Tài liệu Practical voip security

Register for Free Membership to [email protected] Over the last few years, Syngress has published many best-selling and critically acclaimed books, including Tom Shinder’s Configuring ISA Server 2004, Brian Caswell and Jay Beale’s Snort 2.1 Intrusion Detection, and Angela Orebaugh and Gilbert Ramirez’s Ethereal Packet Sniffing. One of the reasons for the success of these books has been our unique [email protected] program. Through this site, we’ve been able to provide readers a real time extension to the printed book. As a registered owner of this book, you will qualify for free access to our members-only [email protected] program. Once you have registered, you will enjoy several benefits, including: ■ Four downloadable e-booklets on topics related to the book. Each booklet is approximately 20-30 pages in Adobe PDF format. They have been selected by our editors from other best-selling Syngress books as providing topic coverage that is directly related to the coverage in this book. ■ A comprehensive FAQ page that consolidates all of the key points of this book into an easy-to-search web page, providing you with the concise, easy-to-access data you need to perform your job. ■ A “From the Author” Forum that allows the authors of this book to post timely updates and links to related sites, or additional topic coverage that may have been requested by readers. Just visit us at www.syngress.com/solutions and follow the simple registration process. You will need to have this book with you when you register. Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there is anything else we can do to make your job easier. Practical VoIP Security Thomas Porter Jan Kanclirz Andy Zmolek Antonio Rosela Michael Cross Larry Chaffin Brian Baskin Choon Shim Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc. “Syngress:The Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 002 003 004 005 006 007 008 009 010 HJIRTCV764 PO9873D5FG 829KM8NJH2 BNNERHJC7B CVPLQ6WQ23 VBP965T5T5 HJJJ863WD3E 2987GVTWMK 629MP5SDJT IMWQ295T6T PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370 Practical VoIP Security Copyright © 2006 by Syngress Publishing, Inc. All rights reserved. Printed in Canada. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in Canada 1 2 3 4 5 6 7 8 9 0 ISBN: 1597490601 Publisher: Andrew Williams Acquisitions Editor: Gary Byrne Cover Designer: Michael Kavish Technical Editors: Andy Zmolek,Thomas Porter, and Stephen Watkins Page Layout and Art: Patricia Lupien Copy Editor: Adrienne Rebello and Mike McGee Indexer: Julie Kawabata Distributed by O’Reilly Media, Inc. in the United States and Canada. or information on rights, translations, and bulk sales, contact Matt Pedersen, Director of Sales and Rights, at Syngress Publishing; email [email protected] or fax to 781-681-3585. Acknowledgments Syngress would like to acknowledge the following people for their kindness and support in making this book possible. Syngress books are now distributed in the United States and Canada by O’Reilly Media, Inc.The enthusiasm and work ethic at O’Reilly are incredible, and we would like to thank everyone there for their time and efforts to bring Syngress books to market:Tim O’Reilly, Laura Baldwin, Mark Brokering, Mike Leonard, Donna Selenko, Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol Matsutaro, Mark Wilson, Rick Brown,Tim Hinton, Kyle Hart, Sara Winge, Peter Pardo, Leslie Crandell, Regina Aggio Wilkinson, Pascal Honscher, Preston Paull, Susan Thompson, Bruce Stewart, Laura Schmier, Sue Willing, Mark Jacobsen, Betsy Waliszewski, Kathryn Barrett, John Chodacki, Rob Bullington, Kerry Beck, Karen Montgomery, and Patrick Dirden. The incredibly hardworking team at Elsevier Science, including Jonathan Bunkell, Ian Seager, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran, Emma Wyatt, Krista Leppiko, Marcel Koppes, Judy Chappell, Radek Janousek, Rosie Moss, David Lockley, Nicola Haden, Bill Kennedy, Martina Morris, Kai Wuerfl-Davidek, Christiane Leipersberger,Yvonne Grueneklee, Nadia Balavoine, and Chris Reinders for making certain that our vision remains worldwide in scope. David Buckland, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, Pang Ai Hua, Joseph Chan, June Lim, and Siti Zuraidah Ahmad of Pansing Distributors for the enthusiasm with which they receive our books. David Scott, Tricia Wilden, Marilla Burgess, Annette Scott, Andrew Swaffer, Stephen O’Donoghue, Bec Lowe, Mark Langley, and Anyo Geddes of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji,Tonga, Solomon Islands, and the Cook Islands. v Lead Author and Technical Editor Thomas Porter, Ph.D. (CISSP, IAM, CCNP, CCDA, CCNA, ACE, CCSA, CCSE, and MCSE) is the Lead Security Architect in Avaya’s Consulting & Systems Integration Practice. He also serves as Director of Network Security for the FIFA World Cup 2006. Porter has spent over 10 years in the networking and security industry as a consultant, speaker, and developer of security tools. Porter’s current technical interests include VoIP security, development of embedded microcontroller and FPGA Ethernet tools, and H.323/SIP vulnerability test environments. He is a member of the IEEE and OASIS (Organization for the Advancement of Structured Information Standards). Porter recently published Foundation articles for SecurityFocus titled “H.323 Mediated Voice over IP: Protocols, Vulnerabilities, and Remediation”; and “Perils of Deep Packet Inspection.” Tom lives in Chapel Hill, North Carolina, with his wife, Kinga, an Asst. Professor of Internal Medicine at the University of North Carolina, and two Chesapeake Bay retrievers. vii Contributing Authors Brian Baskin (MCP, CTT+) is a researcher and developer for Computer Sciences Corporation, on contract to the Defense Cyber Crime Center’s (DC3) Computer Investigations Training Program (DCITP). Here, he researches, develops, and instructs computer forensic courses for members of the military and law enforcement. Brian currently specializes in Linux/Solaris intrusion investigations, as well as investigations of various network applications. He has designed and implemented networks to be used in scenarios, and has also exercised penetration testing procedures. Brian has been instructing courses for six years, including presentations at the annual DoD Cyber Crime Conference. He is an avid amateur programmer in many languages, beginning when his father purchased QuickC for him when he was 11, and has geared much of his life around the implementations of technology. He has also been an avid Linux user since 1994 and enjoys a relaxing terminal screen whenever he can. He has worked in networking environments for over 10 years from small Novell networks to large, mission-critical, Windows-based networks. Brian lives in the Baltimore, MD, area with his lovely wife and son. He is also the founder and president of the Lightning Owners of Maryland car club. Brian is a motor sports enthusiast and spends much of his time building and racing his vehicles. He attributes a great deal of his success to his parents, who relinquished their household 80286 PC to him at a young age and allowed him the freedom to explore technology. Brian cowrote Chapter 8. Joshua Brashars is a security researcher for the External Threat Assessment Team at Secure Science Corporation. Before that, Joshua spent many years in the telecommunications industry as an imple- viii mentation consultant for traditional and VoIP PBX systems. Joshua would like to extend heartfelt thanks to his family, friends, Lance James and SSC, Johnny Long and all of johnny.ihackstuff.com, and a special nod to Natas, Strom Carlson, and lucky225 for fueling the fire in his passion for telephone systems. Joshua contributed to Chapter 3. Larry Chaffin (CISSP, PMP, JNCIE, MBCP, CWNP, NNCSE, NNCDE, CCNP, CCDP, CCNP-WAN, CCDP-WAN) is the CEO/Chairman of Pluto Networks and the Vice President of Advanced Network Technologies for Plannet Group. He is an accomplished author; he cowrote Managing Cisco Network Security (ISBN: 1-931836-56-6) and has also been a coauthor/ghost writer for 11 other technology books for VoIP, WLAN, security, and optical technologies. Larry has more than 29 vendor certifications such as the ones already listed, plus Cisco VoIP, Optical, Security, VPN, IDS, Unity, and WLAN. He is also certified by Nortel in DMS Carrier Class Switches along with CS100’S, MCS5100, Call Pilot, and WLAN. Many other certifications come from vendors such as Avaya, HP, IBM, Microsoft, PeopleSoft, and VMware. Larry has been a Principal Architect around the world in 22 countries for many Fortune 100 companies designing VoIP, Security, WLAN, and optical networks. His next project is to write a book on Nortel VoIP and a new security architecture book he has designed for VoIP and WLAN networks. Larry cowrote Chapter 7. Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet Specialist/Computer Forensic Analyst with the Niagara Regional Police Service (NRPS). He performs computer forensic examinations on computers involved in criminal investigation. He also has consulted and assisted in cases dealing with computerrelated/Internet crimes. In addition to designing and maintaining the NRPS Web site at www.nrps.com and the NRPS intranet, he ix has provided support in the areas of programming, hardware, and network administration. As part of an information technology team that provides support to a user base of more than 800 civilian and uniform users, he has a theory that when the users carry guns, you tend to be more motivated in solving their problems. Michael also owns KnightWare (www.knightware.ca), which provides computer-related services such as Web page design, and Bookworms (www.bookworms.ca), where you can purchase collectibles and other interesting items online. He has been a freelance writer for several years, and he has been published more than three dozen times in numerous books and anthologies. He currently resides in St. Catharines, Ontario, Canada, with his lovely wife, Jennifer, his darling daughter, Sara, and charming son, Jason. Michael wrote Chapter 6. Bradley Dunsmore (CCNP, CCDP, CCSP, INFOSEC, MCSE+I, MCDBA) is a Software/QA engineer for the Voice Technology Group at Cisco Systems Inc. He is part of the Golden Bridge solution test team for IPT based in RTP, NC. His responsibilities include the design, deployment, testing, and troubleshooting of Cisco’s enterprise voice portfolio. His focus area is the integration of Cisco’s network security product line in an enterprise voice environment. Bradley has been working with Cisco’s network security product line for four years and he is currently working on his CCIE lab for Security. Prior to his six years at Cisco, Bradley worked for Adtran, Bell Atlantic, and as a network integrator in Virginia Beach, Va. Bradley has authored, co-authored, or edited several books for Syngress Publishing and Cisco Press for network security, telecommunication, and general networking. He would like to thank his fiancée, Amanda, for her unwavering support in everything that he does. Her support makes all of this possible. Bradley contributed to Chapter 8. x Jan Kanclirz Jr. (CCIE #12136-Security, CCSP, CCNP, CCIP, CCNA, CCDA, INFOSEC Professional, Cisco WLAN Support/Design Specialist) is currently a Senior Network Information Security Architect at IBM Global Services. Jan specializes in multivendor designs and post-sale implementations for several technologies such as VPNs, IPS/IDS, LAN/WAN, firewalls, content networking, wireless and VoIP. Beyond network designs and engineering Jan’s background includes extensive experience with open source applications and Linux. Jan has contributed to Managing and Securing Cisco SWAN (ISBN: 1-932266-91-7), a Syngress publication. In addition to Jan’s full-time position at IBM G.S., Jan runs a security portal, www.MakeSecure.com, where he dedicates his time to security awareness and consulting. Jan lives with his girl friend, Amy, and her daughter, Abby, in Colorado, where they enjoy outdoor adventures. Jan wrote Chapter 2. Tony Rosela (PMP, CTT+) is a Senior Member Technical Staff with Computer Sciences Corporation working in the development and delivery of technical instructional material. He provides leadership through knowledge and experience with the operational fundamentals of PSTN architecture and how the PSTN has evolved to deliver high-quality services, including VoIP. His other specialties include IP enabling voice networks, WAN voice and data network design, implementation and troubleshooting, as well as spending a great deal of time in the field of computer forensics and data analysis. Tony cowrote Chapter 4. Mark Spencer founded Linux Support Services in 1999 while still a Computer Engineering student at Auburn University. When faced with the high cost of buying a PBX, Mark simply used his Linux PC and knowledge of C code to write his own.This was the beginning of the worldwide phenomenon known as Asterisk, the open xi source PBX, and caused Mark to shift his business focus from Linux support to supporting Asterisk and opening up the telecom market. Linux Support Services is now known as Digium, and is bringing open source to the telecom market while gaining a foothold in the telecom industry. Mark strongly believes that every technology he creates should be given back to the community.This is why Asterisk is fully open source.Today, that model has allowed Asterisk to remain available free of charge, while it has become as robust as the leading and most expensive PBXs. The Asterisk community has ambassadors and contributors from every corner of the globe. Recently Mark was named by Network World as one of the 50 Most Powerful People in Networking, next to Cisco’s John Chambers, Microsoft’s Bill Gates, and Oracle’s Larry Ellison. A renowned speaker, Mark has presented and delivered keynotes at a number of industry conferences, including Internet Telephony, SuperComm, and the VON shows. Mark holds a degree in Computer Engineering from Auburn University, and is now president of Digium, Inc. He has also led the creation of several Linux-based open source applications, most notably Asterisk, the Open Source PBX, and Gaim Instant Messenger. Mark wrote the IAX section of Chapter 7. Choon Shim is responsible for the Qovia’s technology direction and development of the Qovia product line. Choon was previously President at Widearea Data Systems, where he designed and developed collaboration platform software. Prior to joining Widearea Data Systems, he was the Senior Development Manager and Principal Engineer for Merant. Choon is a successful technology leader with 20+ years’ experience architecting, building, and delivering large-scale infrastructure software products. He has extensive hands-on technical development skills and has successfully managed software teams for well-known xii enterprise software companies, including BMC Software and EMC Corporation. Choon is the author of Community Works and Express/OS shareware used widely throughout the world. He is a frequent speaker at VoIP and networking conferences for academic and industry. He recently gave a keynote speech to SNPD conference and chaired VoIP Security Panel at Supercomm05. Choon holds a B.S. in Computer Science from Kyoungpook National University and an M.S in Electrical Engineering from the University of Wisconsin. Choon wrote Chapters 14 and 16. Stephen Watkins (CISSP) is an Information Security Professional with more than 10 years of relevant technology experience, devoting eight of these years to the security field. He currently serves as Information Assurance Analyst at Regent University in southeastern Virginia. Before coming to Regent, he led a team of security professionals providing in-depth analysis for a global-scale government network. Over the last eight years, he has cultivated his expertise with regard to perimeter security and multilevel security architecture. His Check Point experience dates back to 1998 with FireWall-1 version 3.0b. He has earned his B.S. in Computer Science from Old Dominion University and M.S. in Computer Science, with Concentration in Infosec, from James Madison University. He is nearly a life-long resident of Virginia Beach, where he and his family remain active in their church and the local Little League. Stephen was the technical editor for Chapter 15. Andy Zmolek is Senior Manager, Security Planning and Strategy at Avaya. In that role, Andy drives product security architecture and strategy across Avaya’s voice and data communications products. Previously at Avaya, he helped launch the Avaya Enterprise Security Practice, led several Sarbanes-Oxley-related security projects within Avaya IT, and represented Avaya in standards bodies (IETF, W3C) as xiii part of the Avaya CTO Standards Group. Avaya Inc. designs, builds and manages communications networks for more than one million businesses worldwide, including over 90 percent of the FORTUNE 500®. Andy has been involved with network security for over a decade, and is an expert on Session Initiation Protocol (SIP) and related VoIP standards, Presence systems, and firewall traversal for VoIP. He holds a degree in Mathematics from Brigham Young University and is NSA IAM certified. Prior to joining Avaya, he directed network architecture and operations at New Era of Networks, a pioneer of enterprise application integration (EAI) technology, now a division of Sybase. Andy got his start in the industry as a systems architect responsible for the design and operation of secure real-time simulation networks for missile and satellite programs at Raytheon, primarily with the Tomahawk program. Andy wrote Chapter 15, cowrote Chapters 3 and 4, and was a technical editor for several chapters. xiv Contents Chapter 1 Introduction to VoIP Security . . . . . . . . . . . . . 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 The Switch Leaves the Basement . . . . . . . . . . . . . . . . . . . . .4 What Is VoIP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 VoIP Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 VoIP Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 VoIP Isn’t Just Another Data Protocol . . . . . . . . . . . . . . . . .10 Security Issues in Converged Networks . . . . . . . . . . . . . . . .13 VoIP Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 A New Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .21 Chapter 2 Asterisk Configuration and Features . . . . . . 23 Introduction: What Are We Trying to Accomplish? . . . . . . . .24 What Functions Does a Typical PBX Perform? . . . . . . . . . . .24 PBX Administration . . . . . . . . . . . . . . . . . . . . . . . . . . .27 Asterisk Gateway Interface (AGI) . . . . . . . . . . . . . . .27 Asterisk Manager API . . . . . . . . . . . . . . . . . . . . . . . .27 Dial Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Numbering Plans . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Choosing a Numbering Scale for Your Private Numbering Plan . . . . . . . . . . .31 Extensions Based on DID . . . . . . . . . . . . . . . . . . . . .33 Dialing Plan and Asterisk PBX . . . . . . . . . . . . . . . . .34 Billing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35 Billing Accounting with Asterisk PBX System . . . . . .35 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38 xv xvi Contents Time-of-Day Routing . . . . . . . . . . . . . . . . . . . . . . .39 Day-of-Week Routing . . . . . . . . . . . . . . . . . . . . . . .39 Source Number Routing . . . . . . . . . . . . . . . . . . . . .39 Cost-Savings Routing . . . . . . . . . . . . . . . . . . . . . . . .39 Disaster Routing . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Skill-Based Routing . . . . . . . . . . . . . . . . . . . . . . . . .40 DUNDi Routing Protocol . . . . . . . . . . . . . . . . . . . .40 Other Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Music on Hold . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 Call Parking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 Call Pickup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 Call Recording . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Conferencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Direct Inward System Access . . . . . . . . . . . . . . . . . . .45 Unattended Transfer (or Blind Transfer) . . . . . . . . . . .46 Attended Transfer (or Consultative Transfer) . . . . . . .46 Consultation Hold . . . . . . . . . . . . . . . . . . . . . . . . . .46 No Answer Call Forwarding . . . . . . . . . . . . . . . . . . .46 Busy Call Forwarding . . . . . . . . . . . . . . . . . . . . . . . .46 Do Not Disturb (DND) . . . . . . . . . . . . . . . . . . . . . .47 Three-Way Calling . . . . . . . . . . . . . . . . . . . . . . . . . .48 Find-Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 Call-Waiting Indication . . . . . . . . . . . . . . . . . . . . . .49 Voice Mail and Asterisk PBX . . . . . . . . . . . . . . . . . . . . . . .49 How Is VoIP Different from Private Telephone Networks? . .51 Circuit-Switched and Packet-Routed Networks Compared . . . . . . . . . . . . . . .51 What Functionality Is Gained, Degraded, or Enhanced on VoIP Networks? . . . . . . . . . . . .52 Gained Functionality . . . . . . . . . . . . . . . . . . . . . . . .52 Degraded Functionality . . . . . . . . . . . . . . . . . . . . . .54 Enhanced Functionality . . . . . . . . . . . . . . . . . . . . . .55 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .58 Contents Chapter 3 The Hardware Infrastructure . . . . . . . . . . . . 59 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Traditional PBX Systems . . . . . . . . . . . . . . . . . . . . . . . . . . .61 PBX Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 PBX Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64 PBX Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65 PBX Adjunct Servers . . . . . . . . . . . . . . . . . . . . . . . . . . .68 Voice Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . .69 Interactive Voice Response Servers . . . . . . . . . . . . . .70 Wireless PBX Solutions . . . . . . . . . . . . . . . . . . . . . . . . .71 Other PBX Solutions . . . . . . . . . . . . . . . . . . . . . . . . . .71 PBX Alternatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71 VoIP Telephony and Infrastructure . . . . . . . . . . . . . . . . . . . .72 Media Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72 Interactive Media Service: Media Servers . . . . . . . . . .73 Call or Resource Control: Media Servers . . . . . . . . . .73 Media Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . .75 Firewalls and Application-Layer Gateways . . . . . . . . .75 Application Proxies . . . . . . . . . . . . . . . . . . . . . . . . . .76 Endpoints (User Agents) . . . . . . . . . . . . . . . . . . . . . .76 IP Switches and Routers . . . . . . . . . . . . . . . . . . . . . . . .80 Wireless Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . .80 Wireless Encryption: WEP . . . . . . . . . . . . . . . . . . . .80 Wireless Encryption: WPA2 . . . . . . . . . . . . . . . . . . .81 Authentication: 802.1x . . . . . . . . . . . . . . . . . . . . . . .82 Power-Supply Infrastructure . . . . . . . . . . . . . . . . . . . . .83 Power-over-Ethernet (IEEE 802.3af ) . . . . . . . . . . . .84 UPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84 Energy and Heat Budget Considerations . . . . . . . . . .85 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .88 Chapter 4 PSTN Architecture . . . . . . . . . . . . . . . . . . . . . 91 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92 PSTN: What Is It, and How Does It Work? . . . . . . . . . . . . .92 PSTN: Outside Plant . . . . . . . . . . . . . . . . . . . . . . . . . .93 xvii xviii Contents PSTN: Signal Transmission . . . . . . . . . . . . . . . . . . . . . .95 T1 Transmission: Digital Time Division Multiplexing 96 PSTN: Switching and Signaling . . . . . . . . . . . . . . . . . .102 The Intelligent Network (IN), Private Integrated Services, ISDN, and QSIG . . . . . .105 ITU-T Signaling System Number 7 (SS7) . . . . . . . .106 PSTN: Operational and Regulatory Issues . . . . . . . . . .110 PSTN Call Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111 PSTN Protocol Security . . . . . . . . . . . . . . . . . . . . . . . . .114 SS7 and Other ITU-T Signaling Security . . . . . . . . . . .114 ISUP and QSIG Security . . . . . . . . . . . . . . . . . . . .117 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .120 Chapter 5 H.323 Architecture . . . . . . . . . . . . . . . . . . . 123 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124 The H.323 Protocol Specification . . . . . . . . . . . . . . . . . .124 The Primary H.323 VoIP-Related Protocols . . . . . . . . . . .126 H.225/Q.931 Call Signaling . . . . . . . . . . . . . . . . . . . .129 H.245 Call Control Messages . . . . . . . . . . . . . . . . . . . .134 Real-Time Transport Protocol . . . . . . . . . . . . . . . . . . .136 H.235 Security Mechanisms . . . . . . . . . . . . . . . . . . . . . . .137 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .143 Chapter 6 SIP Architecture. . . . . . . . . . . . . . . . . . . . . . 145 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146 Understanding SIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146 Overview of SIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147 RFC 2543 / RFC 3261 . . . . . . . . . . . . . . . . . . . . .148 SIP and Mbone . . . . . . . . . . . . . . . . . . . . . . . . . . .149 OSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149 SIP Functions and Features . . . . . . . . . . . . . . . . . . . . . . . .152 User Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152 User Availability . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Contents User Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Session Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Session Management . . . . . . . . . . . . . . . . . . . . . . . .153 SIP URIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154 SIP Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154 SIP Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155 User Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155 SIP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155 Stateful versus Stateless . . . . . . . . . . . . . . . . . . . . . .157 Location Service . . . . . . . . . . . . . . . . . . . . . . . . . . .157 Client/Server versus Peer-to-Peer Architecture . . . . . . .158 Client/Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158 Peer to Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159 SIP Requests and Responses . . . . . . . . . . . . . . . . . . . .159 Protocols Used with SIP . . . . . . . . . . . . . . . . . . . . . . .162 UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162 Transport Layer Security . . . . . . . . . . . . . . . . . . . . .164 Other Protocols Used by SIP . . . . . . . . . . . . . . . . .165 Understanding SIP’s Architecture . . . . . . . . . . . . . . . . .168 SIP Registration . . . . . . . . . . . . . . . . . . . . . . . . . . .169 Requests through Proxy Servers . . . . . . . . . . . . . . .169 Requests through Redirect Servers . . . . . . . . . . . . .170 Peer to Peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171 Instant Messaging and SIMPLE . . . . . . . . . . . . . . . . . . . . .172 Instant Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . .172 SIMPLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .180 Chapter 7 Other VoIP Communication Architectures . 183 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184 Skype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185 Skype Protocol Design . . . . . . . . . . . . . . . . . . . . . . . .186 Skype Messaging Sequence . . . . . . . . . . . . . . . . . . . . . . . .186 Skype Protocol Security . . . . . . . . . . . . . . . . . . . . . . .189 xix xx Contents H.248 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 H.248 Protocol Design . . . . . . . . . . . . . . . . . . . . . . . .191 H.248 Messaging Sequence . . . . . . . . . . . . . . . . . . . . . . . .193 H.248 Protocol Security . . . . . . . . . . . . . . . . . . . . . . .194 IAX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195 IAX Protocol Design . . . . . . . . . . . . . . . . . . . . . . . . . .195 IAX Messaging Sequence . . . . . . . . . . . . . . . . . . . . . . . . .195 IAX Protocol Security . . . . . . . . . . . . . . . . . . . . . . . . .197 Microsoft Live Communication Server 2005 . . . . . . . . . . .197 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199 MLCS Protocol Design . . . . . . . . . . . . . . . . . . . . . . . .199 MLCS Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202 Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .203 Chapter 8 Support Protocols . . . . . . . . . . . . . . . . . . . . 205 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206 DNS Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . .207 Fully Qualified Domain Name (FQDN) . . . . . . . . .208 DNS Client Operation . . . . . . . . . . . . . . . . . . . . . .209 DNS Server Operation . . . . . . . . . . . . . . . . . . . . . .211 Security Implications for DNS . . . . . . . . . . . . . . . . . . .212 TFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .212 TFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213 TFTP File Transfer Operation . . . . . . . . . . . . . . . . .214 Security Implications for TFTP . . . . . . . . . . . . . . . . . .215 HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216 HTTP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216 HTTP Client Request . . . . . . . . . . . . . . . . . . . . . .217 HTTP Server Response . . . . . . . . . . . . . . . . . . . . .217 Security Implications for HTTP . . . . . . . . . . . . . . . . .218 SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219 SNMP Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . .219 SNMP Operation . . . . . . . . . . . . . . . . . . . . . . . . . .220