SMB Communications

Is VoIP Secure?

1 - 20

Introduction | Is VoIP Secure?

Jonathan Greenwood

Managing Director snom UK Ltd

Product Manager – snom ONE

Jonathan Greenwood | Is VoIP Secure?

Re-name this

presentation to…

Is your house secure?

Leave the door unlocked

Leave the window open

Leave the key under the mat

Introduction | Is VoIP Secure?

What happens?

You will be attacked

There is no difference!

We all have email

User Name

Password

Door, Key

User Name

Password

990@my-sip-domain.com

Is VoIP different?

Is VoIP Secure?

Yes and No

No if you

• Leave your front door open• Leave your windows open• Tell the world your alarm code• Allow the world to guess your alarm code

There is no difference!

Deploy secure VoIP Systems!

Basic IT Security

SMB – Can I do it?

SMB – Is it easy?

Very Easy

SMB – What do you need?

• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivity• Security between System and Phones

• Create a basic security guide• Employ a trained reseller

What are we trying to protect

with VoIP?

Traditional telecoms are closed

IP Telephone Systems

Run on networks

Eavesdropping• Internal

• High risk• Listen to Management calls?

Eavesdropping• External

• Harder to do• Still possible• Man in Middle

Denial of Service (DOS)• System Attack• Flooded by hackers• Chaos OR Fraud• Can your system handle it?

Toll Fraud• Breached system• High phone bills• Who pays• Who is responsible?

Lost Voicemail + CDRs• Stolen voicemail• Company exposure• Should CDRs be available?• Who called who?

Keep everyone happy• Internal users• Home users• Road warriors• Remote offices• Accountant• Business Owner

Who cares?• IT Managers secure networks• Can IT administrators listen• VoIP – Lack of security makes great

news• Don’t allow an employee tap calls• You should care!

Back to

• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivty• Security between System and Phones

IP Phone system must be able do• TLS• SRTP• HTTPS• DOS Prevention• Intrusion Prevention

• Access Lists

TLS• Transport Layer Security• Encrypts SIP packets• Similar to HTTPS• Hides IP addresses, ports• Protects the signalling

SRTP• Secure Voice (RTP)• Encrypts media• If captured you hear white noise

HTTPS• Secures the web traffic• Prevents Password loss• Man in the middle grabbing data• Would you do online banking without

DOS• Can take your entire system down• Can your IP Telephone system continue

when under attack?

Intrusion Prevention• Blocks IP Addresses (Blacklist)• Allows IP Addresses (Whitelists)• No use of CPU• No processing• Bins rogue SIP packets

Yes we do IPv6

Intruder Alert! Automatic Email Notification

From: thepbx@yourcompany.comSent: Sunday, January 09, 2011 8:57 PMTo: admin@mycompany.com.comSubject: SIP BlacklistBody: Address 69.61.210.157 has been blacklisted. The IP address 69.96.218.157 has been blacklisted for 1440 minutes because there were 10 unsuccessful authentication attempts (sip).

Intruder Alert! Automatic Email Notification

From: thepbx@yourcompany.comSent: Sunday, January 09, 2011 8:57 PMTo: admin@mycompany.com.comSubject: HTTP BlacklistBody: Address 69.61.210.157 has been blacklisted. The IP address 69.96.218.157 has been blacklisted for 1440 minutes because there were 10 unsuccessful authentication attempts (http).

Secure Phone System| snom ONE plus

snom ONE plus

• This one has all those features – and more

IP Phones must be able to do

• TLS• SRTP• HTTPS• Secure or lock down the web interface• Secure provisioning

snom 300 snom 320

snom 370

Jonathan Greenwood | Is VoIP Secure?snom 821 snom 870

snom M9(DECT)

Meeting Point

SIP trunks must

• Connect via TLS• Media capable of SRTP• HTTPS for provisioning• Or VPN (more overhead)• Or Private network

snom ONE plus

• Offers Secure SIP Trunk connectivity

SIP trunks to PSTN

• Connect via TLS• Media capable of SRTP• Internal Network only• Private network to PSTN

Internally Secure – Private communication

snom ONE plus

• Offers Secure SIP Trunk connectivity

Carrier Grade SIP Exchange Platform

• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivity• Security between System and

Phones • Create a basic security guide• Employ a trained reseller

IP Phones must communicate with a Secure Telephone System

• TLS• SRTP• HTTPS• Certificates

IP Phones must communicate with a Secure Telephone System

• Install Certificates• IP Phone• IP Telephone System

Security - Not an after thought!

Auto Provision IP Phones

• Install Certificates• Telephone System Provisions the

phone• Strong passwords• HTTPS

• Lock Registration to • Phones MAC address• HTTPS Username and Password• Trusted IP Address

• Lock Registration to

This is easy - Passwords• Secure, strong passwords• Change them every month• Force secure passwords

This is easy - Passwords• Monitor passwords• Weak password

This is easy – Template Deployments• Change template deployments• Hackers target template deployments• Known passwords• Easy target

This is easy – Simple Policy• Different passwords for

• Web Interface• SIP Passwords• PIN Numbers

This is easy – Limit Dial Plans• Block numbers• Add a Pin Number

This is easy – Back up

Which Reseller?• Look for Certified Reseller Partners• Look for Manufacturer Partner Programs• Look on a Manufacturer’s website• Contact the Manufacturer – ask who?

snom Channel Partner Program• Designed for resellers• Aimed at resellers of VoIP

snom Channel Website• Aimed to support resellers• Sales and Product advice• Make resellers feel wanted• Makes for a good working relationship• Give the customer some comfort• http://www.snomchannel.co.uk

snom Certified Engineers (SCE)• Certified Resellers• Not just Technical• Sales and Support Trained• Marketing Support

What happens when it goes wrong?

Disaster can strike• A customer on an insecure PBX• Not ours • 8000 calls from midnight until 7am• Credit limit stopped at £400.00• SIP trunking provider is the good guy

Disaster can strike• If that was the PSTN –

• Next months bill• 1+ months to find out• Big bills• Who is responsible?

Disaster can strike• Who is responsible?

• Carriers• Poor installation• Poor password policy• Poor management

Don’t do this

Instead - Do do this

Employ • snom Certified Reseller• Trained on Sales and Support• Security aware• Backed by the Manufacturer

Deploy

Are you a Reseller?• snom Certified Engineer (SCE)?

• Join today • Receive training• Sales, Marketing and support• Priority support

• Sales• Deployment

Are you a Customer?• Look at our products

• Security is always first• 16 years in VoIP - SIP• Worldwide supply• Local UK office• We are here to help

Visit our stand – find out more

Stand 717

Thank you

Any Questions?

SMB Communications - is VoIP secure?

Transcript of SMB Communications - is VoIP secure?

SMB Communications - is VoIP secure?

Technology

Transcript of SMB Communications - is VoIP secure?

How to Secure Voip

Secure your Voice over IP (VoIP)

grandstream voip brochure january 2015 · IP PBX Appliances Multimedia IP Phones Enterprise/SMB IP Phones Analog Telephone Adapters Analog VoIP Gateways DECT IP Phones VoIP. Inteligy

snom Secure VoIP: Call establishment and media protection

Featuring Collocated Events - TMCnet · Deploying Enterprise-class VoIP with SMB Resources Wireless Backhaul Strategies Unified Customer Communications – Beyond UC TMC U Certification

Secure communications | Reference€¦ · High-availability, secure IP backbone VoIP Virtual control center VoIP VoIP VoIP VoIP part 2 Virtual control center part 1. airspace. The

SMB VOIP. SMB VOIP – RTX8630 2 SMB VOIP Other Wireless Enterprise PBX.

Voice, Video and Graphics: An Exploration of Tools that Will Influence SMB Adoption of VoIP and Other IP Enabled Devices Ravi Kodavarti SMB and Unified.

Vol. III Configuration Guide for Secure VoIP Systems ...€¦ · Network Infrastructure ... designing and implementing secure IP telephony ... VoIP Security Best Practice Vol. III

Deployment of Secure VoIP Networks Over Zone Cabling ... · communications network is driving the development of seamless, cost-effective infrastructure solutions. A VoIP network

Secure Communications on VoIP Networks - Media5 …€¦ · Secure Communications on VoIP Networks ... and TR069 can be used over the TLS connection. ... of the CPE device remains

VoIP for air traffic control: R&S®VCS-4G for remote tower …€¦ · Secure Communications Application Card | 01.00 VoIP for air traffic control VoIP for air traffic control Your

Secure Remote Access Series for SMB - goconnect.nl (SRA) Series for SMB is one of the ... threats from traffic tunneled over SSL ... using the Dell SonicWALL Analyzer reporting tool.

snom Secure VoIP: Call establishment and media protection · – snom phones guarantee Secure VoIP environment VoIPon sales@voipon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299

Secure Convergence - Recursos VoIP - Voz sobre IP ... · Secure Convergence VoIP Security Guidelines with Lucent AES Page 1 of 36 • Technical Brief Abstract Enterasys recognizes

Myth: VoIP is not secure

VoIP Gateway SeriesVoIP Gateway Series FXO VoIP Gateways for SMB (4~8 Port) Product AP1002 AP1005 AP1100 y( ) Model Type VoIP A 4 FXS, 4 FXO S X F B8 O X F C8 VoIP Ports 2-Port FXS

Configuration Guide Secure Voip Implementation for Remote ...

IP PBX • VoIP • PSTN • Secure Networking • File Server ... · • Firewall with built-in VPN access services • Secure Wireless networking • Use both VoIP and regular phone

VoIP Security: How Secure is Your IP Phone?