VoIP Security Training

Duration: 4 days

Introduction

ENO VoIP security training course is planned and designed to provide the participants with a detailed technical perspective on VoIP security and its underlying technology and protocol enablers. The course covers specifics on how to properly assess, audit and mitigate your security risks.

Common VoIP attacks will be analyzed, discussed and countermeasures provided. All technical aspects of VoIP security including threats and vulnerabilities and protection mechanisms to secure signaling and media will be covered.

VoIP Security Training

Related Courses

After completing this course, attendees will be able to:

  • Understand VoIP
  • Learn VoIP security issues
  • Identify VoIP security features
  • Understand the threats and security holes with VoIP call control protocols H.323, SIP, and MGCP
  • Identify SIP Security Features and learn how to configure and administer those features
  • Learn H.323 security issues including Port usage risk, firewall inspection, and NAT configurations
  • Examine VoIP best practices to support risk mitigation
  • Examine VoIP management tools and best practices to support risk mitigation
  • Learn how NAT and Firewalls impact call setup, media streams, latency, and application level gateway
  • Understand SIP NAT Traversal
  • Examine how to overcome NAT issues using STUN, TURN, and ICE
  • Examine cryptographic protocols, Datagram Transport Layer Security (DTLS) protocol, Secure Real-time Transport Protocol (SRTP) protocol and Session Description Protocol Security Descriptions (SDES) protocol

Overview of Voice over IP (VoIP)

  • Traditional Telephony Systems
  • VoIP network architecture
  • VoIP protocols
  • VoIP signaling, media and supporting protocols
  • RTP, RTCP, SIP, H.323, MGCP, MEGACO/H.248
  • VoIP support protocols
  • DNS, DHCP, NTP, HTTP, SNMP, and TFTP
  • VoIP proprietary protocols
  • Cisco Skinny (SCCP), IAX2, and Skype
  • VoIP media protocols
  • RTP and RTCP
  • RTP/RTCP message format
  • VoIP Security Threat Overview
  • Voice Network Designs
  • VPN (Virtual Private Networks) and VoIP
  • Types of attacks
  • Denial of Service (DOS)
  • TCP/IP insecurity
  • Eavesdropping
  • Sniffing/Snooping/Wiretapping
  • Quality of Service Issues
  • Quality of Service Implications for Security
  • Best Practices

VoIP security issues

  • VOIP Risks, Threats, and Vulnerabilities
  • Confidentiality and Privacy
  • Integrity Issues
  • Availability and Denial of Service
  • VoIP Issues with Firewalls & NAT
  • Proxy Servers
  • 323 Security Issues
  • Encryption Issues and Performance
  • Existing Security Features within the SIP Protocol
  • Authentication of Signaling Data using HTTP Digest Authentication
  • S/MIME Usage within SIP
  • Confidentiality of Media Data
  • TLS usage within SIP
  • IPSEC usage within SIP
  • Security Enhancements for SIP
  • SIP Security Issues
  • Gateway Decomposition
  • MGCP/MEGACO
  • Security Considerations
  • Overcoming NAT Issues
  • NAT/Firewall traversal
  • VoIP scenarios through protocols like STUN, TURN or ICE, or security gateways
  • Application-Layer Gateways (ALG’s)
  • Session Border Controllers (SBC’s)

Secure VoIP protocols

  • VLANs, port security controls, and 802.1x/EAP
  • SIP MD5 authentication, Secure SIP (SIPS or SIP/TLS)
  • SIP over DTLS, S/MIME
  • SIP over IPSec, and SIP identity
  • Media protocols
  • SRTP, SDES, secure call recording, and RTP over IPSec
  • Key-exchange protocols
  • MIKEY, SDescriptions, ZRTP, and DTLS-SRTP
  • Man-in-the-Middle (MitM), port scanning, and banner grabbing
  • ARP spoofing and MitM attacks
  • VoIP signaling attacks: (SIP-based)
  • VoIP Media Attacks: (RTP-based)
  • RTP eavesdropping
  • Voice conversations and DTMF tones
  • RTP recording
  • RTP manipulation
  • Replacing, inserting, and mixing audio in standard and MitM scenarios
  • Signaling plane
  • Call setup and tear down
  • Gateways and endpoints
  • Management plane

Dealing with Attacks

  • Integrity, Confidentiality, Authentication and Non-repudiation
  • Eavesdropping
  • Jamming
  • Active modification
  • Toll stealing
  • DoS/DDoS Attacks
  • Attack Mitigation
  • Unauthorized Access
  • Toll Fraud
  • DoS and DDoS
  • IP Spoofing
  • Packet Sniffers – Interception and mitigation
  • Caller Identity Spoofing
  • Repudiation
  • Application Layer Attack Mitigation
  • Secure VoIP protocols
  • DTLS, S/MIME, SIP over IPSec, and SIP identity
  • VoIP supporting infrastructure
  • VoIP-related overview, attacks and countermeasures for DNS, DHCP, TFTP, HTTP, SNMP, ARP

Firewalls, Address Translation, and Call Establishment

  • Firewalls
  • Stateful Firewalls
  • VOIP specific Firewall Needs
  • Network Address Translation
  • Firewalls, NATs, and VOIP Issues
  • Incoming Calls
  • Effects on QoS
  • Firewalls and NATs
  • Call Setup Considerations with NATs and Firewalls
  • Application Level Gateways
  • Middlebox Solutions
  • Session Border Controllers
  • Mechanisms to solve the NAT problem
  • VPN and Firewalls
  • Dynamic Port Assignment

VoIP Network Security Design

  • VoIP Security Issues
  • Sources of Attacks
  • Sources of attacks
  • Types of attacks
  • Message Integrity
  • Mitigate security threats
  • Operating System Level Security
  • Authentication
  • Operating System Security
  • Network Access Security
  • Stateful Firewalls
  • Application Security
  • Physical Security
  • Hardware Access
  • Biometrics
  • Human Engineering
  • Tools
  • Low Level Security
  • Network Access Security
  • Application Security
  • Physical Security
  • Protocol Security
  • Attack Mitigation

Overview of Cryptographic Protocols

  • Secure Sockets Layer (SSL)
  • Public keys and private keys
  • SSL Certificates
  • Protection for confidential data
  • Transport Layer Security (TLS)
  • Symmetric cryptography for privacy
  • Keyed message authentication code for message reliability
  • Cryptographic Attributes
  • HMAC and the Pseudorandom Function
  • Application Data Protocol

Encryption & IPSEC

  • IPsec
  • The Role of IPsec in VOIP
  • Local VPN Tunnels
  • Difficulties Arising from VOIPsec
  • Encryption / Decryption Latency
  • Scheduling and the Lack of QoS in the Crypto-Engine
  • Expanded Packet Size
  • IPsec and NAT Incompatibility
  • Solutions to the VOIPsec Issues
  • Encryption at the End Points
  • Secure Real Time Protocol (SRTP)
  • Key Management for SRTP – MIKEY
  • Better Scheduling Schemes
  • Compression of Packet Size
  • Resolving NAT/IPsec Incompatibilities
  • Planning for VOIP Deployment

SIP NAT Traversal

  • SIP NAT Traversal
  • One-Way Voice Results
  • Full Cone NAT
  • IP Address Restricted NAT
  • Port Restricted NAT
  • Symmetric NAT
  • Simple Traversal of UDP through NATs
  • Traversal Using Relay NAT
  • NAT with Embedded SIP Proxy

Overview of STUN (Session Traversal Utilities for NAT)

  • Session Traversal Utilities for NAT (STUN) Protocol
  • Issues of video and voice applications and NAT
  • STUN as a client-server protocol
  • RFC 3489 and RFC 5389
  • STUN Message Structure
  • FINGERPRINT Mechanism
  • Authentication and Message-Integrity Mechanisms
  • STUN Usages
  • STUN Attributes
  • STUN Security Considerations
  • Attacks against the Protocol
  • Attacks Affecting the Usage
  • Current state

Overview of TURN (Traversal Using Relay NAT)

  • Relay Extensions to Session Traversal Utilities for NAT (STUN)
  • RFC 5766
  • Simple example of what TURN does
  • Similar Techniques
  • Potential issues
  • Technical details
  • Packet format
  • Example of connection using TURN
  • Current state

Datagram Transport Layer Security (DTLS) protocol

  • Overview of DTLS
  • Loss-Insensitive Messaging
  • Providing Reliability for Handshake
  • Differences from TLS
  • The DTLS Handshake Protocol
  • Security Considerations
  • Secure Real-time Transport Protocol (SRTP) protocol
  • SRTP Framework
  • SRTP Cryptographic Contexts
  • SRTP Packet Processing
  • Secure RTCP
  • Pre-Defined Cryptographic Transforms
  • Encryption
  • AES in Counter Mode
  • AES in f8-mode
  • NULL Cipher
  • Message Authentication and Integrity
  • HMAC-SHA1
  • Key Derivation
  • Key Derivation Algorithm
  • SRTCP Key Derivation
  • AES-CM PRF
  • Default and mandatory-to-implement Transforms
  • Encryption: AES-CM and NULL
  • Message Authentication/Integrity: HMAC-SHA1
  • Key Derivation: AES-CM PRF

Session Description Protocol Security Descriptions (SDES) protocol

  • Keys in the SDP attachment of a SIP message
  • Using TLS transport layer or S/MIME
  • SDP Crypto Attribute and Parameters
  • General Use of the crypto Attribute
  • SRTP Security Descriptions
  • SRTP Key Parameter
  • Crypto-Suites
  • AES_CM_128_HMAC_SHA1_80
  • AES_CM_128_HMAC_SHA1_32
  • F8_128_HMAC_SHA1_80
  • Session Parameters
  • SRTP Crypto Context Initialization
  • SRTP-Specific Use of the Crypto Attribute

VoIP Security and Audit Policies

  • Policy Creation
  • Policy Conformance
  • Incident Handling
  • Auditing Standards and Certifications
  • Basic Auditing and Assessing Strategies
  • The Six-Step Audit Process

Your Name*

Company*

Position*

Your Email*

Phone*

Address*

Number of Participants *

Time Frame*

Subject*

Your Message*