Download - Securing Unified Communications Systems
![Page 1: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/1.jpg)
Securing Communications!
SpeechTEK New York 2010!Dan York, CISSP
Director of Conversations, Voxeo Best Practices Chair, VoIP Security Alliance Author, Seven Deadliest UC Attacks!
![Page 2: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/2.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
www.7ducattacks.com
About Dan York!
www.blueboxpodcast.com
www.voipsa.org www.voxeo.com
![Page 3: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/3.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
About Voxeo!
Founded in 1999
World’s largest hosted VoiceXML and CCXML platform – Over 82,000 hosted ports globally; hundreds of premise deployments
Over 150,000 developers using Voxeo platforms
The Voxeo difference: Unlocked Communications, Customer Obsession Teams, Communications Passion
www.voxeo.com
![Page 4: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/4.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
SIP Proxy
A
Alice Bob Media (RTP, MSRP, etc.)
SIP SIP
SIP Proxy
B SIP
The Change VoIP Brings!
![Page 5: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/5.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
Internet
Alice Bob Media
SIP SIP
SIP Proxy
A SIP
SIP Proxy
B
SIP Proxy
N
SIP Proxy
D SIP
SIP Proxy
C SIP SIP
Media Proxy
A
Media Proxy
B Media Media
The Larger Reality!
![Page 6: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/6.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
Physical Wiring
PBX
Voicemail
PSTN Gateways
Once Upon A Time!
![Page 7: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/7.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
Physical Wiring
IP Network
IP-PBX
Voicemail
PSTN Gateways
Mobile Devices
IM Networks
Web Servers
Email Servers
Desktop PCs
Operating Systems
Firewalls
Internet
Directory Servers
VoIP
CRM Systems
Social Networks
Database Servers
Application Servers
1. Understand Your Ecosystem!
![Page 8: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/8.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
2. Understand Your Endpoints!
IP Phones, Smartphones, Softphones
What services are running on them?
Default passwords?
How do you patch/secure them?
![Page 9: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/9.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
SIP Proxy
A
Alice Bob
SIP SIP
SIP Proxy
B
SIP Proxy
N SIP SIP
Media Media Eve
3. Secure Your Media!
![Page 10: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/10.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
Alice Bob Media
Media Proxy
A
Media Proxy
B Media Media
Internet
Secure Media – Hop By Hop!
![Page 11: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/11.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
Alice Bob Media
Media Proxy
A
Media Proxy
B Media Media
Internet
Secure Media – End to End!
![Page 12: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/12.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
SIP Proxy
A
Alice Bob
SIP SIP
SIP Proxy
B
SIP Proxy
N SIP
Media
Eve SIP SIP
4. Secure Your Signalling!
![Page 13: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/13.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
Signalling Attacks!
Toll Fraud
Identity Theft
![Page 14: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/14.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
PBX
Corp HQ
Carrier PSTN
Internet
Traditional Telephony!
![Page 15: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/15.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
PBX
Corp HQ
ITSP
Internet
PSTN
IP Communications!
![Page 16: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/16.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
PBX
Corp HQ
ITSP
Internet PSTN
PBX
Office A
Failover!
![Page 17: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/17.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
PBX
Corp HQ
PSTN
ITSP (Boston)
Internet ITSP (Paris)
ITSP (Tokyo)
Redundancy / Geography!
![Page 18: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/18.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
5. Secure Your PSTN Connectivity!
Attacks • Toll Fraud
• Denial of Service
• Spam
Solutions • Encryption
• Strong Authentication
• Transport Security
![Page 19: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/19.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
6. Secure Your Identity!
Attacks • Fraud
• Identity Theft
• Social Engineering
Solutions • Education
• Lock Down Spoofing
• Strong Identity
![Page 20: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/20.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
UC System
Corp HQ
Internet Firewall WiFi Café
Router
Mobile UC
client
Laptop UC
client
Mobile Data
Network
7. Secure Distributed Systems!
![Page 21: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/21.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
UC System
Corp HQ
UC System
Office A
Corporate Network
Company A
UC System
Corp HQ
UC System
Office A
Corporate Network
Company B
Internet
How Do You Securely Federate?!
![Page 22: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/22.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
IM
Corp HQ
Corporate Network
Presence
Call Control
IVR IM
Office A
Presence
Call Control
Voicemail IM
Office B
Presence
Call Control
PSTN
Internet
What if the Cloud Isnʼt There?!
![Page 23: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/23.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
Questions About the Cloud!
What kind of availability guarantees / Service Level Agreements (SLAs) does the platform vendor provide?
What kind of geographic redundancy is built into the underlying network?
What kind of network redundancy is built into the underlying network?
What kind of physical redundancy is built into the data centers?
What kind of monitoring does the vendor perform?
What kind of scalability is in the cloud computing platform?
What kind of security, both network and physical, is part of the computing platform?
Finally, what will the vendor do if there is downtime? Will the downtime be reflected in your bill?
![Page 24: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/24.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
The Way It Used To Be!
![Page 25: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/25.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
ITSP
PSTN
ITSP
ITSP ITSP
ITSP
ITSP ITSP ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP
ITSP ITSP
ITSP
ITSP
ITSP
ITSP ITSP
ITSP ITSP
ITSP
ITSP
Today...!
![Page 26: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/26.jpg)
© Voxeo Corporation © Voxeo Corporation © Voxeo Corporation
Resources!
VoIP Security Alliance • www.voipsa.org • www.voipsa.org/blog
Hacking Exposed: VoIP • www.hackingvoip.com
Seven Deadliest Unified Communications Attacks • www.7ducattacks.com
![Page 27: Securing Unified Communications Systems](https://reader034.vdocument.in/reader034/viewer/2022042614/555c02f8d8b42a5b448b53f0/html5/thumbnails/27.jpg)