IP Communications, Secure – By Design
-
Upload
mirielle-perrin -
Category
Documents
-
view
25 -
download
0
description
Transcript of IP Communications, Secure – By Design
January 23-26, 2007• Ft. Lauderdale, Florida
IP Communications,Secure – By Design
Roger W. Farnsworth
January 23-26, 2007• Ft. Lauderdale, Florida
A Bit of Hyperbole?
January 23-26, 2007• Ft. Lauderdale, Florida
The IP Conundrum
• The same IP technology that enables IP Communications solutions to:
– Boost productivity– Increase mobility– Enhance flexibility
Also creates additional MANAGEABLE security challenges
• These new challenges exist whether the IP upgrade is incremental or total
January 23-26, 2007• Ft. Lauderdale, Florida
The Challenge of Securing IP Voice
• The threats are familiar to both voice and data professionals:
– Eavesdropping– Impersonation– Toll fraud– Denial of service
• Both “phreakers” and “hackers” are lurking
• The protection of both voice and data communication is critical to the business
55
January 23-26, 2007• Ft. Lauderdale, Florida
Reality Check
After
Before
January 23-26, 2007• Ft. Lauderdale, Florida
Evaluate the Threats Objectively
• Understand the costs of security incidents:
– Measurable: fraud, downtime, man-hours, physical destruction, intellectual property, lawsuits
– Non-measurable: reputation, customer privacy, medical information, loss of life
• Assign risk and quantify the costs
• Determine appropriate levels of protection
January 23-26, 2007• Ft. Lauderdale, Florida
The Paradigm Must Change: A Network-Based Systems Approach
• An automated security system is required to address unknown (or “Day Zero”) threats
• Security must be applied at multiple layers of the system to address sophisticated blended threats and defend against multiple avenues of attack
• All elements of the security system must be integrated to initiate a coordinated response
January 23-26, 2007• Ft. Lauderdale, Florida
Protect All Levels of IP Communications
INFRASTRUCTUREINFRASTRUCTURE
ENDPOINTSENDPOINTS
CALL CONTROLCALL CONTROL
APPLICATIONSAPPLICATIONS
IP C
OM
MU
NIC
AT
ION
S S
YS
TE
MIP
CO
MM
UN
ICA
TIO
NS
SY
ST
EM
TRANSPORT
Secure, Reliable Communications that Connects All of the Other Components
VALUE-ADDED COMPONENTS
Messaging, Customer Care, and Other Application Software
SYSTEM CONFIG AND OPERATION
Infrastructure and Protocols for Call Management and Operation
IP Phones, Video Terminals, and Other Delivery Devices
USER INTERFACES
January 23-26, 2007• Ft. Lauderdale, Florida
Security Preparation -Only as Strong as the Weakest Link
A measured approach to securing the entire network is critical
XXXInfrastructure
XXXCall Control
XXXEndpoints
XXXApplications
CONTROLPROTECTIONPRIVACY
January 23-26, 2007• Ft. Lauderdale, Florida
IntranetInternet
Secure IP CommunicationsSystems Approach in Action
InfrastructureVLAN segmentationLayer 2 protectionFirewall / IDSQoS and thresholdsSecure VPNWireless security Gateway SRTP
Call ManagementHardened Windows OSDigital certificatesSigned software imagesTLS signalingIntegrated CSASSL enabled directory
ApplicationsSecure voice messagingLDAP Multi-level adminToll fraud protectionhttps managementHardened platformsh.323 and SIP signaling
EndpointsDigital certificatesAuthenticated phonesGARP protectionTLS protected signalingSRTP media encryptionCentralized management
SiSiSiSi
January 23-26, 2007• Ft. Lauderdale, Florida
Standards Bodies in Action
Identity
Media authorization
Keying protocols
Firewall transit
Identity
Media authorization
Keying protocols
Firewall transit
H.235 framework
Signaling protection
Protocol streams
H.235 framework
Signaling protection
Protocol streams
IETFIETF ITUITU SIP ForumSIP Forum
SIPit
Security interoperability
SIP over TLS
Interconnection
SIPit
Security interoperability
SIP over TLS
Interconnection
January 23-26, 2007• Ft. Lauderdale, Florida
There is Nothing to Fear Except Fear Itself
• IP Communications solutions can be as secure, or more secure, than traditional PBX systems
– Security remains a top issue of IP Communications customers
– A comprehensive, systems approach is best– The industry is committed to delivering the most
secure, reliable solutions possible– The future holds great promise for new
applications
January 23-26, 2007• Ft. Lauderdale, Florida
More Information
• www.nist.gov • www.cert.org • Your vendor or partner