www.arcbus.com issa june 2005 luncheon are you ready for voip? tim mccreight – cissp cpp arc...
TRANSCRIPT
www.arcbus.com
ISSA June 2005 Luncheon
Are You Ready for VOIP?
Tim McCreight – CISSP CPPARC Business Solutions Inc.
www.arcbus.com
Warning:
This presentation contains violence, coarse language, mature themes and honest opinions.
Viewer discretion is advised.
www.arcbus.com
Agenda
• Introduction to VoIP
• Marketing Pitch
• Security Concerns
• What you should be asking…
• Question and Answer Session
www.arcbus.com
www.arcbus.com
www.arcbus.com
www.arcbus.com
VOIP in the News
www.arcbus.com
Intro to VOIP - Internet
Internet
PSTN
• Uses an analog phone & adaptor• Can use a PC• Plugs into DSL or broadband• Connects to other IP users, or PSTN• Examples: Vonage, Skype
www.arcbus.com
Intro to VoIP – IP PBX
Internet
PSTN
4
7
PQRS
*
CISCO IP PHONE7902 SERIES
1 2
A B C
3D EF
4 5
J K L
6
M N OG H I
7 8
T U V
9
W X Y ZP Q R S
* 0 #
4
7
PQRS
*
CI SC O IP PHO NE
79 02 SERI ES
1 2
A B C
3D E
F
4 5
J K L
6
M N OG H I
7 8
T U V
9
W X Y ZP Q R S
* 0 #
``
WAN
• Platform resides on your premise• Makes use of existing infrastructure• Blends data and voice within your network• Separates traffic to the PSTN• Security is primarily your concern
www.arcbus.com
Intro to VoIP – Hosted Solution
• Platform is now hosted by your IXC/ILEC/CLEC
• You share an access point with the Service Provider
• Blends data and voice from your network to the SP
• SP’s security now becomes a critical component
Image available from www.networkmagazine.com, January 2004 issue
www.arcbus.com
PSTN
DMS or Other Device
Customer Site
Hosted IP Scenario - Example
www.arcbus.com
“Have we got a deal for you…”
• One network• No additional CAPEX• Cost savings on staff and network• Mobility• Cool features!• Help for road warriors• Advanced feature sets• Not quite 5 9’s, but close…
www.arcbus.com
Those Mysterious 9’s
• 99.999 percent uptime = 5 minutes unscheduled outage in one year
• 99.9 percent uptime = 8.8 HOURS of unscheduled outage
• 99 percent uptime = 87.6 HOURS of unscheduled outage
www.arcbus.com
…And now the bad news…
• User expectations• E911 concerns and
limitations• Man in the middle
attacks, et al.• Network congestion• DDOS vulnerabilities• Spam over Internet
Telephony (SPiT)• SIP/H.323 Vulnerabilities
www.arcbus.com
More Security Concerns
• Impersonation, LD fraud• Packet inspection – ntwk
and app layer• Remote access – yours
and vendors• Insecure paths• Policies and procedures• Vendor response and
security• Network monitoring
www.arcbus.com
What You Should Be Asking
• Service Level Agreements• Security Defenses in Place – at Carrier• Security Operation Centre – at Carrier• CIRT Team in place – at Carrier and you!• Response to Incidents by Carrier• Protection from other customers within
Carrier network• Fraud protection
www.arcbus.com
…more Questions
• Cost to upgrade IS/IT equipment for QoS, PoE, etc. throughout your network
• Appropriate firewall at YOUR perimeter, to monitor traffic between you and the carrier
• What controls do YOU have in place: AV, IDS, patch management, policies…
• E911 issues: mitigation strategies, etc.
www.arcbus.com
Q & A Session
www.arcbus.com
www.arcbus.com
Presented By:
Tim McCreight, CISSP CPPDirector, Security Consulting DivisionARC Business Solutions Inc.(780)702-5022 ext. [email protected]