Computer Memory Honolulu

Issiues Security VoIP applications

INTRODUCTION

The evolution of the networks and the Internet has increased in different types of applications. One of these applications is that VoIP has become an alternative to the traditional telephone network (Public Switched Telephone Network, or PSTN) versatile offered, oral communication and flexible economy. The PSTN, of course, is not invulnerable to security breaches. Some of the early hackers phone phreaks ", which specialized in making unauthorized long distance calls.

Today, the threat caused by hackers to IP networks beyond the cost of unauthorized calls long distance. An attack could wipe out the network (and therefore the company's service phone) for hours or days, and the contents of the intercepted calls, disclosure of trade secrets,

1. confidential information client and more. That makes security a very important issue. Here we will talk about the attacks and the relevant countermeasures to provide adequate security for VoIP networks.

VOIP (Voice over Internet Protocol)

The first experiment in telephone networks were carried conducted by researchers from MIT in 1970 and RFC741 Internet Protocol Specification for "Network Voice Protocol" was published in the year 1977.VOIP uses switching sending packets of digitized data packets over the Internet using many possible ways. These packets are reassembled at the destination to generate voice signals.

Before you can send voice, a call should be placed. In a normal telephone system, this process is to dial the digits of the number called, which are then tried by the telephone company to ring the called number. With VoIP, the user must enter the number dialed, which may take the form of a number marked on the telephone keypad or selecting a universal resource indicator (URI). The telephone number or URI should be linked to an address IP to reach the called party.

A number of protocols are involved in determining the IP address corresponding to the number of telephone called party. This process is shown in Figure 1. VoIP is increasingly popular because it is cheaper than traditional phone service and in some cases free. Organizations can manage their own VoIP service using products from vendors such as Cisco. For consumers, companies such as Packet8 and Vonage offer an actual phone that plugs into a broadband connection, while others, including Skype offers software that runs on a PC. The most popular instant messaging applications also has VoIP capabilities.  

What are the threats?

Some of the security problems VOIP affecting are the same that affect any IP network, and some are unique to voice communications. Threats include:

• A virus or worm can be introduced to the network and fall of VoIP servers / gateways
• A denial of service attack can overwhelm the network and lower
• A hacker can gain access call server to listen, record, or interrupt calls
• A hacker can give yourself or others access to services that are supposed to be restricted
• Hackers can access the trunk gateway to the PSTN and to make unauthorized long distance calls
• A hacker who calls server access can register "offenders" IP phones that can use VoIP services company

A different problem but related to VoIP is the possibility of SPIT (Spam IP Telephony). Another phenomenon is the VoIP phishing.

Security Issues of VoIP applications

With the introduction VOIP, the need for security is compounded because now we have to protect two very valuable resources, our data and our voice. For example, ordering goods through the phone, most people will read your credit card number to the person at the other end. The numbers are transmitted without encryption to the seller. By contrast, the risk of sending unencrypted data over the Internet is more significant. Packets sent from a user's home computer to an online retailer may pass through 15 to 20 systems that are not under the control of the user's ISP or retailer.

Because the digits are transmitted through a standard to transmit out of band numbers in a special message, anyone with access to these systems can install the software that analyzes data packets credit card. For this reason, online retailers use encryption software to protect user information and credit card number. Therefore, we have to transmit voice over Internet protocol, and specifically through the Internet, similar security measures must be implemented. The current architecture Internet security does not offer the same physical cable as telephone lines. The key to VoIP is the use of security mechanisms such as those deployed in data networks (Firewalls, encryption, etc.).

VoIP vulnerabilities include not only the flaws inherent in the VoIP application itself, but also underlying operating systems, applications and VoIP protocols depends. The complexity of VoIP creates a large number of vulnerabilities affecting the three traditional areas information security: confidentiality, integrity and availability.

A virus is a piece of malicious code on systems loaded computer without your knowledge and runs against your wishes. As VoIP applications move beyond simple management of voice calls to running applications different, the risk of virus is likely to increase, for all VoIP applications have their own IP address as the computer systems on IP networks. Therefore, a bevery virus attack could be effective against VoIP applications. One of the most common examples is that the virus replication code is injected through small stack overflow damage VoIP applications or even reduce the IP networks. To address this scenario, VoIP applications must provide a safety mechanism to check the size of the received packet data to avoid exceeding the limits of available memory on the stack. In short, the virus attacks could create threats to security to the integrity and availability.

Denial of Service (DoS) always relate to preventing access to a network service bombarding servers, proxy servers or gateway servers for voice malicious packets. An incident in which a user is deprived of the services or resources normally expect to have. Attackers can launch the full spectrum of DoS attacks (eg unauthenticated packages call control) against the underlying networks of VoIP applications and protocols like traditional PBX. For example, voice mail and short messaging services in IP telephony systems can to be the target of attacks flood of messages. The result can prevent legitimate attempts to leave a message subscriber.

The man Middle attacks always refer to an attacker who is able to read and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The common man in the plan of attack usually involves Address Resolution Protocol (ARP), which may make an application VoIP to redirect traffic to the computer system attack. Then, the computer system attack can gain control over the VoIP application that session, which can be altered, dropped, or registered. For example, an attacker can inject speech, noise or delay (eg, gaps in silence) in conversation. In general, there are three types of vulnerabilities: (1) espionage: the unauthorized interception of data or packet voice

Real-time Transport Protocol (RTP) stream and decoding of signaling messages, (2) packages of phishing: Intercepting a call by impersonating packages of voice or data transmission, and (3) Repeat: genuine relay sessions to VoIP applications to reprocess the information.

To address these types of vulnerabilities, VoIP applications can take the public Key Infrastructure (PKI), a safety mechanism to ensure confidentiality transmitted data and to verify and authenticate the validity of each party in the context of public and private key. Without proper encryption, anyone can sniff the data packets voice transmission over IP networks are security threats to the confidentiality and integrity. In short, the man in the Middle attacks create security threats to confidentiality and integrity as this type of attack can release packets of voice data to authorized parties or to modify the content of the talks.

Security IPsec

IP network is more prone to security breaches. So a lot of network protocols are developed to protect IP networks. Voice over IP is vulnerable to the same attack as the normal data traffic. Here, the attacker can directly enter the network or service disruption that could generate excess traffic to stop the service.

IPsec is the preferred form of a VPN tunnel over the Internet. There are two basic protocols defined in IPsec: Security Encapsulating Payload (ESP) and Authentication Header (AH). Both systems provide connectionless integrity, source authentication, and service anti-replay.

IPsec also supports two modes: transport and tunnel. Transport mode encrypts the payload (data) layer headers top of the IP packet. The new IP header and IPsec header left in sight. So if an attacker to intercept a packet IPsec in transport mode, unable to determine what it contained, but could not say where he was going, allowing rudimentary traffic analysis. In a network devoted entirely to VoIP, this would amount to logging that the parties were calling others, when and for how long. The tunnel mode encrypts entire IP datagram and places a new IP packet. Both the payload and the IP header is encrypted. The IPsec header and the new IP header for this packet encapsulation is the only information that is in the clear. Usually, each "tunnel" is between two network elements such as a router or gateway ..

IP addresses of these nodes is used as encryption at each hop IP address. Therefore, at no time is a plain IP header sent containing both the source and destination IP. Thus, if an attacker to intercept packets such, would be unable to discern package contents or origin and destination. Note that some traffic analysis is possible even in tunnel mode, because the addresses of gateway can read. If a gateway exclusive use of a particular organization, an attacker can determine the identity of one or both organizations to address communication gateway. IPsec allows network nodes to negotiate not only a security policy that defines the security protocol and mode as described above, but also a security association that defines the encryption algorithm.

VOIP security mechanisms

Important safety mechanisms used in conjunction with voice traffic include virtual private networks (VPN) to end encryption and address translation.

Virtual private networks are one of the basic forms of security mechanisms. In this case, the parties communication to establish a kind of partnership with each other using the tunnel endpoints are connected through layer 2 techniques such as Frame Relay, ATM or MPLS.

With encryption end to end, initially communicating entities share a secret key pair to be used to encrypt data. This exchange key could be done in several ways including sending the key manually or through a key exchange protocol complex. Following the exchange of key process, all data communication between nodes is encrypted. Even if an attacker gains access to decode, he / she may not datagram data immediately. As the encryption algorithm becomes complex, it becomes more difficult for the attacker to decode the encrypted data within the datagram.

The most probably widespread solution to the network address translation is UDP encapsulation of IPsec. This application is compatible with the IETF and effectively allows all traffic ESP to pass through the NAT. In tunnel mode, this model involves the IPsec encrypted packet in a UDP packet with a new IP header UDP header and a new, usually through port 500.

VOIPsec problems

There are certain issues related to VOIP which are not applicable to normal traffic data. Chief among them is the latency, jitter and packet loss. These themes are introduced in the environment VoIP environment, as it is a real-time transfer media. In the standard data transfer via TCP, if a packet is lost, may suffer by request. In VoIP, there is no time to do this. Packets reach their destination and should arrive quickly.

Solutions to VOIPsec issues

Latency: When an end-to-end encryption is performed in VOIP (the encryption engine) introduces the study revealed that motor encryption as a bottleneck for voice traffic transmitted over IPsec.

One of the proposed solutions to bottlenecks in routers because encryption problems is to handle the encryption / decryption only at the ends of the VoIP network [33]. One consideration with this method is that the ends should be computationally powerful enough to handle the encryption mechanism. But usually the extremes are less potent than gateways, you can leverage the hardware acceleration through multiple clients. But ideally should be kept encrypted at each hop in the life of a VOIP packet, this may not be feasible with simple IP phones with little in the form of software or computing power.

In such cases it may be preferable that the data are encrypted traffic between end and the router (or vice versa), but not encrypted on the LAN is a bit less harmful than traffic unencrypted over the Internet. Fortunately, the increased processing power of the new phones are doing encryption far from being a problem. In addition, SRTP and Mikey are the future protocol to encrypt the media and key management that will ensure interoperability between H.323 and SIP clients.

Secure Real Time Protocol (SRTP)

Concern: refers to the non-uniform packet delays. Jitter can cause packets to arrive and be processed out of sequence. RTP, the protocol used to transport media voice, is based on UDP packets out of order are not reassembled at the protocol level. However, RTP enables applications to perform the reordering using the number of sequence and the date and time fields. The overhead of reassembling these packets is not trivial, especially when it comes to the strict time constraints VOIP.

RTP (Real-time Transport Protocol) is commonly used for transmitting real time audio and video data in the Internet telephony applications. Without protection RTP is considered unsafe, as a telephone conversation over IP can be spied. Moreover, manipulation and playback of RTP data could lead to poor quality of speech due to the interference of the flow of audio / video. Modified RTCP (Real-time Transport Control Protocol) data, could even lead to an unauthorized change of quality Negotiated service and stop processing the current RTP.

Insurance Real-Time Protocol is a profile of the Real-time Transport Protocol (RTP) that provides not only confidentiality, but also message authentication and replay protection for RTP traffic and RTCP (Real-time Transport Control Protocol). SRTP was referred to the IETF AVT working group. It was released as RFC 3711 in March 2004.

SRTP provides a framework for authentication and message encryption RTP and RTCP streams. SRTP can achieve high throughput and low packet expansion.

Packet loss

VOIP is exceptionally intolerant of packet loss. Packet loss can result from excessive latency, where a group of packets arrives late and must be discarded in favor of newer ones. It may also be the result of the concern, ie when a packet arrives after its environment has added packages from buffer, causing the received packet useless. Despite the impracticality of using a guaranteed delivery protocol such as TCP, there are some remedies for the problem of loss packages.

One can not guarantee that all packages are delivered, but if the available bandwidth, the probability can send redundant information ruling out the possibility of loss. bandwidth is not always available and redundant information must be processed, the further introduction of latency the system and, ironically, possibly causing further loss of packets. newer codecs, such as Internet Low Bit rate Codec (iLBC) are also being developed that offer more or less the voice quality and computational complexity of G.729A, while providing greater tolerance to packet loss.

Best Systems Programming

Incorporating AES or some other fast encryption algorithm may help temporarily relieve the bottleneck, but this is not a scalable solution because it does not address the higher grade because of the slowdown. Without a way for the crypto-engine to give priority to packages, the motor will remain susceptible to DoS attacks and the hunger for data traffic that prevent urgent time VoIP traffic. A few large packets can obstruct the line long enough to make the VoIP packets over 150 ms later (sometimes called the head of line blocking), destroying the call. Ideally, the crypto-engine carry out the programming quality of service for voice packets, but this is not a realistic scenario, given the limitations of speed and compact size the crypto-engine.

One of the solutions implemented in the latest routers is to schedule packets with QoS in mind before the coding phase. Despite this heuristic solves the problem for all packages ready to enter the encryption engine at any given time, does not address the problem of VoIP packets arrive at a queue crypto-engine that is already saturated with pre-programmed data packets.

prioritize quality of service can also be done after the process always encrypted encryption procedures to preserve the TOS bits of the original IP header in the new IPsec header. This functionality is not guaranteed and depends on hardware network and software, but if implemented QoS allows programming to be used at each hop the match encrypted packets.

There are any safety problems time information about the contents of a package makes clear, as this ToS forwarding system, but with the addresses for sending and receiving of hidden, this is not is as atrocious as a superficial glance might make it seem. However, neither the pre-encryption or ciphers after applying QoS in reality or any other priority scheme to improve the crypto-engine FIFO scheduler. speed limits and compact size of this device may not allow such algorithms to be implemented for some time.

CONCLUSION

This paper has discussed the architecture of VoIP, security issues and security arrangements followed in the VoIP architecture. Generic problems and solution for the VoIP system are discussed. Future work may include software to prevent attacks through strong security policies and their implementation.

REFERENCES

Hardy 1.WC measurement, quality of service and Evaluation Telecommunications Quality of Service John Wiley and Sons, 2001.

Quality 2.WC Hardy, VoIP Service: Measuring and Evaluating Packet Switched Voice, McGraw-Hill, 2003.

3The Telecommunications Union. ITU-T Recommendation G.114 (1998): "Delay".

4.p Mehta and S. Udani, "Overview of Voice over IP." Technical Report MS-CIS-01-31, Department of Computer Science of Information, University of Pennsylvania, February 2001.

5.B Goode, "Voice over Internet Protocol (VOIP)." IEEE Proceedings of you, vol. 90, NO. September 9, 2002.

6.R. Barbieri, Bruschi D, E Rosti, "Voice over IPsec: Analysis and solutions." Proceedings of the 18th Annual Computer Security Applications Conference, 2002.

7.Anonymous, "Voice over IP over virtual private networks: An Overview." White Paper, Avaya Communications February 2001.

8.R. Sinden, "Comparison Voice over IP with circuit switching techniques. "Department of Electronics and Computer Science, University of Southampton, UK, January 2002.

9.K. Percy and M. Hommer, "Advice from the trenches of VoIP." Network World Fusion, January 2003

working group 10.Anti-phishing. Online: http://www.antiphishing.org/

11. Blau, J., 2005. Cabir worm wriggles on mobile U.S. mobile. PC World. Online:

http://www.pcworld.com/news/article/0, help, 119763.00. asp.

12.Chen, X. and Heidemann, J., 2002. Flash crowd mitigation via adaptive admission control based on application-level measurement. Technical Report ISI-TR-557, UniversityofSouthernCalifornia. Online: http://www.isi.edu/ ~ johnh/PAPERS/Chen02a.html.

13.Defense Information Systems Agency (DISA), 2004. Voice over Internet Protocol (VOIP) SecurityTechnical Implementation Guide, Version 1, Release 1, 13.

14.Demers, S., et al., 1989. Analysis and simulation of a fair queue algorithm. Proc. Special Interest Group on Data Communication (SIGCOMM), Austin, USA.

15.Gregory, PH, 2004. Microsoft to ignore the biggest source threats to security? Computerworld, February

16.online: http://www.computerworld.com/securitytopics/security/story/

17.Hensell, L., 2003. The new VoIP security risk. E-Commerce Times, 2 October. online article: http://www.ecommercetimes.com/story/31731.html.

18.Ioannidis, J. and Bellovin, SM, 2002. router-based defense DDoS attacks. Proc. Symposium Network and Distributed System Security (NDSS), San Diego, USA.

19.Jung, J., et al., 2002. Flash crowds and denial of service attacks: characterization and implications for CDNs and Web sites. Proc. 11 World Conference International Wide Web, Honolulu, USA.

20.Kidman, A., 2004. The threat of viruses Next: IP telephony. June 18. Online: http://www.zdnet.com.au/news/security/0, 2000061744,39150881,00 htm.

About the Author

Kathiresan.V & Ranjitha Kumari.S
Lecturer,Department of MCA,
RVS COLLEGE OF ARTS & Science,
Sulur,Coimbatore.Tamil Nadu,India.

FSX Hawiian MD-11 @ Honolulu!!

Honolulu Hotels $40 Honolulu Hotels

Computer Memory Saver $9.99 Saves the memory of the on-board vehicle computer when the battery is disconnected. Plugs into cigarette lighter. Use with 9 volt alkaline battery (not included).

9 Volt Battery Computer Memory Saver $13.95 Automotive computer memory retaining tool designed to maintain the memory of the on-board vehicle computer (CCU) when the power source (battery) is disconnected. Use of this tool when changing or interrupting the power source prevents loss of certain driveability codes, keyless entry codes, digital radio setting, cellular phone settings and other memory related functions. Prevents loss of radio function on anti-theft radio systems. ? Use with 9 volt alkaline batteryBy Kastar Hand Tools.

Memory Foam $9.99 The bendable MEMORY FOAM wrist rest from HandStands is a quality computer accessory

Hi Honolulu $65.7 Hi Honolulu > PMI > C/ Alta esquina Pineda > Palma Nova > > 7181>Location. This hotel is located in Palma Nova. Regional points of interest include Bellver Castle and Mallorca Cathedral. Features. Hi Honolulu has an outdoor pool and a pool. Hi Honolulu has a restaurant, a bar/lounge, and a poolside bar. The staff can arrange tour/ticket assistance and car rentals on site. Additional amenities include a garden, multilingual staff, and air conditioning in public areas. Guestrooms. Hi Honolulu features 219 guestrooms in a 8 story property. Business friendly amenities include desks. Balconies are featured in all guestrooms. Amenities featured in guestrooms include air conditioning, in room safes, and phones. >

Beach Belle® Honolulu Pink Tank Shortini $66 Beach Belle® Honolulu Pink Tank Shortini

Beach Belle® Honolulu Pink Tank Skirtini $66 Beach Belle® Honolulu Pink Tank Skirtini

Beach Belle® Honolulu Blue Tankini Top $29 Beach Belle® Honolulu Blue Tankini Top

Beach Belle® Honolulu Pink Tankini Top $38 Beach Belle® Honolulu Pink Tankini Top

Beach Belle® Honolulu Blue Tank Skirtini $57 Beach Belle® Honolulu Blue Tank Skirtini

Beach Belle® Honolulu Blue Tank Shortini $57 Beach Belle® Honolulu Blue Tank Shortini

Beach Belle® Honolulu Blue V-Neck Swimdress $68 Beach Belle® Honolulu Blue V-Neck Swimdress

Nautica Honolulu PC Polar $179.85 Nautica Honolulu PC Polar Sunglasses for Women are available at BestBuyEyeglasses.com in the following colors: Brown, Gold, Green, Red. The style is Oval and the frame material is Metal. Nautica Honolulu PC Polar Sunglasses. These frames do not accept prescription lenses.

Gateway 4DX2 -50 Mini Computer 16MB Memory Upgrade $11.99 Gateway 4DX2 -50 Mini Computer 16MB FPM

Gateway 4DX2 -50 Mini Computer 32MB Memory Upgrade $15.99 Gateway 4DX2 -50 Mini Computer 32MB FPM

Gateway 4DX2 -50 Mini Computer 4MB Memory Upgrade $11.99 Gateway 4DX2 -50 Mini Computer 4MB FPM

Gateway 4DX2 -50 Mini Computer 8MB Memory Upgrade $15.99 Gateway 4DX2 -50 Mini Computer 8MB FPM

DSR Automotive Computer Memory Saver $26.95 ? This accessory connector plugs the OBD II head into the car?s OBD II source? Insert the male connector into an external power-source to save the electrical settings within the vehicle when the battery is disconnected? Protects vehicle fault codes, drivability codes, keyless entry codes and digital radio settings

OHANA Honolulu Airport Hotel $98.67 OHANA Honolulu Airport Hotel > HNL > 3401 N Nimitz Hwy > Honolulu > HI > 96819>Location. This Honolulu hotel is just a half mile from Honolulu International Airport (HNL). Public buses stop right outside the hotel for convenient access to downtown Honolulu, 4 miles away. The U.S.S. Arizona Memorial is about 2 miles from the hotel, and Waikiki Beach is 7 miles away. Hotel Features. Ohana Honolulu Airport Hotel provides complimentary airport shuttle service. The hotel is entirely nonsmoking. An outdoor pool offers a tropical setting with palm trees and a sundeck. An open air restaurant serves breakfast daily and dinner Tuesday through Thursday. Complimentary wireless Internet access is available in the hotel lobby. The front desk and the business center are open 24 hours a day.Guestrooms. Air conditioned guestrooms feature Sleep Number by Select Comfort mattresses. Cable TV comes with premium channels. High speed Internet access is complimentary, as are local and domestic long distance calls up to 15 minutes. Rooms also offer compact refrigerators, microwaves, and coffee/tea makers. >The preferred airport for OHANA Honolulu Airport Hotel is Honolulu, HI (HNL Honolulu Intl.) 0.7 km / 0.4 mi. Distances are calculated in a straight line from the property’s location to the point of interest or airport and may not reflect actual travel distance. Distances are displayed to the nearest 0. 1 mile and kilometre.

Gateway 4DX Series 4DX2 -50 Mini Computer 16MB 70ns FPM SIMM 144-pin Memory $11.99 Gateway 4DX Series 4DX2 -50 Mini Computer 16MB 70ns FPM SIMM 144-pin Memory

This day in history...


Powered By WPHistory