Register for Free Membership to
[email protected]
Over the last few years, Syngress has published many best-selling and
critically acclaimed books, including Tom Shinder’s Configuring ISA
Server 2004, Brian Caswell and Jay Beale’s Snort 2.1 Intrusion
Detection, and Angela Orebaugh and Gilbert Ramirez’s Ethereal
Packet Sniffing. One of the reasons for the success of these books has
been our unique
[email protected] program. Through this
site, we’ve been able to provide readers a real time extension to the
printed book.
As a registered owner of this book, you will qualify for free access to
our members-only
[email protected] program. Once you have
registered, you will enjoy several benefits, including:
■
Four downloadable e-booklets on topics related to the book.
Each booklet is approximately 20-30 pages in Adobe PDF
format. They have been selected by our editors from other
best-selling Syngress books as providing topic coverage that
is directly related to the coverage in this book.
■
A comprehensive FAQ page that consolidates all of the key
points of this book into an easy-to-search web page, providing you with the concise, easy-to-access data you need to
perform your job.
■
A “From the Author” Forum that allows the authors of this
book to post timely updates and links to related sites, or
additional topic coverage that may have been requested by
readers.
Just visit us at www.syngress.com/solutions and follow the simple
registration process. You will need to have this book with you when
you register.
Thank you for giving us the opportunity to serve your needs. And be
sure to let us know if there is anything else we can do to make your
job easier.
Practical
VoIP Security
Thomas Porter
Jan Kanclirz
Andy Zmolek
Antonio Rosela
Michael Cross
Larry Chaffin
Brian Baskin
Choon Shim
Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be
obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is
sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to
state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other
incidental or consequential damages arising out from the Work or its contents. Because some states do not
allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation
may not apply to you.
You should always use reasonable care, including backup and other appropriate precautions, when working
with computers, networks, data, and files.
Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author
UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc. “Syngress:The
Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is
to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned
in this book are trademarks or service marks of their respective companies.
KEY
SERIAL NUMBER
001
002
003
004
005
006
007
008
009
010
HJIRTCV764
PO9873D5FG
829KM8NJH2
BNNERHJC7B
CVPLQ6WQ23
VBP965T5T5
HJJJ863WD3E
2987GVTWMK
629MP5SDJT
IMWQ295T6T
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Practical VoIP Security
Copyright © 2006 by Syngress Publishing, Inc. All rights reserved. Printed in Canada. Except as permitted
under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any
form or by any means, or stored in a database or retrieval system, without the prior written permission of
the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.
Printed in Canada
1 2 3 4 5 6 7 8 9 0
ISBN: 1597490601
Publisher: Andrew Williams
Acquisitions Editor: Gary Byrne
Cover Designer: Michael Kavish
Technical Editors: Andy Zmolek,Thomas Porter,
and Stephen Watkins
Page Layout and Art: Patricia Lupien
Copy Editor: Adrienne Rebello
and Mike McGee
Indexer: Julie Kawabata
Distributed by O’Reilly Media, Inc. in the United States and Canada.
or information on rights, translations, and bulk sales, contact Matt Pedersen, Director of Sales and Rights,
at Syngress Publishing; email
[email protected] or fax to 781-681-3585.
Acknowledgments
Syngress would like to acknowledge the following people for their kindness
and support in making this book possible.
Syngress books are now distributed in the United States and Canada by
O’Reilly Media, Inc.The enthusiasm and work ethic at O’Reilly are incredible,
and we would like to thank everyone there for their time and efforts to bring
Syngress books to market:Tim O’Reilly, Laura Baldwin, Mark Brokering, Mike
Leonard, Donna Selenko, Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol
Matsutaro, Mark Wilson, Rick Brown,Tim Hinton, Kyle Hart, Sara Winge,
Peter Pardo, Leslie Crandell, Regina Aggio Wilkinson, Pascal Honscher, Preston
Paull, Susan Thompson, Bruce Stewart, Laura Schmier, Sue Willing, Mark
Jacobsen, Betsy Waliszewski, Kathryn Barrett, John Chodacki, Rob Bullington,
Kerry Beck, Karen Montgomery, and Patrick Dirden.
The incredibly hardworking team at Elsevier Science, including Jonathan
Bunkell, Ian Seager, Duncan Enright, David Burton, Rosanna Ramacciotti,
Robert Fairbrother, Miguel Sanchez, Klaus Beran, Emma Wyatt, Krista
Leppiko, Marcel Koppes, Judy Chappell, Radek Janousek, Rosie Moss, David
Lockley, Nicola Haden, Bill Kennedy, Martina Morris, Kai Wuerfl-Davidek,
Christiane Leipersberger,Yvonne Grueneklee, Nadia Balavoine, and Chris
Reinders for making certain that our vision remains worldwide in scope.
David Buckland, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, Pang Ai
Hua, Joseph Chan, June Lim, and Siti Zuraidah Ahmad of Pansing Distributors
for the enthusiasm with which they receive our books.
David Scott, Tricia Wilden, Marilla Burgess, Annette Scott, Andrew Swaffer,
Stephen O’Donoghue, Bec Lowe, Mark Langley, and Anyo Geddes of Woodslane
for distributing our books throughout Australia, New Zealand, Papua New
Guinea, Fiji,Tonga, Solomon Islands, and the Cook Islands.
v
Lead Author
and Technical Editor
Thomas Porter, Ph.D. (CISSP, IAM, CCNP, CCDA, CCNA,
ACE, CCSA, CCSE, and MCSE) is the Lead Security Architect in
Avaya’s Consulting & Systems Integration Practice. He also serves as
Director of Network Security for the FIFA World Cup 2006.
Porter has spent over 10 years in the networking and security
industry as a consultant, speaker, and developer of security tools.
Porter’s current technical interests include VoIP security, development of embedded microcontroller and FPGA Ethernet tools, and
H.323/SIP vulnerability test environments. He is a member of the
IEEE and OASIS (Organization for the Advancement of Structured
Information Standards). Porter recently published Foundation articles for SecurityFocus titled “H.323 Mediated Voice over IP:
Protocols, Vulnerabilities, and Remediation”; and “Perils of Deep
Packet Inspection.”
Tom lives in Chapel Hill, North Carolina, with his wife, Kinga,
an Asst. Professor of Internal Medicine at the University of North
Carolina, and two Chesapeake Bay retrievers.
vii
Contributing Authors
Brian Baskin (MCP, CTT+) is a researcher and developer for
Computer Sciences Corporation, on contract to the Defense Cyber
Crime Center’s (DC3) Computer Investigations Training Program
(DCITP). Here, he researches, develops, and instructs computer
forensic courses for members of the military and law enforcement.
Brian currently specializes in Linux/Solaris intrusion investigations,
as well as investigations of various network applications. He has
designed and implemented networks to be used in scenarios, and
has also exercised penetration testing procedures.
Brian has been instructing courses for six years, including presentations at the annual DoD Cyber Crime Conference. He is an
avid amateur programmer in many languages, beginning when his
father purchased QuickC for him when he was 11, and has geared
much of his life around the implementations of technology. He has
also been an avid Linux user since 1994 and enjoys a relaxing terminal screen whenever he can. He has worked in networking environments for over 10 years from small Novell networks to large,
mission-critical, Windows-based networks.
Brian lives in the Baltimore, MD, area with his lovely wife and
son. He is also the founder and president of the Lightning Owners
of Maryland car club. Brian is a motor sports enthusiast and spends
much of his time building and racing his vehicles. He attributes a
great deal of his success to his parents, who relinquished their
household 80286 PC to him at a young age and allowed him the
freedom to explore technology.
Brian cowrote Chapter 8.
Joshua Brashars is a security researcher for the External Threat
Assessment Team at Secure Science Corporation. Before that, Joshua
spent many years in the telecommunications industry as an imple-
viii
mentation consultant for traditional and VoIP PBX systems. Joshua
would like to extend heartfelt thanks to his family, friends, Lance
James and SSC, Johnny Long and all of johnny.ihackstuff.com, and a
special nod to Natas, Strom Carlson, and lucky225 for fueling the
fire in his passion for telephone systems.
Joshua contributed to Chapter 3.
Larry Chaffin (CISSP, PMP, JNCIE, MBCP, CWNP, NNCSE,
NNCDE, CCNP, CCDP, CCNP-WAN, CCDP-WAN) is the
CEO/Chairman of Pluto Networks and the Vice President of
Advanced Network Technologies for Plannet Group. He is an
accomplished author; he cowrote Managing Cisco Network Security
(ISBN: 1-931836-56-6) and has also been a coauthor/ghost writer
for 11 other technology books for VoIP, WLAN, security, and
optical technologies. Larry has more than 29 vendor certifications
such as the ones already listed, plus Cisco VoIP, Optical, Security,
VPN, IDS, Unity, and WLAN. He is also certified by Nortel in
DMS Carrier Class Switches along with CS100’S, MCS5100, Call
Pilot, and WLAN. Many other certifications come from vendors
such as Avaya, HP, IBM, Microsoft, PeopleSoft, and VMware. Larry
has been a Principal Architect around the world in 22 countries for
many Fortune 100 companies designing VoIP, Security, WLAN, and
optical networks. His next project is to write a book on Nortel
VoIP and a new security architecture book he has designed for VoIP
and WLAN networks.
Larry cowrote Chapter 7.
Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet
Specialist/Computer Forensic Analyst with the Niagara Regional
Police Service (NRPS). He performs computer forensic examinations on computers involved in criminal investigation. He also has
consulted and assisted in cases dealing with computerrelated/Internet crimes. In addition to designing and maintaining
the NRPS Web site at www.nrps.com and the NRPS intranet, he
ix
has provided support in the areas of programming, hardware, and
network administration. As part of an information technology team
that provides support to a user base of more than 800 civilian and
uniform users, he has a theory that when the users carry guns, you
tend to be more motivated in solving their problems.
Michael also owns KnightWare (www.knightware.ca), which
provides computer-related services such as Web page design, and
Bookworms (www.bookworms.ca), where you can purchase collectibles and other interesting items online. He has been a freelance
writer for several years, and he has been published more than three
dozen times in numerous books and anthologies. He currently
resides in St. Catharines, Ontario, Canada, with his lovely wife,
Jennifer, his darling daughter, Sara, and charming son, Jason.
Michael wrote Chapter 6.
Bradley Dunsmore (CCNP, CCDP, CCSP, INFOSEC, MCSE+I,
MCDBA) is a Software/QA engineer for the Voice Technology
Group at Cisco Systems Inc. He is part of the Golden Bridge solution test team for IPT based in RTP, NC. His responsibilities include
the design, deployment, testing, and troubleshooting of Cisco’s enterprise voice portfolio. His focus area is the integration of Cisco’s network security product line in an enterprise voice environment.
Bradley has been working with Cisco’s network security product line
for four years and he is currently working on his CCIE lab for
Security. Prior to his six years at Cisco, Bradley worked for Adtran,
Bell Atlantic, and as a network integrator in Virginia Beach, Va.
Bradley has authored, co-authored, or edited several books for
Syngress Publishing and Cisco Press for network security, telecommunication, and general networking. He would like to thank his
fiancée, Amanda, for her unwavering support in everything that he
does. Her support makes all of this possible.
Bradley contributed to Chapter 8.
x
Jan Kanclirz Jr. (CCIE #12136-Security, CCSP, CCNP, CCIP,
CCNA, CCDA, INFOSEC Professional, Cisco WLAN
Support/Design Specialist) is currently a Senior Network
Information Security Architect at IBM Global Services. Jan specializes in multivendor designs and post-sale implementations for several
technologies such as VPNs, IPS/IDS, LAN/WAN, firewalls, content
networking, wireless and VoIP. Beyond network designs and engineering Jan’s background includes extensive experience with open
source applications and Linux. Jan has contributed to Managing and
Securing Cisco SWAN (ISBN: 1-932266-91-7), a Syngress
publication.
In addition to Jan’s full-time position at IBM G.S., Jan runs a
security portal, www.MakeSecure.com, where he dedicates his time to
security awareness and consulting. Jan lives with his girl friend, Amy,
and her daughter, Abby, in Colorado, where they enjoy outdoor
adventures.
Jan wrote Chapter 2.
Tony Rosela (PMP, CTT+) is a Senior Member Technical Staff
with Computer Sciences Corporation working in the development
and delivery of technical instructional material. He provides leadership through knowledge and experience with the operational fundamentals of PSTN architecture and how the PSTN has evolved to
deliver high-quality services, including VoIP. His other specialties
include IP enabling voice networks, WAN voice and data network
design, implementation and troubleshooting, as well as spending a
great deal of time in the field of computer forensics and data analysis.
Tony cowrote Chapter 4.
Mark Spencer founded Linux Support Services in 1999 while still
a Computer Engineering student at Auburn University. When faced
with the high cost of buying a PBX, Mark simply used his Linux
PC and knowledge of C code to write his own.This was the beginning of the worldwide phenomenon known as Asterisk, the open
xi
source PBX, and caused Mark to shift his business focus from Linux
support to supporting Asterisk and opening up the telecom market.
Linux Support Services is now known as Digium, and is bringing
open source to the telecom market while gaining a foothold in the
telecom industry.
Mark strongly believes that every technology he creates should
be given back to the community.This is why Asterisk is fully open
source.Today, that model has allowed Asterisk to remain available
free of charge, while it has become as robust as the leading and most
expensive PBXs.
The Asterisk community has ambassadors and contributors from
every corner of the globe. Recently Mark was named by Network
World as one of the 50 Most Powerful People in Networking, next
to Cisco’s John Chambers, Microsoft’s Bill Gates, and Oracle’s Larry
Ellison. A renowned speaker, Mark has presented and delivered
keynotes at a number of industry conferences, including Internet
Telephony, SuperComm, and the VON shows.
Mark holds a degree in Computer Engineering from Auburn
University, and is now president of Digium, Inc. He has also led the
creation of several Linux-based open source applications, most
notably Asterisk, the Open Source PBX, and Gaim Instant
Messenger.
Mark wrote the IAX section of Chapter 7.
Choon Shim is responsible for the Qovia’s technology direction
and development of the Qovia product line.
Choon was previously President at Widearea Data Systems,
where he designed and developed collaboration platform software.
Prior to joining Widearea Data Systems, he was the Senior
Development Manager and Principal Engineer for Merant.
Choon is a successful technology leader with 20+ years’ experience architecting, building, and delivering large-scale infrastructure
software products. He has extensive hands-on technical development
skills and has successfully managed software teams for well-known
xii
enterprise software companies, including BMC Software and EMC
Corporation.
Choon is the author of Community Works and Express/OS shareware used widely throughout the world. He is a frequent speaker at
VoIP and networking conferences for academic and industry. He
recently gave a keynote speech to SNPD conference and chaired
VoIP Security Panel at Supercomm05. Choon holds a B.S. in
Computer Science from Kyoungpook National University and an
M.S in Electrical Engineering from the University of Wisconsin.
Choon wrote Chapters 14 and 16.
Stephen Watkins (CISSP) is an Information Security Professional
with more than 10 years of relevant technology experience,
devoting eight of these years to the security field. He currently
serves as Information Assurance Analyst at Regent University in
southeastern Virginia. Before coming to Regent, he led a team of
security professionals providing in-depth analysis for a global-scale
government network. Over the last eight years, he has cultivated his
expertise with regard to perimeter security and multilevel security
architecture. His Check Point experience dates back to 1998 with
FireWall-1 version 3.0b. He has earned his B.S. in Computer
Science from Old Dominion University and M.S. in Computer
Science, with Concentration in Infosec, from James Madison
University. He is nearly a life-long resident of Virginia Beach, where
he and his family remain active in their church and the local Little
League.
Stephen was the technical editor for Chapter 15.
Andy Zmolek is Senior Manager, Security Planning and Strategy
at Avaya. In that role, Andy drives product security architecture and
strategy across Avaya’s voice and data communications products.
Previously at Avaya, he helped launch the Avaya Enterprise Security
Practice, led several Sarbanes-Oxley-related security projects within
Avaya IT, and represented Avaya in standards bodies (IETF, W3C) as
xiii
part of the Avaya CTO Standards Group. Avaya Inc. designs, builds
and manages communications networks for more than one million
businesses worldwide, including over 90 percent of the FORTUNE
500®.
Andy has been involved with network security for over a
decade, and is an expert on Session Initiation Protocol (SIP) and
related VoIP standards, Presence systems, and firewall traversal for
VoIP. He holds a degree in Mathematics from Brigham Young
University and is NSA IAM certified.
Prior to joining Avaya, he directed network architecture and
operations at New Era of Networks, a pioneer of enterprise application integration (EAI) technology, now a division of Sybase. Andy
got his start in the industry as a systems architect responsible for the
design and operation of secure real-time simulation networks for
missile and satellite programs at Raytheon, primarily with the
Tomahawk program.
Andy wrote Chapter 15, cowrote Chapters 3 and 4, and was a technical editor for several chapters.
xiv
Contents
Chapter 1 Introduction to VoIP Security . . . . . . . . . . . . . 1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
The Switch Leaves the Basement . . . . . . . . . . . . . . . . . . . . .4
What Is VoIP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
VoIP Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
VoIP Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
VoIP Isn’t Just Another Data Protocol . . . . . . . . . . . . . . . . .10
Security Issues in Converged Networks . . . . . . . . . . . . . . . .13
VoIP Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
A New Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .21
Chapter 2 Asterisk Configuration and Features . . . . . . 23
Introduction: What Are We Trying to Accomplish? . . . . . . . .24
What Functions Does a Typical PBX Perform? . . . . . . . . . . .24
PBX Administration . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Asterisk Gateway Interface (AGI) . . . . . . . . . . . . . . .27
Asterisk Manager API . . . . . . . . . . . . . . . . . . . . . . . .27
Dial Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Numbering Plans . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Choosing a Numbering
Scale for Your Private Numbering Plan . . . . . . . . . . .31
Extensions Based on DID . . . . . . . . . . . . . . . . . . . . .33
Dialing Plan and Asterisk PBX . . . . . . . . . . . . . . . . .34
Billing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Billing Accounting with Asterisk PBX System . . . . . .35
Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
xv
xvi
Contents
Time-of-Day Routing . . . . . . . . . . . . . . . . . . . . . . .39
Day-of-Week Routing . . . . . . . . . . . . . . . . . . . . . . .39
Source Number Routing . . . . . . . . . . . . . . . . . . . . .39
Cost-Savings Routing . . . . . . . . . . . . . . . . . . . . . . . .39
Disaster Routing . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Skill-Based Routing . . . . . . . . . . . . . . . . . . . . . . . . .40
DUNDi Routing Protocol . . . . . . . . . . . . . . . . . . . .40
Other Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Music on Hold . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Call Parking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Call Pickup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Call Recording . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Conferencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Direct Inward System Access . . . . . . . . . . . . . . . . . . .45
Unattended Transfer (or Blind Transfer) . . . . . . . . . . .46
Attended Transfer (or Consultative Transfer) . . . . . . .46
Consultation Hold . . . . . . . . . . . . . . . . . . . . . . . . . .46
No Answer Call Forwarding . . . . . . . . . . . . . . . . . . .46
Busy Call Forwarding . . . . . . . . . . . . . . . . . . . . . . . .46
Do Not Disturb (DND) . . . . . . . . . . . . . . . . . . . . . .47
Three-Way Calling . . . . . . . . . . . . . . . . . . . . . . . . . .48
Find-Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Call-Waiting Indication . . . . . . . . . . . . . . . . . . . . . .49
Voice Mail and Asterisk PBX . . . . . . . . . . . . . . . . . . . . . . .49
How Is VoIP Different from Private Telephone Networks? . .51
Circuit-Switched and
Packet-Routed Networks Compared . . . . . . . . . . . . . . .51
What Functionality Is Gained,
Degraded, or Enhanced on VoIP Networks? . . . . . . . . . . . .52
Gained Functionality . . . . . . . . . . . . . . . . . . . . . . . .52
Degraded Functionality . . . . . . . . . . . . . . . . . . . . . .54
Enhanced Functionality . . . . . . . . . . . . . . . . . . . . . .55
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .58
Contents
Chapter 3 The Hardware Infrastructure . . . . . . . . . . . . 59
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Traditional PBX Systems . . . . . . . . . . . . . . . . . . . . . . . . . . .61
PBX Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
PBX Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
PBX Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
PBX Adjunct Servers . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Voice Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Interactive Voice Response Servers . . . . . . . . . . . . . .70
Wireless PBX Solutions . . . . . . . . . . . . . . . . . . . . . . . . .71
Other PBX Solutions . . . . . . . . . . . . . . . . . . . . . . . . . .71
PBX Alternatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
VoIP Telephony and Infrastructure . . . . . . . . . . . . . . . . . . . .72
Media Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
Interactive Media Service: Media Servers . . . . . . . . . .73
Call or Resource Control: Media Servers . . . . . . . . . .73
Media Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Firewalls and Application-Layer Gateways . . . . . . . . .75
Application Proxies . . . . . . . . . . . . . . . . . . . . . . . . . .76
Endpoints (User Agents) . . . . . . . . . . . . . . . . . . . . . .76
IP Switches and Routers . . . . . . . . . . . . . . . . . . . . . . . .80
Wireless Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . .80
Wireless Encryption: WEP . . . . . . . . . . . . . . . . . . . .80
Wireless Encryption: WPA2 . . . . . . . . . . . . . . . . . . .81
Authentication: 802.1x . . . . . . . . . . . . . . . . . . . . . . .82
Power-Supply Infrastructure . . . . . . . . . . . . . . . . . . . . .83
Power-over-Ethernet (IEEE 802.3af ) . . . . . . . . . . . .84
UPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Energy and Heat Budget Considerations . . . . . . . . . .85
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .88
Chapter 4 PSTN Architecture . . . . . . . . . . . . . . . . . . . . . 91
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92
PSTN: What Is It, and How Does It Work? . . . . . . . . . . . . .92
PSTN: Outside Plant . . . . . . . . . . . . . . . . . . . . . . . . . .93
xvii
xviii
Contents
PSTN: Signal Transmission . . . . . . . . . . . . . . . . . . . . . .95
T1 Transmission: Digital Time Division Multiplexing 96
PSTN: Switching and Signaling . . . . . . . . . . . . . . . . . .102
The Intelligent Network (IN),
Private Integrated Services, ISDN, and QSIG . . . . . .105
ITU-T Signaling System Number 7 (SS7) . . . . . . . .106
PSTN: Operational and Regulatory Issues . . . . . . . . . .110
PSTN Call Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
PSTN Protocol Security . . . . . . . . . . . . . . . . . . . . . . . . .114
SS7 and Other ITU-T Signaling Security . . . . . . . . . . .114
ISUP and QSIG Security . . . . . . . . . . . . . . . . . . . .117
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .120
Chapter 5 H.323 Architecture . . . . . . . . . . . . . . . . . . . 123
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
The H.323 Protocol Specification . . . . . . . . . . . . . . . . . .124
The Primary H.323 VoIP-Related Protocols . . . . . . . . . . .126
H.225/Q.931 Call Signaling . . . . . . . . . . . . . . . . . . . .129
H.245 Call Control Messages . . . . . . . . . . . . . . . . . . . .134
Real-Time Transport Protocol . . . . . . . . . . . . . . . . . . .136
H.235 Security Mechanisms . . . . . . . . . . . . . . . . . . . . . . .137
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .143
Chapter 6 SIP Architecture. . . . . . . . . . . . . . . . . . . . . . 145
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Understanding SIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Overview of SIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147
RFC 2543 / RFC 3261 . . . . . . . . . . . . . . . . . . . . .148
SIP and Mbone . . . . . . . . . . . . . . . . . . . . . . . . . . .149
OSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
SIP Functions and Features . . . . . . . . . . . . . . . . . . . . . . . .152
User Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
User Availability . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Contents
User Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Session Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Session Management . . . . . . . . . . . . . . . . . . . . . . . .153
SIP URIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
SIP Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
SIP Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
User Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
SIP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Stateful versus Stateless . . . . . . . . . . . . . . . . . . . . . .157
Location Service . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Client/Server versus Peer-to-Peer Architecture . . . . . . .158
Client/Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
Peer to Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
SIP Requests and Responses . . . . . . . . . . . . . . . . . . . .159
Protocols Used with SIP . . . . . . . . . . . . . . . . . . . . . . .162
UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Transport Layer Security . . . . . . . . . . . . . . . . . . . . .164
Other Protocols Used by SIP . . . . . . . . . . . . . . . . .165
Understanding SIP’s Architecture . . . . . . . . . . . . . . . . .168
SIP Registration . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Requests through Proxy Servers . . . . . . . . . . . . . . .169
Requests through Redirect Servers . . . . . . . . . . . . .170
Peer to Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Instant Messaging and SIMPLE . . . . . . . . . . . . . . . . . . . . .172
Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . .172
SIMPLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .180
Chapter 7 Other VoIP Communication Architectures . 183
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Skype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185
Skype Protocol Design . . . . . . . . . . . . . . . . . . . . . . . .186
Skype Messaging Sequence . . . . . . . . . . . . . . . . . . . . . . . .186
Skype Protocol Security . . . . . . . . . . . . . . . . . . . . . . .189
xix
xx
Contents
H.248 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
H.248 Protocol Design . . . . . . . . . . . . . . . . . . . . . . . .191
H.248 Messaging Sequence . . . . . . . . . . . . . . . . . . . . . . . .193
H.248 Protocol Security . . . . . . . . . . . . . . . . . . . . . . .194
IAX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
IAX Protocol Design . . . . . . . . . . . . . . . . . . . . . . . . . .195
IAX Messaging Sequence . . . . . . . . . . . . . . . . . . . . . . . . .195
IAX Protocol Security . . . . . . . . . . . . . . . . . . . . . . . . .197
Microsoft Live Communication Server 2005 . . . . . . . . . . .197
History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
MLCS Protocol Design . . . . . . . . . . . . . . . . . . . . . . . .199
MLCS Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .203
Chapter 8 Support Protocols . . . . . . . . . . . . . . . . . . . . 205
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206
DNS Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . .207
Fully Qualified Domain Name (FQDN) . . . . . . . . .208
DNS Client Operation . . . . . . . . . . . . . . . . . . . . . .209
DNS Server Operation . . . . . . . . . . . . . . . . . . . . . .211
Security Implications for DNS . . . . . . . . . . . . . . . . . . .212
TFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212
TFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213
TFTP File Transfer Operation . . . . . . . . . . . . . . . . .214
Security Implications for TFTP . . . . . . . . . . . . . . . . . .215
HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
HTTP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
HTTP Client Request . . . . . . . . . . . . . . . . . . . . . .217
HTTP Server Response . . . . . . . . . . . . . . . . . . . . .217
Security Implications for HTTP . . . . . . . . . . . . . . . . .218
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219
SNMP Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . .219
SNMP Operation . . . . . . . . . . . . . . . . . . . . . . . . . .220