ebook img

Understanding Voice over IP Security (Artech House Telecommunications Library) PDF

286 Pages·2006·3.42 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Understanding Voice over IP Security (Artech House Telecommunications Library)

Understanding Voice over IP Security For a complete listing of recent titles in theArtech House Telecommunications Library, turn to the back of this book. Understanding Voice over IP Security Alan B. Johnston David M. Piscitello artechhouse.com Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the U.S. Library of Congress. British Library Cataloguing in Publication Data Johnston, Alan B. Understanding Voice over IP security. —(Artech House telecommunications library) 1. Internet telephony—Security measures I. Title II. Piscitello, David M. 005.8 ISBN-10: 1-59693-050-0 Cover design by Igor Valdman © 2006 ARTECH HOUSE, INC. 685 Canton Street Norwood, MA 02062 Allrightsreserved.PrintedandboundintheUnitedStatesofAmerica.Nopartofthisbookmay bereproducedorutilizedinanyformorbyanymeans,electronicormechanical,includingpho- tocopying,recording,orbyanyinformationstorageandretrievalsystem,withoutpermissionin writing from the publisher. Alltermsmentionedinthisbookthatareknowntobetrademarksorservicemarkshavebeen appropriatelycapitalized.ArtechHousecannotattesttotheaccuracyofthisinformation.Useof aterminthisbookshouldnotberegardedasaffectingthevalidityofanytrademarkorservice mark. International Standard Book Number: 1-59693-050-0 10 9 8 7 6 5 4 3 2 1 Contents Foreword xiii Acknowledgments xvii 1 Introduction 1 1.1 VoIP: A Green Field for Attackers 2 1.2 Why VoIP Security Is Important 3 1.3 The Audience for This Book 4 1.4 Organization 4 2 Basic Security Concepts: Cryptography 7 2.1 Introduction 7 2.2 Cryptography Fundamentals 7 2.2.1 SecretKey(Symmetric)Cryptography 10 2.2.2 Asymmetric(PublicKey)Cryptography 12 2.2.3 IntegrityProtection 13 2.2.4 AuthenticatedandSecureKeyExchange 17 2.3 Digital Certificates and Public Key Infrastructures 20 2.3.1 CertificateAssertions 22 2.3.2 CertificateAuthorities 24 References 27 v vi Understanding Voice over IP Security 3 VoIP Systems 29 3.1 Introduction 29 3.1.2 VoIPArchitectures 29 3.2 Components 31 3.3 Protocols 32 3.3.1 SessionInitiationProtocol 32 3.3.2 SessionDescriptionProtocol 39 3.3.3 H.323 42 3.3.4 MediaGatewayControlProtocols 44 3.3.5 RealTimeTransportProtocol 46 3.3.6 ProprietaryProtocols 46 3.4 Security Analysis of SIP 48 References 49 4 Internet Threats and Attacks 51 4.1 Introduction 51 4.2 Attack Types 51 4.2.1 DenialofService(DoS) 51 4.2.2 Man-in-the-Middle 56 4.2.3 ReplayandCut-and-PasteAttacks 57 4.2.4 TheftofService 58 4.2.5 Eavesdropping 59 4.2.6 Impersonation 60 4.2.7 PoisoningAttacks(DNSandARP) 60 4.2.8 CredentialandIdentityTheft 61 4.2.9 Redirection/Hijacking 62 4.2.10 SessionDisruption 63 4.3 Attack Methods 64 4.3.1 PortScans 64 4.3.2 MaliciousCode 65 4.3.3 BufferOverflow 67 4.3.5 PasswordTheft/Guessing 69 4.3.6 Tunneling 69 Contents vii 4.3.7 BidDown 69 4.4 Summary 70 References 70 5 Internet Security Architectures 73 5.1 Introduction 73 5.1.1 OriginsofInternetSecurityTerminology 73 5.1.2 CastleBuildingintheVirtualWorld 74 5.2 Security Policy 75 5.3 Risk, Threat, and Vulnerability Assessment 77 5.4 Implementing Security 79 5.5 Authentication 80 5.6 Authorization (Access Control) 82 5.7 Auditing 82 5.8 Monitoring and Logging 84 5.9 Policy Enforcement: Perimeter Security 85 5.9.1 Firewalls 86 5.9.2 SessionBorderController 90 5.9.3 FirewallsandVoIP 92 5.10 Network Address Translation 93 5.11 Intrusion Detection and Prevention 95 5.12 Honeypots and Honeynets 97 5.13 Conclusions 97 References 98 6 Security Protocols 101 6.1 Introduction 101 6.2 IP Security (IPSec) 103 6.2.1 InternetKeyExchange 105 6.3 Transport Layer Security (TLS) 107 viii Understanding Voice over IP Security 6.4 Datagram Transport Layer Security (DTLS) 111 6.5 Secure Shell (SecSH, SSH) 112 6.6 Pretty Good Privacy (PGP) 115 6.7 DNS Security (DNSSEC) 116 References 119 7 General Client and Server Security Principles 121 7.1 Introduction 121 7.2 Physical Security 122 7.3 System Security 122 7.3.1 ServerSecurity 122 7.3.2 ClientOSSecurity 124 7.4 LAN Security 126 7.4.1 Policy-BasedNetworkAdmission 127 7.4.2 EndpointControl 128 7.4.3 LANSegmentationStrategies 129 7.4.4 LANSegmentationandDefenseinDepth 130 7.5 Secure Administration 131 7.6 Real-Time Monitoring of VoIP Activity 132 7.7 Federation Security 132 7.8 Summary 132 References 133 8 Authentication 135 8.1 Introduction 135 8.2 Port-Based Network Access Control (IEEE 802.1x) 137 8.3 Remote Authentication Dial-In User Service 140 8.4 Conclusions 143 References 143 Contents ix 9 Signaling Security 145 9.1 Introduction 145 9.2 SIP Signaling Security 146 9.2.1 BasicAuthentication 146 9.2.2 DigestAuthentication 147 9.2.3 PrettyGoodPrivacy 152 9.2.4 S/MIME 153 9.2.5 TransportLayerSecurity 155 9.2.6 SecureSIP 159 9.3 H.323 Signaling Security with H.235 160 References 161 10 Media Security 163 10.1 Introduction 163 10.2 Secure RTP 164 10.3 Media Encryption Keying 168 10.3.1 PresharedKeys 168 10.3.2 PublicKeyEncryption 169 10.3.3 AuthenticatedKeyManagementandExchange 170 10.4 Security Descriptions in SDP 172 10.5 Multimedia Internet Keying (MIKEY) 173 10.5.1 GenerationofMIKEYMessagebyInitiator 177 10.5.2 ResponderProcessingofaMIKEYMessage 183 10.6 Failure and Fallback Scenarios 186 10.7 Alternative Key Management Protocol—ZRTP 188 10.8 Future Work 190 References 190 11 Identity 193 11.1 Introduction 193 11.2 Names, Addresses, Numbers, and Communication 193

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.