VoIP Security COURSE TUTORIAL

     
Course Name:   VoIP Security Training: Voice Over IP Security (VoIPSEC) Training
     
Deployment Options:   Onsite - Instructor-Led Training
     
Course Duration:   3-4 days depending on audience background and options
 

Introduction:
 
Security is a concern for every company at every level. The wide adoption of VoIP and new protocol standards has introduced many new issues. For most enterprises, the adoption of VoIP is a migration path – a fact that contributes to increased complexity for the IT security personal and network administrators. VoIP introduces new systems, vendors, applications, servers, operating systems, and the like. The introduction of media gateways to handle traditional telephony converted to VoIP on the data network introduces security management challenges on the network. If not using media gateways, organizations are adopting VoIP providers that carry traffic on an IP network connection.

This course will help you understand the issues of VoIP security on all levels of the network. We will follow the OSI model to ensure that all levels are covered. We will begin by learning the technical concepts related to network security. We will then study the protocols such as SIP and H.323 on the IP network. We will conclude with a discussion of the policies and procedures that enhance VoIP security.
 
Audience:
 

Network security planning teams, network administrators, IT and telecom engineers, and IT security management. This course is also beneficial for the homeland security community and crime prevention/investigation officers.

  • Are you involved with commercial or military deployment planning for VoIP? Depending on your background and job, we can tailor the course to focus on the technical or managerial issues.
  • Are you a network engineer or administrator who would like to “fill in the holes” and catch up with the state-of-the-art of security planning? Let us know so we can focus on the areas that interest you the most.
  • Are you a VoIP network or application installer who would like to learn the security concepts and theory that underlie your craft? We can focus on the tools and techniques that will help you become more “tech savvy” on VoIP security issues.
  • Are you a manager, executive, or sales person whose work involves VoIP security systems? If so, we can emphasize those parts of the course that deal with policy management, vendor audits, and procedural security issues.
 
Prerequisites:
 
  • VoIP: Protocols, Design, and Implementation
  • State-of-the-art of VoIP Technology for Professionals, Managers, and Executive
 
Customize it:
 
This 3-4-day VoIP Security course will be customized to your needs and specifications. Eno.com will assist you in identifying those needs and specifications. A word to the wise, there are many vendors of wireless training. They will typically have a broad and general course, one size fits all, already developed and just put your organization’s name on the title slide. This minimizes their effort and time investment. At Eno.com, every course is made to your exact and exacting specifications. We help you ensure what you are getting is what you really need even if at the beginning you weren’t too sure of what that was. We fit the class to your needs. We never fit you into our “standard”, one size fits all, class.
 
Objectives:
 

Practical, Immediately Useful Benefits of Attending:

  • Detailed strategies and design guidelines to maintain QoS while ensuring IPTelephony Network Security
  • Apply proper design and integration techniques to your VoIP application deployment to mitigate risks of attack
  • Examine VoIP management tools and best practices to support risk mitigation
  • Design security solutions for multiple voice network deployments
  • Learn how NAT and Firewalls impact call setup, media streams, latency, and application level gateway
  • Examine how to overcome NAT issues using STUN, TURN, and ICE
  • Build and manage VoIP solutions over a VPN Get approved configuration techniques for securing Cisco CallManager 3.2 and 4.0
  • Identify SIP Security Features and learn how to configure and administer those features
  • Learn H.323 security issues including Port usage risk, firewall inspection, and NAT configurations
  • Understand the threats and security holes with VoIP call control protocols H.323, SIP, and MGCP
  • Detail how IPSec and RTPEncryption help secure MGCP call signaling
  • Accurately audit a VoIP network deployment to determine its security risks
  • Administer security for LAN and WAN VoIPTraffic
  • Understand the impact of CALEA on ITSPs
  • Learn about VoXMLand XMLservices and how to secure these services
 
Course Outline
 

Chapter 1: IP Telephony & Converged Network Security Issues

Although IP telephony design differs greatly with the size of enterprises, the underlying best practices remain virtually the same. For this reason the design discussions are somewhat similar. In this section, you will get an overview of the most common types of attacks in any IP network, and will focus on those attacks that significantly impact an IP Telephony network.

A. Sources of attacks

  • Internal
  • External

B. All Networks (Especially VOIP) are targets

Types of attacks

  • Denial of Service (DOS)
  • TCP/IP insecurity
  • Eavesdropping/Sniffing/Snooping/Wiretapping
  • Vomit
  • Sniffer Pro
  • Etherpeek
  • Packet Spoofing
  • Replay

Message Integrity

  • Captain Crunch
  • Phone Phreaking

Managing VOIP Networks helps mitigate security threats

  • Management Tools
  • Best Practices
  • Establishing Identity is Important
  • Rogue Devices are major security risks

Secure and Monitor All Voice Servers

  • Logical Separation is important
  • The key to controlling Voice Security is Data Segmentation

IP Telephony Devices are Insecure

  • IP Phones
  • Call Manager
  • Unity
  • Gateways
  • Routers
  • Switches
  • Applications

PC-based phones are especially insecure

  • PC-based phones require open access to both data and voice networks
  • They provide data network access

Module 2: VoIP Network Security Design Considerations

Security architecture for IP Telephony network must prevent most attacks from successfully affecting valuable network resources. The attacks that succeed in penetrating the first line of defense, or originate from inside the network, must be accurately detected and quickly contained to minimize their effect on the rest of the network. However, in being secure, the network must continue to provide critical services that users expect, especially phone services. Proper network security and good network functionality can be provided at the same time. This section focuses on best practices and design guidelines to maintain QoS while ensuring IP Telephony network security.

  • Small Voice Network Designs
  • Medium Voice Network Designs
  • Large Voice Network Designs
  • Service Provider Voice Network Designs
  • VPN (Virtual Private Networks) and VoIP
  • VON (Voice over network) or Internet voice over IP
  • Example Designs

Module 3: IP Telephony Operating System Level Security

In this module, you will explore the specific issues with the applications that drive IP Telephony networks and the proper designs to mitigate the effects of attacks. We will discuss basic but important security configurations to handle issues such as time stamping, AAA, and anti-replay configurations.

A. Authentication

B. Operating System Security

  • Windows 2000 Server
  • DNS
  • Active Directory
  • IIS
  • DHCP
  • Secure Telnet
  • SNMP
  • Terminal Services
  • Suggested services
  • Suggested Security Practices

2. HIDS OKENA

  • Console (Stormwatch)
  • Agent (Stormfront)
  • Configuration Examples for Call Manager, Unity, & Application Servers

3. Virus Protection

  • McAffee
  • Symantec
  • Example configurations

4. MS SQL

  • SQL 7
  • SQL 2000
  • Example configurations

5. MS Exchange

  • Exchange 5.5
  • Exchange 2000
  • Recommended configurations
  • Summary

Module 4: Network Access Security

In this module you will review Network Access including Firewalls and Packet filters and review configurations of these services with VoIP. The emphasis in this section will be on how Network Access security impacts QoS in VoIP and what your trade-offs are with regard to service and performance against security.

A. Stateful Firewalls

  • VoIP Requirements
  • Soft Phones
  • Unified Messaging
  • Proxy Servers
  • Signaling vs. Payload

B. NAT

  • Full Cone NAT
  • Restricted Cone NAT
  • Port Restricted Cone
  • Symmetric NAT

C. Issues with Firewalls & NAT

  • Dynamic Port Assignment

D. VoIP Issues with Firewalls & NAT

  • Call Setup
  • Media Stream
  • Latency
  • Application Level Gateways

E. Proxy Servers

  • Placement of Proxy Servers

F. Overcoming NAT Issues

  • STUN
  • TURN
  • ICE

G. VPN - advantages and disadvantages

Module 5: IP Telephony Application Security

The objective of this module is to provide you with information on potential attacks that may be waged against Call Manager, Unity, and many of the other application servers that can be integrated with Call Manager. You will also see examples of approved configuration techniques and third party applications used in securing Cisco Call Manager version 3.2.

A. Call Manager and other Vendor IP PBX Security

  • User Security (Identity Spoofing)
  • Physical Security
  • Access Security (Administrative Access)
  • Toll Fraud (Phone Phreaking)
  • Route Patterns
  • PSTN Trunk Considerations
  • CDR reporting
  • CDR reporting tool
  • Avotus
  • Example Configurations

B. Unity and other Messaging and Collaboration Security

  • User Security (Identity Spoofing)
  • Physical Security
  • Access Security (Administrative Access)
  • Toll Fraud (Phone Phreaking)
  • Example Configurations

C. XML Services and Security

  • XML overview
  • Types of services

Chapter 6: Physical Security

This module deals with general hardware access security-related issues, objectives, and examples.

  • Hardware Access
  • Biometrics
  • Human Engineering
  • Example installations
  • Summary

Chapter 7: Protocol Security

This module's objective is to give the user a better look into the protocols that are common in an IP Telephony network. Special care will be given to each protocol’s security-related issues and appropriate configurations to reduce risks.

A. H.323

  • Architecture
  • Gatekeeper
  • Gateways
  • MCU
  • Endpoints
  • Operation (Diagram a VoIP call using H.323)
  • Protocols
  • H.225
  • H.245
  • RAS
  • Q.931
  • RTP & SRTP
  • H.235
  • H.235 v2
  • H.235 v2 Annex D
  • H.235 v2 Annex E
  • H.235 v2 Annex F
  • H.235 v3
  • H.235 v3 Annex G
  • MIKEY
  • Security Issues & Risk Mitigation
  • Port Usage
  • Firewall Considerations
  • NAT Considerations

B. SIP

  • Architecture
  • Proxy Server
  • Redirect Server
  • Location Server
  • Registrar
  • Endpoints
  • Operation (Diagram a VoIP call using SIP)
  • SIP Security Features
  • HTTP Digest Authentication
  • MIME & SMIME
  • Confidentiality
  • RTP & SRTP
  • SDP
  • TLS
  • IPSec
  • SIP Authenticated Identity Body
  • SIP Authenticated Identity Management
  • Security Issues & Risk Mitigation
  • Text Encoding
  • Firewall Considerations
  • NAT Considerations

C. MGCP, Megaco/H.248

  • Architecture
  • Call Agent
  • Gateways
  • Endpoints
  • Operation (Diagram a VoIP call using each protocol)
  • Similarities & Differences
  • Security Issues
  • IPSec
  • RTP Encryption

Module 8: Attack Mitigation

This module covers common attacks in any data network and some of the tools Hackers will use to exploit the IP Telephony network.

  • Unauthorized Access
  • Toll Fraud
  • Denial of Service
  • IP Spoofing
  • Packet Sniffers - Interception and mitigation
  • Virus and Trojan-horse applications
  • Caller Identity Spoofing
  • Repudiation
  • Application Layer Attack Mitigation
  • Summary

Please call or e-mail to schedule a no-obligation conference call to help us understand your audience background and training objectives.

 
Related Courses:
 
 
 

For organizational purchases, please send us a message at salesinfo@eno.com or complete and submit this form .

 
Other Expertise:
 
 

Copyright E and A Information Services. All Rights Reserved.
Home About ENO.Com Clients Site Map-GSM Network Architecture, Operation, and Design Training Press Room Contact Us at 1-888-742-3214 CustomerService Search Consulting - VoIP Security Training classes Onsite Training - VoIP Security courses Course Catalog - VoIP Security training Tutorial Outlines Partners Resources Products and Services Solution by Industry Request Information Shopping Center Customer Service About Eno.Com Careers at ENO.com Legal Notices Privacy Policy