© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v5.01-1 Introduction to VoIP Considering Security Implications of VoIP Networks.

Презентация:



Advertisements
Похожие презентации
© 2005 Cisco Systems, Inc. All rights reserved. CVOICE v Introduction to VoIP.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Introduction to VoIP Introducing VoIP Network Technologies.
© 2006 Cisco Systems, Inc. All rights reserved.SNRS v Adaptive Threat Defense Examining Cisco IOS Firewall.
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Configuring Voice Networks Introducing Signaling and Call Control.
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v VoIP Signaling and Call Control Introducing H.323.
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v VoIP Signaling and Call Control Deploying and Configuring H.323.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Module Summary The Cisco SDN strategy offers a layered approach to providing integrated network.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing the Perimeter Applying a Security Policy for Cisco Routers.
Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Evaluating Network Security Policies ARCH v
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Integrating Internet Access with MPLS VPNs Introducing Internet Access Models with MPLS VPNs.
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v VoIP Signaling and Call Control.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Module Summary Cisco IOS Firewall combines the stateful firewall engine with application-layer.
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Configuring Voice Networks Adjusting Voice Interface Settings.
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Improving and Maintaining Voice Quality Implementing CAC.
© 2005 Cisco Systems, Inc. All rights reserved. IPTX v Module Summary Cisco CallManager Express provides the small to midsize business with an integrated.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Connecting Networks Understanding How TCP/IP Works.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Building a Simple Ethernet Network Defining a LAN.
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Introduction to VoIP Calculating Bandwidth Requirements.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Defining VLANs Implementing Best Practices for VLAN Topologies.
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Introduction to VoIP Considering Security Implications of VoIP Networks

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Outline Overview Security Policies for VoIP Networks Threats to VoIP Networks Secure LAN Design Communicating Through a Firewall Delivering VoIP over a VPN Bandwidth Overhead Associated with VPN Summary Lesson Self-Check

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Elements of a Security Policy Transport security: Protect the data while it is in transit through the network Network security: Verify which data should be entering the network Intrusion detection: Provide notification in the event of unauthorized data detection

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Networkwide Security

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Threats to VoIP Theft and toll fraud Unauthorized access to voice resources Compromise of network resources Downtime and DoS Invasion of call privacy

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Secure LAN Design Assigning different VLANs creates separate broadcast domains. Separate VLANs protect against eavesdropping and tampering. Separate VLANs render packet-sniffing tools less effective.

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Firewall Access

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v VoIP over a VPN

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v VPN Overhead

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Span Engineering VoIP Network Security Components Identify benefits of each security component.

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Summary Security policies must encompass both transport and network security and should recommend monitoring for intrusion detection. Security threats against VoIP include toll fraud, invasion of privacy, unauthorized access to resources, and DoS attacks. Separate VLANS for voice and data prevent eavesdropping and tampering. Stateful firewalls inspect voice signaling packets to determine which UDP ports to allow through. Firewalls that are not capable of stateful inspection require the presence of an H.323 proxy server. VPN encryption headers introduce additional overhead that negatively impacts voice traffic. To calculate bandwidth overhead, you must understand the VPN technology and protocols.

© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v