Securing VoIP (eBook)

Keeping Your VoIP Network Safe

Regis J. Jr (Bud) Bates (Autor)

eBook Download: PDF | EPUB

2014 | 1. Auflage
220 Seiten
Elsevier Science (Verlag)
978-0-12-417122-0 (ISBN)

Securing VoIP: Keeping Your VoIP Network Safe will show you how to take the initiative to prevent hackers from recording and exploiting your company's secrets. Drawing upon years of practical experience and using numerous examples and case studies, technology guru Bud Bates discusses the business realities that necessitate VoIP system security and the threats to VoIP over both wire and wireless networks. He also provides essential guidance on how to conduct system security audits and how to integrate your existing IT security plan with your VoIP system and security plans, helping you prevent security breaches and eavesdropping. - Explains the business case for securing VoIP Systems - Presents hands-on tools that show how to defend a VoIP network against attack. - Provides detailed case studies and real world examples drawn from the authors' consulting practice. - Discusses the pros and cons of implementing VoIP and why it may not be right for everyone. - Covers the security policies and procedures that need to be in place to keep VoIP communications safe.

Regis J. 'Bud' Bates has more than 30 years of experience in Telecommunications and Information Services and has long been considered a technology 'Guru.' He currently contributes to these fields as an author, consultant, course developer and teacher. As an Author, Bud has written numerous books on the technologies, including 'Voice and Data Communications Handbook, and the 'Broadband Telecom Handbook". As a Consultant, with clients spanning the range of Fortune 100-500 companies, Bud has been involved in the design of major voice and data networks. His innovative ideas in implementation have been profiled in trade journals and magazines. Many of his projects deal with multiple sites and countries using Frame Relay and ATM architectures. As a Teacher, Bud has develops and conducts various public and in-house seminars ranging from a managerial overview to very technical hands-on classes on Voice over IP, WiFi Networking, WIMAX networking, DWDM and IPv6. In the recent past he has focused much of his development and training activities on the convergence of three key areas; VoIP,Security and WiFi."

Chapter 1

Introduction

Abstract

No matter what the reason, there are people out there trying to breach Voice over Internet Protocol (VoIP) networks. Incidents abound regarding theft of long-distance services, denial of service attacks, eavesdropping, and just plain destructive actions. To be safe, one must understand the ways and means that penetrations occur. This includes an understanding of how voice works, how the Internet Protocol (IP) works, and what the combined networks and protocols yield. From there, due diligence is needed to understand that when placed together in a VoIP system, technological as well as policy weaknesses creep into the equation. However, once these are understood, one can be prepared to protect the systems and networks being deployed.

Keywords

Toll fraud

eavesdropping

call hijacking

technology

man-in-the-middle (MITM) attacks

denial of service (DoS)

distributed denial of service (DDoS)

telephony

TCP/IP

packets

Chapter outline

Securing Voice over Internet Protocol (VoIP): keeping your network safe 1

History of telephony 2

History of the Internet Protocol 4

What goes around comes around 6

VoIP network and potential problems 10

The benefits of VoIP 11

Some initial thoughts on VoIP 13

What are the reasons for the VoIP hacking attempts 14

The need for VoIP security 15

Need for security and causes 23

Technology 23

Policy 25

Terms and attacks 26

Other vulnerabilities 30

What is at risk 32

Can a call be eavesdropped? 32

There is no Holy Grail out there 33

Summary 34

Securing Voice over Internet Protocol (VoIP): keeping your network safe

This book is intended as a primer for various organizations and individuals who may be planning to roll out a VoIP system. Generally speaking, if you have not experimented with VoIP in the past, a lot of new issues may surface that had not been considered in the older days of telephony. This book is structured in such a way as to handle those issues. In this chapter the following issues will be addressed:

1. History of telephony and why it was always considered to be safe

2. History of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite and why it was always considered unsafe

3. The convergence of voice with data networks, and introduction to VoIP

4. Ingrained weaknesses in the deployment of a VoIP system including:

a. Technological weaknesses

b. Policy weaknesses

5. Statements of what is at risk when you deploy VoIP

6. Some of the threats that are known problems

7. Toll fraud

8. Theft of services

9. Loss of confidentiality

10. Eavesdropping

11. Hijacking

12. Voice mail hacking

13. Infrastructure attacks

14. Man-in-the-middle (MITM) attacks

15. Disruption or denial-of-service (DoS) attacks

As the reader might see, the issues can be many, yet they are not insurmountable. For example, when looking at the list overall, there are some pieces that can be considered and can be shorn up together. Actually, it is best if the security policies and procedures that organizations adopt and implement fully complement each other. Moreover, when dealing with VoIP, it is imperative that the security policies and procedures match those of the organization’s information technology (IT) security, audit, and business resumption plans and they all coalesce as a single document. In fact, the closer the ties built in to blend the security, the better the installed system should work as a homogenous plan.

History of telephony

In the very beginning of the voice telephony networks, the systems and services were always considered safe. The reason for this stems from the “Bell Telephone Company” philosophy. The Bell companies always ran a telephone wire from the Central Office (CO) to the customer’s location. Different ways were used but for this discussion, the telephone wires were dedicated wires that ran from the CO along a wiring telephone pole line route to the end user’s location (i.e., residence, business, etc.). In Figure 1.1 is shown a markup of how the wires were run from the CO to the end user over a pole line route. Because these bundles of wires were large, it was difficult for anyone to break into a pole line route or a buried route of 600–1200 pairs of wires and tap into them. It was possible but less than practical to break into such a link. Note that at the end user’s location a single pair of wires was run into the customer location and a telephone set (typically an analog phone) was terminated on the wires.

Figure 1.1 The telephone company wires were run on a pole line route.

Alternatively the dedicated wires were bundled together in a conduit or buried directly in the ground. For efficiency sake, the telephone wires were bundled in 600 or 1200 pairs of unshielded twisted pairs. As the larger bundles of wires were run closer to the customer site, they were split off at manholes or handholes where the pairs ultimately got separated to bring one to four pairs to the door. Shown in Figure 1.2 is the pole line and conduit combination.

Figure 1.2 A mix of buried conduit and pole line route can also be used.

Throughout history, the telephone company CO has always been kept under lock and key. No outside personnel were allowed into the CO. The reason is obvious; the Bell Telephone Company was a natural monopoly and had total control over their wires. Entering the customer’s site was a two- or four-pair cable as might be seen in Figure 1.3. This graphic shows a four-pair connection that is typically color coded so that dial tone can be brought to the end user. Under normal circumstances, the wires were thought to be dedicated from the CO to the telephone set.

Figure 1.3 A four-pair wire was terminated at the customer location.

Quite frankly, it was difficult for anyone other than a telephone company employee to figure out how the wiring was connected and how it worked, along the route. Thus, the cabling was considered safe. This is even truer when the cables were buried under the ground in a conduit. It took special knowledge to understand the myriad wires and the color schemes as well as the labeling.

For these reasons of complexity, visibility, and color code combinations, the telephone wires were always considered safe. Moreover, the architecture of the telephone network lent itself to security as the COs were not visibly labeled, there were little (or no) windows in the central switching offices, and the buildings required a user password or a card key system to get in. This kept the infrastructure fairly secure. Rather than belabor this thought, there have been breaches but they have been few and not highly publicized.

History of the Internet protocol

Without a doubt, much has happened since the inception of the Internet in the late 1960s. To be sure, the Internet was always considered an open access network. The intent was that colleges, universities, government agencies, and certain large corporations would use the Internet to share information. Thus, it had little security placed on it in the beginning. The entire purpose was for users to openly access data, files, and text messages (mail) that could be transferred between and among computers. To facilitate this sharing a set of protocols was developed called TCP/IP. This protocol set was referred to as the DoD model in the beginning as the Internet was actually designed for the DoD under the auspices of the Defense Advanced Research Project Agency (DARPA) budgets for just this sharing of data.

Because DARPA needed the openness to share the files among many different computer systems, the protocols developed were open (no real security). As long as you knew how to connect, the access was wide open. Later, after several iterations, the need for securing the TCP/IP suite became rather obvious. Therefore, the TCP/IP in use today (still mostly IPv4), which was developed for use in 1983–1984, has been fixed like a patchwork quilt. New features were added, new security tools were added, and other tools were developed. Whereas the network was used primarily for the DoD use, it took a long time in coming. Yet in 1991 depending on how you view the evolution, the Internet became a public network to serve as the “information highway” of the future. It was then that the use and the exposure of the Internet exploded to a worldwide network accessible to all. The beginning network used a model of switches and routers that were different than the telephone companies. In fact, where the circuit-switched...

Erscheint lt. Verlag	14.11.2014
Sprache	englisch
Themenwelt	Informatik ► Netzwerke ► Sicherheit / Firewall
Themenwelt	Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management
ISBN-10	0-12-417122-2 / 0124171222
ISBN-13	978-0-12-417122-0 / 9780124171220

Haben Sie eine Frage zum Produkt?

PDF (Adobe DRM)
Größe: 19,7 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

EPUB (Adobe DRM)
Größe: 6,7 MB

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Print-Ausgabe

Buch | Softcover

46,10 €