Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this

Table Of Contents

1 Introduction
1.1 Authority
1.2 Document Scope and Purpose
1.3 Audience and Assumptions
1.4 Document Organization
2 Overview of VOIP
2.1 VOIP Equipment
2.2 Overview of VOIP Data Handling
2.3 Cost
2.4 Speed and Quality
2.5 Privacy and Legal Issues with VOIP
2.6 VOIP Security Issues
3 Quality of Service Issues
3.1 Latency
Figure 2. Sample Latency Budget
3.2 Jitter
3.3 Packet Loss
3.4 Bandwidth & Effective Bandwidth
3.5 The Need for Speed
3.6 Power Failure and Backup Systems
3.7 Quality of Service Implications for Security
4 H.323
4.1 H.323 Architecture
Figure 4. H.323 Call Setup Process
4.2 H.235 Security Profiles
4.2.1 H.235v2 H.235v2 Annex E – Signature Security Profile
Table 2: H235v2 Annex E – Signature Security Profile
Table 3: H235v2 - Voice Encryption Option
Table 4: H235v2 Annex F – Hybrid Security Profile
4.2.2 H.235v3
Table 5: H235v3 Annex D - Baseline Security Profile
4.2.4 H.323 Security Issues
4.3 Encryption Issues and Performance
5.1 SIP Architecture
Figure 5. SIP Network Architecture
5.2 Existing Security Features within the SIP Protocol
5.2.1 Authentication of Signaling Data using HTTP Digest Authentication
5.2.2 S/MIME Usage within SIP
5.2.3 Confidentiality of Media Data
5.2.4 TLS usage within SIP
5.2.5 IPsec usage within SIP
5.2.6 Security Enhancements for SIP
5.2.7 SIP Security Issues
Figure 6. SIP Protocol
6 Gateway Decomposition
6.1 MGCP
6.1.1 Overview
6.1.2 System Architecture
Figure 7: General Scenario for MGCP Usage
6.1.3 Security Considerations
6.2 Megaco/H.248
6.2.1 Overview
6.2.2 System Architecture
Figure 8: General Scenario for MEGACO/H.248 Usage
6.2.3 Security Considerations
7 Firewalls, Address Translation, and Call Establishment
7.1 Firewalls
7.1.1 Stateful Firewalls
7.1.2 VOIP specific Firewall Needs
7.2 Network Address Translation
Figure 9. IP Telephones Behind NAT and Firewall
7.3 Firewalls, NATs, and VOIP Issues
7.3.1 Incoming Calls
7.3.2 Effects on QoS
7.3.3 Firewalls and NATs
7.4 Call Setup Considerations with NATs and Firewalls
7.4.1 Application Level Gateways
7.4.2 Middlebox Solutions
Figure 10. Middlebox Communications Scenario
7.4.3 Session Border Controllers
7.5 Mechanisms to solve the NAT problem
7.6 Virtual Private Networks and Firewalls
8 Encryption & IPsec
8.1 IPsec
8.2 The Role of IPsec in VOIP
8.3 Local VPN Tunnels
8.4 Difficulties Arising from VOIPsec
8.5 Encryption / Decryption Latency
8.6 Scheduling and the Lack of QoS in the Crypto-Engine
8.7 Expanded Packet Size
8.8 IPsec and NAT Incompatibility
9 Solutions to the VOIPsec Issues
9.1 Encryption at the End Points
9.2 Secure Real Time Protocol (SRTP)
9.3 Key Management for SRTP – MIKEY
9.4 Better Scheduling Schemes
9.5 Compression of Packet Size
9.6 Resolving NAT/IPsec Incompatibilities
10 Planning for VOIP Deployment
A Appendix: VOIP Risks, Threats, and Vulnerabilities
A.3 Availability and Denial of Service
B Appendix: VOIP Frequently Asked Questions
C Appendix: VOIP Terms
0 of .
Results for:
No results containing your search query
P. 1
Security Considerations for Voice Over IP Systems

Security Considerations for Voice Over IP Systems

Ratings: (0)|Views: 9,287|Likes:
Published by Sarah

More info:

Published by: Sarah on Apr 06, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Page 4 is not shown in this preview.
You're Reading a Free Preview
Pages 8 to 38 are not shown in this preview.
You're Reading a Free Preview
Pages 42 to 99 are not shown in this preview.

Activity (6)

You've already reviewed this. Edit your review.
Humberto Romero liked this
1 thousand reads
1 hundred reads
noahkrpg liked this
Lam Binh liked this
Charley Lim liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->