Deutsch
English
Français
ActualitésVoice-over-IP Security
Duration: 2 days
Audience: Information Security Officers, Internal Audit, Network or Security Consultants
Overview:
The continuing merger of data and voice networks brings new security challenges. This 2-day course provides detailled knowledge about securing complex Voice-over-IP implementations. We will cover typical threats and vulnerabilities in VoIP networks and provide a risk-based approach in securing them. Lots of real world examples and some hands-on experience might help to get a better understanding of the interactions, potential threats and mitigating controls to come across in VoIP networks.
Agenda:
- Overview of main terms and concepts to be found in Voice-over-IP networks.
- Important standards, components and protocols.
- Security objectives in typical VoIP implementations.
Threats & Vulnerabilities
- Threats & vulnerabilities on the protocol level (signaling, transport)
- Threats & vulnerabilities on the gateway level
- Threats & vulnerabilities on the phone/endpoint level
- Authentication methods in VoIP networks and their weaknesses
Attacks
- Security Discussion of SIP: Attacks & mitigating controls.
- Security Discussion of H.323: Attacks and controls.
- Attacking gateway components.
Securing VoIP: On the right mix of design, implementation, operations and additional controls. Mitigating controls on the architecture level. When does isolating voice and data networks make sense, when not?
- Planning a secure VoIP network
- Planning for high availability.
- Typical firewall/filtering rulesets in VoIP environments
Encryption in VoIP networks: strategies and pitfalls. SRTP and the key management problem.
802.1x for IP phones: are we yet there?
- Overview of major vendors (e.g. Cisco, Avaya, Alcatel) and their security specifics.
- Discussion of different case studies: VoIP in one site, central site + remote sites, SIP trunking etc.
Dates:
On request
Price:
EUR 1750.-