Securing the UC NetworkTerry PiersonConsulting System EngineerUC Security – AVAY

Securing the UC NetworkTerry PiersonConsulting System EngineerUC Security - AVAY www.phwiki.com

Securing the UC NetworkTerry PiersonConsulting System EngineerUC Security – AVAY

Rossi, Bridget, Fashion Reporter has reference to this Academic Journal, PHwiki organized this Journal Securing the UC NetworkTerry PiersonConsulting System EngineerUC Security – AVAYAAgendaUC Security – Why it mattersVIPER LabAvaya SBC as long as EnterpriseUse CasesSIP Trunks – St in addition to ard LicenseRemote Worker – Advanced LicenseSBC Update ResourcesQ & A3

PJ's College of Cosmetology-Crestwood KY www.phwiki.com

This Particular University is Related to this Particular Journal

More Collaboration in addition to Mobile Devices More Enterprise Security ThreatsDenial of ServiceCall/registration overloadMal as long as med messages aka“fuzzing”Configuration errorsMis-configured devicesOperator in addition to application errors Theft of serviceUnauthorized usersUnauthorized media typesViruses in addition to SPITViruses via SIP messages Malware via IM sessionsSPIT – unwanted traffic4Source: Nemertes ResearchEnterprise Adoption of Collaboration ToolsUnified Communications Security – Should You Care5Credit card privacy rules: other compliance laws require security architecture specific to VoIP in addition to other UC.150% Increase‘VoIP hacking at new levels2Up to 25% of attacks VoIP scanning – botnets, Cloud used as long as VoIP fraud3Reduce Deployments by 1/3 VoIP /UC security reduces VoIP / UC deployment time by one third4Toll fraud: yearly enterprise losses in Billions inadequate securing of SIP trunks, UC in addition to VoIP applications5OSI Model 7 Layers of Attacks Typical firewall protection Layer 3-4 protection (3 to 4 foot hurdle) Email spam filters layer 7 application specific email firewall SIP, VoIP, UC layer 4 to layer 7 applicationSIP Trunking – a trunk side application SIP Line (phone) side (internal in addition to external) access another application Attackers/Exploiters look as long as :High/growing adoptionProtection not yet available VoIP/UC6Wikipedia on 22Jul2011: http://en.wikipedia.org/wiki/OSI-Model Avaya SBCE provides a VoIP/UC trunk/line side layer 4-7 application protectionThink of OSI model as a 7 foot high jump

VIPER Lab7Industry Recognized UC Security Experts Recognized UC Security SMEs by Sans, Dept of Justice, in addition to other US Gov agencies, external organizations like DefCon in addition to InfoseekLeading Edge UC Security Research 10 Years of extensive research, using worldwide honeypots, Enterprise networks, etc. Experienced audit in addition to assessment team VIPER is an experienced Security assessment team, having completed over 100 network or application assessmentsBest Practices vs an AssessmentBest PracticesLock your doors at nightLock your windowsEnable your home alarm systemYou’ve followed best practices in addition to you’re safe! Or are youA Security AssessmentYour locked doors use an easy to pick lock typeYour door frame is thin in addition to one kick could open itYour windows can be unlocked from the outside with a screwdriverYour phone line can be cut stopping your alarm from reaching the police8A proper security assessment validates the implementation of a best practice— in addition to often reveal many weaknesses!What does an Audit consist ofAn audit usually takes the as long as m of a “UC Penetration Test” It typically consists of the following process:VIPER will review the business in addition to underst in addition to VoIP/UC application flowWill tailor a set of unique security test cases, as long as penetration testing, that are unique to that customer’s infrastructurePer as long as m network discovery in addition to reconnaissanceWill spend 1 – 5 weeks doing technical security testingWill develop the security report, typically 1 – 2 weeks9

Evolving in addition to Protecting – VIPER Lab10Uncover vulnerabilities in next-generation, multi-vendor networking environmentsProactively identifying in addition to preparing defenses beyond your network bordersVulnerability Assessments improve security architectures in addition to enhance complianceState-of-the-art research facility with expert vulnerability assessment professionalsOpen Source UC Security Self-Assessment ToolsThe Solution – Session Border Controller11En as long as ce your unique security policies Focus on enterprise securitySIP trunk provider’s own SBC Network topology Invisible to external threats Limits multivendor environment interoperability concernsIndependence from Service ProviderNormalization point as long as signaling / RTP media streamsMultiple SIP trunk provider access points Support enterprise-specific call flowsReport on intrusion attemptsSession recording Remote Worker SafetySecurityFlexibilityAccountabilityThe SBC Protects & Defends the Avaya CoreThe SBC is not just about SIP Trunks in addition to Remote Endpoints – it’s about Avaya’s future.Acme, Sonus, in addition to most other 3rd party players are moving into the Enterprise with SBC’s –AND- with Session Management offerings.Allowing 3rd Party wins with SBC deals opens the door as long as them to capture the Core with their SM offerings in addition to sequenced applications be as long as e it ever gets to an Avaya systemSelling the Avaya SBCE protects Avaya’s Core Business in addition to extends Avaya Aura solutions with secure in addition to borderless Enterprise communication applications. 12

ASBCE 6.2 System CapacitySession Border Controller capacities are rated in Simultaneous SessionsA simultaneous session = a communication session between 2 SIP endpointsCan think of it as analogous to a DSO in the ‘old world’Key as long as engineering is to underst in addition to the numbers of sessions required in the solutionFor Secure SIP trunking, look at the number of TDM DSOs requiredFor Remote Worker, calculate required call volumes13Portwell CAD-0208Max Capacityw/o EncryptionMax Capacitywith EncryptionHASASA10001000 25020002000 500Capacity in Simultaneous Sessions‘Rules of Thumb’SIP trunking usually 5 users per session Must account as long as higher ratio in small Remote Worker must consider bothOn-net in addition to off-net requirements Remember Encryption Services impact capacityAvaya SBC as long as Enterprise 14SIP TrunkingRemote WorkerSIP TrunkingAvaya SBC as long as EnterpriseSIP TrunkingAvaya SBC as long as EnterpriseCS1000SIP TrunkingAvaya SBC as long as Enterprise1 Software Base:Avaya Aura SBC as long as Enterprise3 HW Plat as long as ms:Dell & HP as long as Enterprise; Portwell CAD-0208 as long as IPO2 Use Cases Avaya SBC as long as EnterpriseSIP TrunkingAvaya SBCE: SIP Trunking Architecture 15Use Case: SIP Trunking to Carrier Carrier offering SIP trunks as lower-cost alternative to TDMHeavy driver as long as Enterprise adoption of SBCCarrier SIP trunks to the Avaya Session Border Controller as long as EnterpriseAvaya SBCE is located in a DMZ behind the Enterprise firewallServices: security in addition to demarcation device between the IP-PBX in addition to the CarrierNAT traversal,Securely anchors signaling in addition to media, in addition to canNormalize SIP protocolInternetEnterpriseIP PBXAvaya SBCEDMZSIP TrunksCarrier

Secure Remote Worker with BYOD16Personal PC, Mac or iPad devicesAvaya Flare®, Avaya one-X® SIP client appApp secured into the organization, not the deviceOne number UC anywhereAvaya SBCEAvaya Aura®Untrusted Network(Internet, Wireless, etc.)Avaya SBCE: Remote Worker Architecture 17Use Case: Remote WorkerExtend UC to SIP users remote to the EnterpriseSolution not requiring VPN as long as UC/CC SIP endpointsRemote Worker are External to the Enterprise FirewallAvaya Session Border Controller as long as EnterpriseAuthenticate SIP-based users/clients to the enterpriseSecurely proxy registrations in addition to client device provisioningSecurely manage communications without requiring a VPNInternetEnterpriseAvaya SBCEDMZRemote WorkersIP PBXRemote Worker: How does the SBC proxy endpoint traffic18InternetCM or CS1kIntranetAvaya SBCEExternal Firewall/RouterInternal Firewall+NAT2. Signaling over TCP/UDP4. Media RTP3. Encrypted media SRTP1. Encrypted signaling over TLSDMZFW/NATTraversalSM

What’s Next“6.2” Product Release now through April 2013“Micro” Release as long as IP Office available now (new market)Trunk-side as long as Enterprise in February ’13Applications (inc. Remote Worker) in April ’13Re-organized UC Security Team engaging now to build Sales, Tech Ops, Channel enablement programs in addition to create wider coverage. Need your support as long as participation.Auto-attach campaign to start in Q2 as long as IPO, CM/Aura, SM, othersReporting on success will be delivered from UC Security Ops to Area Ops, Leaders to assist in gap identification, drive activity19SBCE Roadmap20SIP security designed as long as scalable cost-effective enterprise useFully supports SIP trunking on Avaya Aura, CS1K & IPOSupports remote in addition to mobile SIP devices in addition to clients with Avaya Aura96x1 R6.2One-X Com R6.2Flare Exp iPad R1.1Extends Avaya Aura® SIP capabilities outside the enterpriseEasy in addition to intuitive to deploy in addition to configure, lowering TCOSIP Trunking (Avaya Aura, CS1000 & IPO) Securing Remote Worker without VPN (Avaya Aura)Avaya SBCE 6.2Q1 CY 2013 (Mar)Avaya SBCE 6.2 Feature Pack 1Q2 CY 2013 (May)Avaya SBCE 6.2 Feature Pack 2Q3 CY 2013UC Security Sales Organization21Nick Adams – Global Sales LeaderUS Practice LeadersDave Mulhern-Northeastdmulherm@avaya.com972-679-7809Brad Bleeck-Southhbleeck@avaya.com972-679-7809Ed Williams- Centralewilliams1@avaya.com972-322-3791Shawn Darcy – West sddarcy@avaya.com310-748-8803US EngineeringTerry Piersontpierson1@avaya.com972-978-2611 CANADA Practice LeadChuck Pledgercpledger@avaya.com614-893-2628CALA Practice LeadGus Herreraherrerag@avaya.com305-586-2973EMEA Practice LeadDan Panesardpanesar@avaya.com+44 4477 1566 6078APAC Practice LeadDavid Lloyddave@avaya.com+61 417328435Global Technical LeadAddis Hallmarkahallmark@avaya.com214-269-2420Global Channel LeadGreg Parcellgparcell1@avaya.com630-618-0188Global OperationsJaime Cooleyjcooley@avaya.com630-245-2822

22

Rossi, Bridget Southern California Life - KVMD-TV Fashion Reporter www.phwiki.com

Rossi, Bridget Fashion Reporter

Rossi, Bridget is from United States and they belong to Southern California Life – KVMD-TV and they are from  Los Angeles, United States got related to this Particular Journal. and Rossi, Bridget deal with the subjects like Fashion and Wearing Apparel

Journal Ratings by PJ’s College of Cosmetology-Crestwood

This Particular Journal got reviewed and rated by PJ’s College of Cosmetology-Crestwood and short form of this particular Institution is KY and gave this Journal an Excellent Rating.