Practical VoIP Security (eBook)

Cover 1
Contents 15
Chapter 1 Introduction to VoIP Security 29
The Switch Leaves the Basement 32
What Is VoIP? 34
VoIP Isn’t Just Another Data Protocol 38
Security Issues in Converged Networks 41
A New Security Model 44
Chapter 2 Asterisk Configuration and Features 51
Introduction: What Are We Trying to Accomplish? 52
What Functions Does a Typical PBX Perform? 52
Voice Mail and Asterisk PBX 77
How Is VoIP Different from Private Telephone Networks? 79
What Functionality Is Gained, Degraded, or Enhanced on VoIP Networks? 80
Chapter 3 The Hardware Infrastructure 87
Traditional PBX Systems 89
PBX Alternatives 99
VoIP Telephony and Infrastructure 100
Chapter 4 PSTN Architecture 119
PSTN: What Is It, and How Does It Work? 120
PSTN Call Flow 139
PSTN Protocol Security 142
Chapter 5 H.323 Architecture 151
The H.323 Protocol Specification 152
The Primary H.323 VoIP-Related Protocols 154
H.235 Security Mechanisms 165
Chapter 6 SIP Architecture 173
Understanding SIP 174
SIP Functions and Features 180
SIP Architecture 182
Instant Messaging and SIMPLE 200
Chapter 7 Other VoIP Communication Architectures 211
Skype 212
Skype Messaging Sequence 214
H.248 217
H.248 Messaging Sequence 221
IAX 223
IAX Messaging Sequence 223
Microsoft Live Communication Server 2005 225
Chapter 8 Support Protocols 233
DNS 234
TFTP 240
HTTP 244
SNMP 247
DHCP 250
RSVP 253
SDP 256
Skinny 259
Chapter 9 Threats to VoIP Communications Systems 267
Denial-of-Service or VoIP Service Disruption 268
Call Hijacking and Interception 276
H.323-Specific Attacks 284
SIP-Specific Attacks 285
Chapter 10 Validate Existing Security Infrastructure 291
Security Policies and Processes 293
Physical Security 305
Server Hardening 309
Supporting Services 322
Unified Network Management 327
Chapter 11 Confirm User Identity 337
802.1x and 802.11i (WPA2) 341
Minor Authentication Methods 363
Chapter 12 Active Security Monitoring 371
Network Intrusion Detection Systems 374
Host-Based Intrusion Detection Systems 383
Logging 384
Penetration and Vulnerability Testing 388
Chapter 13 Logically Segregate Network Traffic 401
VLANs 403
QoS and Traffic Shaping 408
NAT and IP Addressing 410
Firewalls 420
Access Control Lists 431
Chapter 14 IETF Encryption Solutions for VoIP 439
Suites from the IETF 440
S/MIME: Message Authentication 442
TLS: Key Exchange and Signaling Packet Security 445
SRTP: Voice/Video Packet Security 448
Chapter 15 Regulatory Compliance 459
SOX: Sarbanes-Oxley Act 462
GLBA: Gramm-Leach-Bliley Act 469
HIPAA: Health Insurance Portability and Accountability Act 479
CALEA: Communications Assistance for Law Enforcement Act 489
E911: Enhanced 911 and Related Regulations 507
EU and EU Member Sates’ eCommunications Regulations 514
Chapter 16 The IP Multimedia Subsystem: True Converged Communications 527
IMS Architecture 529
Communication Flow in IMS 533
IMS Security Architecture 534
IMS Security Issues 538
Chapter 17 Recommendations 547
Reuse Existing Security Infrastructure Wisely 550
Confirm User Identity 553
Active Security Monitoring 556
Logically Segregate VoIP from Data Traffic 558
Index 577