SlideShare a Scribd company logo

Introduction to VoIP Security

Download as PPT, PDF
n|u - The Open Security Community
n|u - The Open Security Community

VoIP, or Voice over IP, converts analog voice signals to digital bits which are transmitted in packets over data networks. This allows for voice calls to be made over the internet. However, VoIP inherits vulnerabilities from both telephone and computer networks. Common attacks against VoIP systems aim to disrupt availability through DoS attacks, compromise integrity through spoofing, or violate confidentiality through eavesdropping. Proper security measures include separating VoIP and data infrastructure, using secure protocols, encryption, and VoIP-aware firewalls.

EducationTechnologyBusiness
1 of 16
Downloaded 99 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
An Overview of VoIP Security -Push http://null.co.in/ http://nullcon.net/
VoIP… • Voice over IP • Transmission of “voice” over packet-switched (data)networks, • Voice analog signals are converted to digital bits – “Sampled” • Sampled bits are transmitted into Packets http://null.co.in/ http://nullcon.net/
Analog Voice Signals 101010101010 1101101101 101010101010 Analog Voice 1101101101 Signals 101010101010 1101101101 Internet 101010101010 101010101010 1101101101 1101101101 http://null.co.in/ http://nullcon.net/
Components Involved… • Traditional Telephone Networks, • Computer Networks, • VoIP Hardware, • Gateways • Proxy Servers • Redirect Servers • VoIP Software, • IDS – IPS - Firewalls http://null.co.in/ http://nullcon.net/
VoIP Traffic Factors… • Latency • Jitter • Packet Loss • Speed / Bandwidth • QoS…. http://null.co.in/ http://nullcon.net/
Protocols used… • Vendor Proprietary, • SIP • H.323 • RTSP • RTP http://null.co.in/ http://nullcon.net/
Features SIP and H.323 H.323 SIP Multimedia support Yes No Complexity High Low Reliability Efficint failure handling Inefficint failure handling Message Encoding Supported for narrowband and broadband Supported for broadband Interoperability Yes No Load Balancing Yes No Call signalling 1 RAS message exchange 3 exchange messages Statelessness While direct calling While it is not forking Address resolution Supported not supported Addressing Flexible Only URI type addressing supported Billing Available at gatekeeper Not available Capability Negotiation Good Limited PSTN internetworking Supported not supported Services Through web browser Not through web browser Video and data conferencing Lip synchronization supported. Lip synchronization not supported. Transport protocol Reliable Unreliable Firewall/NAT support Yes No Authentication Via H.235. Via HTTP (Digest and Basic), SSL, PGP, S/MIME. DTMF Carriage Through audio stream No carriage http://null.co.in/ http://nullcon.net/
SIP Call Flow http://null.co.in/ http://nullcon.net/
H.323 Call Flow http://null.co.in/ http://nullcon.net/
H.323 Call Flow http://null.co.in/ http://nullcon.net/
Attacks Vectors • Vulnerabilities of both Data and Telephone Networks • CIA Triad http://null.co.in/ http://nullcon.net/
Availability Threats… • SIP Bombing • Man in the Middle/Call Hijacking • Eavesdropping • RTP Insertion attacks • SIP-BYE DoS • Multiple Account Registration with the same name http://null.co.in/ http://nullcon.net/
Integrity Threats… • Caller Identification spoofing • Proxy Impersonation • Call Redirection • UDP flooding attack • Registration Removal • Registration Addition http://null.co.in/ http://nullcon.net/
Confidentiality Threats… • Eavesdropping of phone conversation. • Unauthorized access attack. • Default passwords. • TOLL FRAUD http://null.co.in/ http://nullcon.net/
Standard Guidelines • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLS http://null.co.in/ http://nullcon.net/
Thanks you. http://null.co.in/ http://nullcon.net/

More Related Content

What's hot (20)

PDF
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Fatih Ozavci
 
PDF
VoIP Wars: The Phreakers Awaken
Fatih Ozavci
 
PPTX
Voip security
Shethwala Ridhvesh
 
PDF
VoIP Wars: Attack of the Cisco Phones
Fatih Ozavci
 
PDF
Departed Communications: Learn the ways to smash them!
Fatih Ozavci
 
PDF
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
Fatih Ozavci
 
PDF
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
 
PDF
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
Suhas Desai
 
PPT
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
PPT
VoIP Security
Dayanand Prabhakar
 
PDF
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
pseudor00t overflow
 
PPTX
Sangoma SBC Training Presentation
Empatiq İletişim Teknolojileri AŞ.
 
PDF
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Encryption
 
PPT
Asterisk PBX Presentation, 2006
Erkhembaatar M.
 
PPTX
Encrypted Voice Communications
sbwahid
 
PPTX
Voice encryption for gsm using arduino
iruldaworld
 
PPTX
PrivateGSM - Voice Encryption Technical Overview
PrivateWave Italia SpA
 
PPTX
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Syuan Wang
 
PPTX
VOIP security
Rohit Gurjar
 
PPTX
How to hack a telecommunication company and stay alive. Sergey Gordeychik
Positive Hack Days
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Fatih Ozavci
 
VoIP Wars: The Phreakers Awaken
Fatih Ozavci
 
Voip security
Shethwala Ridhvesh
 
VoIP Wars: Attack of the Cisco Phones
Fatih Ozavci
 
Departed Communications: Learn the ways to smash them!
Fatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
Fatih Ozavci
 
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
Suhas Desai
 
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
VoIP Security
Dayanand Prabhakar
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
pseudor00t overflow
 
Sangoma SBC Training Presentation
Empatiq İletişim Teknolojileri AŞ.
 
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Encryption
 
Asterisk PBX Presentation, 2006
Erkhembaatar M.
 
Encrypted Voice Communications
sbwahid
 
Voice encryption for gsm using arduino
iruldaworld
 
PrivateGSM - Voice Encryption Technical Overview
PrivateWave Italia SpA
 
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Syuan Wang
 
VOIP security
Rohit Gurjar
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
Positive Hack Days
 

Similar to Introduction to VoIP Security (20)

PPTX
VoIP - seminar at IASRI, New Delhi
Nishikant Taksande
 
PPTX
Voip
Harry Sunarsa
 
PPT
Voice Over IP Overview w/Secuirty
Christopher Duffy
 
PDF
Widyatama.lecture.applied networking.iv-week-09-voip
Djadja Sardjana
 
PPTX
Kartik Powerpoit
guest0d8c40c
 
PDF
Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)
Thomas Siegers
 
PPT
VOIP
Augusto Seixas
 
PDF
IMT Lecture: VOIP&IPTV MM-Biztel
Djadja Sardjana
 
PDF
IMT Lecture Ict.VOIP+IPTV.Part01.MM-Biztel 02 Nov09
gueste2f09df
 
PDF
Voip In College
Free Open Source Software Technology Lab
 
PPT
Voice over IP: Issues and Protocols
Videoguy
 
PDF
385 voice over ip
jacinthsara
 
PPT
VoIP enterprise adoption
Shubham Jaiswal
 
PPT
Gaurav kumar VOIP MMMEC
Gaurav Kumar
 
PPTX
VoIP (Voice over Internet Protocol)
Abdullah Shah
 
PPTX
Voice Quality Metrics in VoIP
Fraj Alshahibi
 
PDF
voip elements by Karan singh cypher
Karan Maker
 
PDF
Market Research India - VoIP Market in India 2009
Netscribes, Inc.
 
PPT
VoIP
amilkanthawar
 
DOC
Voip
PTCL
 
VoIP - seminar at IASRI, New Delhi
Nishikant Taksande
 
Voip
Harry Sunarsa
 
Voice Over IP Overview w/Secuirty
Christopher Duffy
 
Widyatama.lecture.applied networking.iv-week-09-voip
Djadja Sardjana
 
Kartik Powerpoit
guest0d8c40c
 
Efficient Telecommunication Infrastructure with Internet Telephony (VoIP)
Thomas Siegers
 
VOIP
Augusto Seixas
 
IMT Lecture: VOIP&IPTV MM-Biztel
Djadja Sardjana
 
IMT Lecture Ict.VOIP+IPTV.Part01.MM-Biztel 02 Nov09
gueste2f09df
 
Voip In College
Free Open Source Software Technology Lab
 
Voice over IP: Issues and Protocols
Videoguy
 
385 voice over ip
jacinthsara
 
VoIP enterprise adoption
Shubham Jaiswal
 
Gaurav kumar VOIP MMMEC
Gaurav Kumar
 
VoIP (Voice over Internet Protocol)
Abdullah Shah
 
Voice Quality Metrics in VoIP
Fraj Alshahibi
 
voip elements by Karan singh cypher
Karan Maker
 
Market Research India - VoIP Market in India 2009
Netscribes, Inc.
 
VoIP
amilkanthawar
 
Voip
PTCL
 
Ad

More from n|u - The Open Security Community (20)

PDF
Hardware security testing 101 (Null - Delhi Chapter)
n|u - The Open Security Community
 
PDF
Osint primer
n|u - The Open Security Community
 
PPTX
SSRF exploit the trust relationship
n|u - The Open Security Community
 
PPTX
Nmap basics
n|u - The Open Security Community
 
PDF
Metasploit primary
n|u - The Open Security Community
 
PDF
Api security-testing
n|u - The Open Security Community
 
PDF
Introduction to TLS 1.3
n|u - The Open Security Community
 
PDF
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
n|u - The Open Security Community
 
PDF
Talking About SSRF,CRLF
n|u - The Open Security Community
 
PPTX
Building active directory lab for red teaming
n|u - The Open Security Community
 
PPTX
Owning a company through their logs
n|u - The Open Security Community
 
PPTX
Introduction to shodan
n|u - The Open Security Community
 
PDF
Cloud security
n|u - The Open Security Community
 
PDF
Detecting persistence in windows
n|u - The Open Security Community
 
PPTX
Frida - Objection Tool Usage
n|u - The Open Security Community
 
PDF
OSQuery - Monitoring System Process
n|u - The Open Security Community
 
PDF
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
PDF
Extensible markup language attacks
n|u - The Open Security Community
 
PPTX
Linux for hackers
n|u - The Open Security Community
 
PDF
Android Pentesting
n|u - The Open Security Community
 
Hardware security testing 101 (Null - Delhi Chapter)
n|u - The Open Security Community
 
Osint primer
n|u - The Open Security Community
 
SSRF exploit the trust relationship
n|u - The Open Security Community
 
Nmap basics
n|u - The Open Security Community
 
Metasploit primary
n|u - The Open Security Community
 
Api security-testing
n|u - The Open Security Community
 
Introduction to TLS 1.3
n|u - The Open Security Community
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
n|u - The Open Security Community
 
Talking About SSRF,CRLF
n|u - The Open Security Community
 
Building active directory lab for red teaming
n|u - The Open Security Community
 
Owning a company through their logs
n|u - The Open Security Community
 
Introduction to shodan
n|u - The Open Security Community
 
Cloud security
n|u - The Open Security Community
 
Detecting persistence in windows
n|u - The Open Security Community
 
Frida - Objection Tool Usage
n|u - The Open Security Community
 
OSQuery - Monitoring System Process
n|u - The Open Security Community
 
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Extensible markup language attacks
n|u - The Open Security Community
 
Linux for hackers
n|u - The Open Security Community
 
Android Pentesting
n|u - The Open Security Community
 
Ad

Recently uploaded (20)

PPTX
Building Powerful Agentic AI with Google ADK, MCP, RAG, and Ollama.pptx
Tamanna36
 
DOCX
Lesson 1 - Nature and Inquiry of Research
marvinnbustamante1
 
PDF
Lesson 1 - Nature of Inquiry and Research.pdf
marvinnbustamante1
 
PPTX
ENG8_Q1_WEEK2_LESSON1. Presentation pptx
marawehsvinetshe
 
PPTX
Lesson 1 Cell (Structures, Functions, and Theory).pptx
marvinnbustamante1
 
PPTX
GENERAL BIOLOGY 1 - Subject Introduction
marvinnbustamante1
 
PPTX
The Gift of the Magi by O Henry-A Story of True Love, Sacrifice, and Selfless...
Beena E S
 
PPT
Indian Contract Act 1872, Business Law #MBA #BBA #BCOM
priyasinghy107
 
PDF
Android Programming - Basics of Mobile App, App tools and Android Basics
Kavitha P.V
 
PPTX
Introduction to Indian Writing in English
Trushali Dodiya
 
PDF
IMPORTANT GUIDELINES FOR M.Sc.ZOOLOGY DISSERTATION
raviralanaresh2
 
PPTX
Nitrogen rule, ring rule, mc lafferty.pptx
nbisen2001
 
PPTX
SD_GMRC5_Session 6AB_Dulog Pedagohikal at Pagtataya (1).pptx
NickeyArguelles
 
PDF
DIGESTION OF CARBOHYDRATES ,PROTEINS AND LIPIDS
raviralanaresh2
 
PPTX
How to Add a Custom Button in Odoo 18 POS Screen
Celine George
 
PDF
Indian National movement PPT by Simanchala Sarab, Covering The INC(Formation,...
Simanchala Sarab, BABed(ITEP Secondary stage) in History student at GNDU Amritsar
 
PPTX
Life and Career Skills Lesson 2.pptxProtective and Risk Factors of Late Adole...
ryangabrielcatalon40
 
PPTX
How to Create & Manage Stages in Odoo 18 Helpdesk
Celine George
 
PPTX
Different types of inheritance in odoo 18
Celine George
 
PPTX
Marketing Management PPT Unit 1 and Unit 2.pptx
Sri Ramakrishna College of Arts and science
 
Building Powerful Agentic AI with Google ADK, MCP, RAG, and Ollama.pptx
Tamanna36
 
Lesson 1 - Nature and Inquiry of Research
marvinnbustamante1
 
Lesson 1 - Nature of Inquiry and Research.pdf
marvinnbustamante1
 
ENG8_Q1_WEEK2_LESSON1. Presentation pptx
marawehsvinetshe
 
Lesson 1 Cell (Structures, Functions, and Theory).pptx
marvinnbustamante1
 
GENERAL BIOLOGY 1 - Subject Introduction
marvinnbustamante1
 
The Gift of the Magi by O Henry-A Story of True Love, Sacrifice, and Selfless...
Beena E S
 
Indian Contract Act 1872, Business Law #MBA #BBA #BCOM
priyasinghy107
 
Android Programming - Basics of Mobile App, App tools and Android Basics
Kavitha P.V
 
Introduction to Indian Writing in English
Trushali Dodiya
 
IMPORTANT GUIDELINES FOR M.Sc.ZOOLOGY DISSERTATION
raviralanaresh2
 
Nitrogen rule, ring rule, mc lafferty.pptx
nbisen2001
 
SD_GMRC5_Session 6AB_Dulog Pedagohikal at Pagtataya (1).pptx
NickeyArguelles
 
DIGESTION OF CARBOHYDRATES ,PROTEINS AND LIPIDS
raviralanaresh2
 
How to Add a Custom Button in Odoo 18 POS Screen
Celine George
 
Indian National movement PPT by Simanchala Sarab, Covering The INC(Formation,...
Simanchala Sarab, BABed(ITEP Secondary stage) in History student at GNDU Amritsar
 
Life and Career Skills Lesson 2.pptxProtective and Risk Factors of Late Adole...
ryangabrielcatalon40
 
How to Create & Manage Stages in Odoo 18 Helpdesk
Celine George
 
Different types of inheritance in odoo 18
Celine George
 
Marketing Management PPT Unit 1 and Unit 2.pptx
Sri Ramakrishna College of Arts and science
 

Introduction to VoIP Security

  • 1. An Overview of VoIP Security -Push http://null.co.in/ http://nullcon.net/
  • 2. VoIP… • Voice over IP • Transmission of “voice” over packet-switched (data)networks, • Voice analog signals are converted to digital bits – “Sampled” • Sampled bits are transmitted into Packets http://null.co.in/ http://nullcon.net/
  • 3. Analog Voice Signals 101010101010 1101101101 101010101010 Analog Voice 1101101101 Signals 101010101010 1101101101 Internet 101010101010 101010101010 1101101101 1101101101 http://null.co.in/ http://nullcon.net/
  • 4. Components Involved… • Traditional Telephone Networks, • Computer Networks, • VoIP Hardware, • Gateways • Proxy Servers • Redirect Servers • VoIP Software, • IDS – IPS - Firewalls http://null.co.in/ http://nullcon.net/
  • 5. VoIP Traffic Factors… • Latency • Jitter • Packet Loss • Speed / Bandwidth • QoS…. http://null.co.in/ http://nullcon.net/
  • 6. Protocols used… • Vendor Proprietary, • SIP • H.323 • RTSP • RTP http://null.co.in/ http://nullcon.net/
  • 7. Features SIP and H.323 H.323 SIP Multimedia support Yes No Complexity High Low Reliability Efficint failure handling Inefficint failure handling Message Encoding Supported for narrowband and broadband Supported for broadband Interoperability Yes No Load Balancing Yes No Call signalling 1 RAS message exchange 3 exchange messages Statelessness While direct calling While it is not forking Address resolution Supported not supported Addressing Flexible Only URI type addressing supported Billing Available at gatekeeper Not available Capability Negotiation Good Limited PSTN internetworking Supported not supported Services Through web browser Not through web browser Video and data conferencing Lip synchronization supported. Lip synchronization not supported. Transport protocol Reliable Unreliable Firewall/NAT support Yes No Authentication Via H.235. Via HTTP (Digest and Basic), SSL, PGP, S/MIME. DTMF Carriage Through audio stream No carriage http://null.co.in/ http://nullcon.net/
  • 8. SIP Call Flow http://null.co.in/ http://nullcon.net/
  • 9. H.323 Call Flow http://null.co.in/ http://nullcon.net/
  • 10. H.323 Call Flow http://null.co.in/ http://nullcon.net/
  • 11. Attacks Vectors • Vulnerabilities of both Data and Telephone Networks • CIA Triad http://null.co.in/ http://nullcon.net/
  • 12. Availability Threats… • SIP Bombing • Man in the Middle/Call Hijacking • Eavesdropping • RTP Insertion attacks • SIP-BYE DoS • Multiple Account Registration with the same name http://null.co.in/ http://nullcon.net/
  • 13. Integrity Threats… • Caller Identification spoofing • Proxy Impersonation • Call Redirection • UDP flooding attack • Registration Removal • Registration Addition http://null.co.in/ http://nullcon.net/
  • 14. Confidentiality Threats… • Eavesdropping of phone conversation. • Unauthorized access attack. • Default passwords. • TOLL FRAUD http://null.co.in/ http://nullcon.net/
  • 15. Standard Guidelines • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLS http://null.co.in/ http://nullcon.net/
  • 16. Thanks you. http://null.co.in/ http://nullcon.net/