winding caverns formed by nameless boutiques and anchor stores, laughing and smiling and teasing and touching and laughing some more. To the casual observer, it was probably nauseating but I didn’t care. I was dominoing into a wonderful new world. I bought the CS&N album. The girls replenished their perfume stock. Before we knew what hit us, it was time to go.
As the bus pulled away, my mind was dancing in heaven. But by the time we arrived back and disembarked where the adventure had all begun, heaven had turned to hell. It was all too good to be true. Rejection was moments away. Such was the fragile nature of my life.
The bus sputtered away from our stop, dumping an ominous black cloud of monoxide in its wake. But all I could immerse myself in was Sue, who by now was wearing a dazzling array of seventeen fragrances скачать сериалы she had tested on her delicate soft wrists for me to blushingly critique. The air about her was a beautiful collage to the finely tuned nasal passages of a teen boy in fresh mushy pursuit. Unfortunately it was духовые шкафы ariston a wondrous moment that could not last. It was time to be noble in the face of her pleasant rejection with an empty smile, and cherish the fond memory of the mall.
I took the lead step in the dance of disengagement.
“Well, I guess I have to get going.” As clever a line as I had ever led with.
“Yeah, its dinner time and my brother is picking me up at Shirley’s in ten minutes.”
“Hey Shirls, can you give me a call later after din?” I asked, trying not to tip my cards too much.
“Yeah, no problem. I think we have something to talk about.” She was so obvious.
“Oh yeah? You think?” I coyly replied.
“Yeah, we need to talk too Shirls?” Sue added.
My heart sank at the foreboding potential of their pending conversation. I reached deep inside to maintain the high road.
“All right then, I guess that’s that! Everyone needs to talk! Everyone is talkin’!” Not a very good job. I probably needed to reach deeper.
Unfortunately my old friend panic had made himself at home in my thoughts. Was this going to be as good as it gets? Was my breath killing her? Was she just now realizing the lowliness of her affection?
I had to say something but what? What could I possibly say to rescue this sweet moment from the clutches of rejection like all the others?
I found it . “Okay then