SMB Communications - is VoIP secure?
-
Upload
unified-communications-online -
Category
Technology
-
view
485 -
download
0
Transcript of SMB Communications - is VoIP secure?
SMB Communications
Is VoIP Secure?
1 - 20
Introduction | Is VoIP Secure?
Jonathan Greenwood
Managing Director snom UK Ltd
&
Product Manager – snom ONE
Jonathan Greenwood | Is VoIP Secure?
Re-name this
presentation to…
Jonathan Greenwood | Is VoIP Secure?
Is your house secure?
Jonathan Greenwood | Is VoIP Secure?
Leave the door unlocked
Jonathan Greenwood | Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
Leave the window open
Jonathan Greenwood | Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
Leave the key under the mat
Introduction | Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
What happens?
Jonathan Greenwood | Is VoIP Secure?
What happens?
You will be attacked
Jonathan Greenwood | Is VoIP Secure?
There is no difference!
Jonathan Greenwood | Is VoIP Secure?
We all have email
Jonathan Greenwood | Is VoIP Secure?
User Name
and
Password
Jonathan Greenwood | Is VoIP Secure?
OR
Jonathan Greenwood | Is VoIP Secure?
Door, Key
and
Alarm
Jonathan Greenwood | Is VoIP Secure?
User Name
and
Password
Jonathan Greenwood | Is VoIP Secure?
Is VoIP different?
Jonathan Greenwood | Is VoIP Secure?
NO!
Jonathan Greenwood | Is VoIP Secure?
Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
Yes and No
Jonathan Greenwood | Is VoIP Secure?
No if you
• Leave your front door open• Leave your windows open• Tell the world your alarm code• Allow the world to guess your alarm code
Jonathan Greenwood | Is VoIP Secure?
There is no difference!
Jonathan Greenwood | Is VoIP Secure?
Deploy secure VoIP Systems!
Jonathan Greenwood | Is VoIP Secure?
Deploy secure VoIP Systems!
Basic IT Security
Jonathan Greenwood | Is VoIP Secure?
SMB – Can I do it?
Jonathan Greenwood | Is VoIP Secure?
Yes
Jonathan Greenwood | Is VoIP Secure?
SMB – Is it easy?
Jonathan Greenwood | Is VoIP Secure?
Very Easy
Jonathan Greenwood | Is VoIP Secure?
SMB – What do you need?
Jonathan Greenwood | Is VoIP Secure?
• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivity• Security between System and Phones
• Create a basic security guide• Employ a trained reseller
Jonathan Greenwood | Is VoIP Secure?
What are we trying to protect
with VoIP?
Traditional telecoms are closed
Jonathan Greenwood | Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
IP Telephone Systems
Jonathan Greenwood | Is VoIP Secure?
IP Telephone Systems
Run on networks
Jonathan Greenwood | Is VoIP Secure?
Eavesdropping• Internal
• High risk• Listen to Management calls?
Jonathan Greenwood | Is VoIP Secure?
Eavesdropping• External
• Harder to do• Still possible• Man in Middle
Jonathan Greenwood | Is VoIP Secure?
Denial of Service (DOS)• System Attack• Flooded by hackers• Chaos OR Fraud• Can your system handle it?
Jonathan Greenwood | Is VoIP Secure?
Toll Fraud• Breached system• High phone bills• Who pays• Who is responsible?
Jonathan Greenwood | Is VoIP Secure?
Lost Voicemail + CDRs• Stolen voicemail• Company exposure• Should CDRs be available?• Who called who?
Jonathan Greenwood | Is VoIP Secure?
Keep everyone happy• Internal users• Home users• Road warriors• Remote offices• Accountant• Business Owner
Jonathan Greenwood | Is VoIP Secure?
Who cares?• IT Managers secure networks• Can IT administrators listen• VoIP – Lack of security makes great
news• Don’t allow an employee tap calls• You should care!
Jonathan Greenwood | Is VoIP Secure?
Back to
Jonathan Greenwood | Is VoIP Secure?
• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivity• Security between System and Phones
• Create a basic security guide• Employ a trained reseller
Jonathan Greenwood | Is VoIP Secure?
• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivty• Security between System and Phones
• Create a basic security guide• Employ a trained reseller
Jonathan Greenwood | Is VoIP Secure?
IP Phone system must be able do• TLS• SRTP• HTTPS• DOS Prevention• Intrusion Prevention
• Access Lists
Jonathan Greenwood | Is VoIP Secure?
TLS• Transport Layer Security• Encrypts SIP packets• Similar to HTTPS• Hides IP addresses, ports• Protects the signalling
Jonathan Greenwood | Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
SRTP• Secure Voice (RTP)• Encrypts media• If captured you hear white noise
Jonathan Greenwood | Is VoIP Secure?
HTTPS• Secures the web traffic• Prevents Password loss• Man in the middle grabbing data• Would you do online banking without
Jonathan Greenwood | Is VoIP Secure?
DOS
Jonathan Greenwood | Is VoIP Secure?
DOS• Can take your entire system down• Can your IP Telephone system continue
when under attack?
Jonathan Greenwood | Is VoIP Secure?
Intrusion Prevention• Blocks IP Addresses (Blacklist)• Allows IP Addresses (Whitelists)• No use of CPU• No processing• Bins rogue SIP packets
Jonathan Greenwood | Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
Yes we do IPv6
Jonathan Greenwood | Is VoIP Secure?
Intruder Alert! Automatic Email Notification
From: [email protected]: Sunday, January 09, 2011 8:57 PMTo: [email protected]: SIP BlacklistBody: Address 69.61.210.157 has been blacklisted. The IP address 69.96.218.157 has been blacklisted for 1440 minutes because there were 10 unsuccessful authentication attempts (sip).
Jonathan Greenwood | Is VoIP Secure?
Intruder Alert! Automatic Email Notification
From: [email protected]: Sunday, January 09, 2011 8:57 PMTo: [email protected]: HTTP BlacklistBody: Address 69.61.210.157 has been blacklisted. The IP address 69.96.218.157 has been blacklisted for 1440 minutes because there were 10 unsuccessful authentication attempts (http).
Secure Phone System| snom ONE plus
snom ONE plus
• This one has all those features – and more
Jonathan Greenwood | Is VoIP Secure?
• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivity• Security between System and Phones
• Create a basic security guide• Employ a trained reseller
Jonathan Greenwood | Is VoIP Secure?
IP Phones must be able to do
• TLS• SRTP• HTTPS• Secure or lock down the web interface• Secure provisioning
Jonathan Greenwood | Is VoIP Secure?
snom 300 snom 320
snom 370
YES!
Jonathan Greenwood | Is VoIP Secure?snom 821 snom 870
snom M9(DECT)
Meeting Point
YES!
Jonathan Greenwood | Is VoIP Secure?
• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivity• Security between System and Phones
• Create a basic security guide• Employ a trained reseller
Jonathan Greenwood | Is VoIP Secure?
SIP trunks must
• Connect via TLS• Media capable of SRTP• HTTPS for provisioning• Or VPN (more overhead)• Or Private network
Secure Phone System| snom ONE plus
snom ONE plus
• Offers Secure SIP Trunk connectivity
Jonathan Greenwood | Is VoIP Secure?
SIP trunks to PSTN
• Connect via TLS• Media capable of SRTP• Internal Network only• Private network to PSTN
Secure Phone System| snom ONE plus
Internally Secure – Private communication
snom ONE plus
• Offers Secure SIP Trunk connectivity
Jonathan Greenwood | Is VoIP Secure?
Carrier Grade SIP Exchange Platform
Jonathan Greenwood | Is VoIP Secure?
• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivity• Security between System and
Phones • Create a basic security guide• Employ a trained reseller
Jonathan Greenwood | Is VoIP Secure?
IP Phones must communicate with a Secure Telephone System
• TLS• SRTP• HTTPS• Certificates
Jonathan Greenwood | Is VoIP Secure?
IP Phones must communicate with a Secure Telephone System
• Install Certificates• IP Phone• IP Telephone System
Jonathan Greenwood | Is VoIP Secure?
Security - Not an after thought!
Jonathan Greenwood | Is VoIP Secure?
Auto Provision IP Phones
• Install Certificates• Telephone System Provisions the
phone• Strong passwords• HTTPS
Jonathan Greenwood | Is VoIP Secure?
Auto Provision IP Phones
• Lock Registration to • Phones MAC address• HTTPS Username and Password• Trusted IP Address
Jonathan Greenwood | Is VoIP Secure?
Auto Provision IP Phones
• Lock Registration to
Jonathan Greenwood | Is VoIP Secure?
• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivity• Security between System and Phones
• Create a basic security guide• Employ a trained reseller
Jonathan Greenwood | Is VoIP Secure?
This is easy - Passwords• Secure, strong passwords• Change them every month• Force secure passwords
Jonathan Greenwood | Is VoIP Secure?
This is easy - Passwords• Monitor passwords• Weak password
Jonathan Greenwood | Is VoIP Secure?
This is easy – Template Deployments• Change template deployments• Hackers target template deployments• Known passwords• Easy target
Jonathan Greenwood | Is VoIP Secure?
This is easy – Simple Policy• Different passwords for
• Web Interface• SIP Passwords• PIN Numbers
Jonathan Greenwood | Is VoIP Secure?
This is easy – Limit Dial Plans• Block numbers• Add a Pin Number
Jonathan Greenwood | Is VoIP Secure?
This is easy – Back up
Jonathan Greenwood | Is VoIP Secure?
• Use the right equipment • Secure Telephone System• Secure IP Phones• Secure PSTN/SIP Connectivity• Security between System and Phones
• Create a basic security guide• Employ a trained reseller
Jonathan Greenwood | Is VoIP Secure?
Which Reseller?• Look for Certified Reseller Partners• Look for Manufacturer Partner Programs• Look on a Manufacturer’s website• Contact the Manufacturer – ask who?
Jonathan Greenwood | Is VoIP Secure?
snom Channel Partner Program• Designed for resellers• Aimed at resellers of VoIP
Jonathan Greenwood | Is VoIP Secure?
snom Channel Website• Aimed to support resellers• Sales and Product advice• Make resellers feel wanted• Makes for a good working relationship• Give the customer some comfort• http://www.snomchannel.co.uk
Jonathan Greenwood | Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
snom Certified Engineers (SCE)• Certified Resellers• Not just Technical• Sales and Support Trained• Marketing Support
Jonathan Greenwood | Is VoIP Secure?
What happens when it goes wrong?
Jonathan Greenwood | Is VoIP Secure?
Disaster can strike• A customer on an insecure PBX• Not ours • 8000 calls from midnight until 7am• Credit limit stopped at £400.00• SIP trunking provider is the good guy
here
Jonathan Greenwood | Is VoIP Secure?
Disaster can strike• If that was the PSTN –
• Next months bill• 1+ months to find out• Big bills• Who is responsible?
Jonathan Greenwood | Is VoIP Secure?
Disaster can strike• Who is responsible?
• Carriers• Poor installation• Poor password policy• Poor management
Jonathan Greenwood | Is VoIP Secure?
Don’t do this
Jonathan Greenwood | Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
Instead - Do do this
Jonathan Greenwood | Is VoIP Secure?
Employ • snom Certified Reseller• Trained on Sales and Support• Security aware• Backed by the Manufacturer
Deploy
Jonathan Greenwood | Is VoIP Secure?
Jonathan Greenwood | Is VoIP Secure?
Are you a Reseller?• snom Certified Engineer (SCE)?
• Join today • Receive training• Sales, Marketing and support• Priority support
• Sales• Deployment
Jonathan Greenwood | Is VoIP Secure?
Are you a Customer?• Look at our products
• Security is always first• 16 years in VoIP - SIP• Worldwide supply• Local UK office• We are here to help
Jonathan Greenwood | Is VoIP Secure?
Visit our stand – find out more
Stand 717
Jonathan Greenwood | Is VoIP Secure?
Thank you
Any Questions?