-
While the issue of security played a rather subordinate role in traditional telephony, it is no longer possible to avoid it when integrating into the IP world without being grossly negligent. If you want to adequately protect your VoIP installation, you should be familiar with both the impending dangers and the countermeasures. The course systematically analyzes VoIP attack points and presents the available protective measures at network and application level. The latter are then weighed up against each other on the basis of the different VoIP architectures. Participants will learn how they can ensure appropriate VoIP security in their own future projects.
-
Course Contents
-
- Principle Dangers for VoIP
- Attack on the Media Stream
- Attacks on Signaling
- Attacks on the Devices
- Security Measures in the LAN and WLAN
- Port Security and Authentication According to 802.1X
- Security Measures in the WAN
- Identity under VoIP (SIP Identity)
- Local Authentication and via Proxy Chains
- Problems with Certificates
- SIPS and S/MIME
- SRTP and SRTCP
- Key Management with SDES, ZRTP, DTLS, and MIKEY
- WebRTC
- VoIP and IPSec
- NAT Solutions: STUN, TURN, and ICE
- Firewalls and VoIP
- Session Border Controller
- SIP-Connect 2.0
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
The course is aimed at planners and technicians who are responsible for the design and implementation of VoIP installations.
-
Knowledge Prerequisites
-
Good knowledge of the TCP/IP protocol family and common LAN technologies is required. Participants must be familiar with security concepts such as encryption and authentication. These can be learned, for example, in the course Security in IP networks - recognizing and closing security gaps. In addition, a solid basic knowledge of VoIP is required.
| 1 Fundamentals |
| 1.1 Introduction |
| 1.2 VoIP infrastructure |
| 1.2.1 End devices |
| 1.2.2 VoIP in the enterprise environment |
| 1.2.3 IP Centrex |
| 1.2.4 VoIP for residential customers |
| 1.2.5 SIP Trunking |
| 1.3 VoIP over the Internet |
| 1.4 WebRTC |
| 1.5 Session Initiation Protocol (SIP) |
| 1.5.1 Addressing |
| 1.5.2 Tasks of SIP Proxies |
| 1.5.3 The requests from INVITE to BYE |
| 1.5.4 A session structure in detail |
| 1.5.5 Security relevant fields |
| 1.5.6 The Message Body |
| 1.5.7 Session Description Protocol |
| 2 Attacks on VoIP |
| 2.1 Basic threats to VoIP |
| 2.2 Attacks on confidentiality |
| 2.2.1 Sniffing and Man in the Middle Attacks |
| 2.2.2 Identifying characteristics |
| 2.3 Attacks on integrity |
| 2.3.1 Attack on the media stream |
| 2.3.2 Attack on the signaling |
| 2.4 Attacks on the devices |
| 2.4.1 Denial of Service |
| 2.4.2 Buffer overflow |
| 2.4.3 Trojan horses etc. |
| 2.4.4 Theft of Service |
| 2.4.5 Spam for IP Telephony (SPIT) |
| 2.5 Conclusion |
| 2.6 Objectives of security in VoIP |
| 2.6.1 Confidentiality |
| 2.6.2 Data integrity |
| 2.6.3 Authenticity |
| 2.6.4 Availability |
| 3 Securing connections |
| 3.1 Security basics |
| 3.1.1 Encryption |
| 3.1.2 Certificates |
| 3.1.3 Integrity via hash values |
| 3.2 Special features of VoIP |
| 3.3 Authentication |
| 3.3.1 Initial authentication |
| 3.3.2 Integrity of subsequent packets |
| 3.3.3 Authentication with Pre-Shared Key |
| 3.3.4 Identity with VoIP |
| 3.3.5 Register with authentication |
| 3.3.6 SIP Identity |
| 3.4 Securing the media stream |
| 3.4.1 SRTP and SRTCP packet formats |
| 3.4.2 Encryption for SRTP |
| 3.4.3 Authentication for SRTP |
| 3.4.4 Key management of SRTP |
| 3.4.5 Key management |
| 3.4.6 Key management for signaling |
| 3.4.7 Key management in Session Description Protocol |
| 3.4.8 MIKEY |
| 3.4.9 ZRTP |
| 3.4.10 KMS-based key distribution |
| 3.4.11 DTLS-based key exchange |
| 3.4.12 T.38 and security |
| 3.4.13 MSRP and security |
| 3.5 Securing Signaling |
| 3.5.1 SIP and TLS |
| 3.5.2 S/MIME |
| 3.5.3 SIP and IPsec |
| 3.6 VPN solutions |
| 4 Security measures in the enterprise environment |
| 4.1 VoIP in the LAN |
| 4.1.1 VLANs |
| 4.1.2 The telephone as a switch |
| 4.2 Security measures in the LAN |
| 4.2.1 Voice VLANs |
| 4.2.2 Port security |
| 4.2.3 Authentication with IEEE 802.1X |
| 4.3 Mobile employees |
| 4.4 Commissioning of hardphones |
| 5 VoIP security in the provider network |
| 5.1 Overview of IMS Security architecture |
| 5.1.1 Who with whom in the IMS? |
| 5.1.2 Identities in the IMS |
| 5.1.3 Authentication and Key Agreement: First Choice in the IMS |
| 5.1.4 IMS AKA: The procedure |
| 5.1.5 SIP Digest |
| 5.1.6 NASS-IMS Bundled Authentication (NBA) |
| 5.2 Generic Bootstrapping Architecture |
| 5.3 RCS |
| 5.3.1 Auto Configuration |
| 5.3.2 Registration |
| 5.4 SIP Trunking |
| 5.4.1 Registration Mode |
| 5.4.2 Static Mode |
| 5.4.3 Identity |
| 6 Integration into the security infrastructure |
| 6.1 Session Border Controller |
| 6.1.1 Architecture |
| 6.1.2 SBC in the IP Multimedia Subsystem (IMS) |
| 6.1.3 Enterprise SBC |
| 6.2 VoIP and firewalls |
| 6.2.1 State Tables |
| 6.2.2 Application Layer Gateway |
| 6.3 VoIP and NAT |
| 6.3.1 NAT and VoIP |
| 6.3.2 Hosted NAT (Latching) |
| 6.3.3 STUN |
| 6.3.4 TURN |
| 6.3.5 Interactive Connectivity Establishment (ICE) |
| 6.4 NAT and Early Media |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
While the issue of security played a rather subordinate role in traditional telephony, it is no longer possible to avoid it when integrating into the IP world without being grossly negligent. If you want to adequately protect your VoIP installation, you should be familiar with both the impending dangers and the countermeasures. The course systematically analyzes VoIP attack points and presents the available protective measures at network and application level. The latter are then weighed up against each other on the basis of the different VoIP architectures. Participants will learn how they can ensure appropriate VoIP security in their own future projects.
-
Course Contents
-
- Principle Dangers for VoIP
- Attack on the Media Stream
- Attacks on Signaling
- Attacks on the Devices
- Security Measures in the LAN and WLAN
- Port Security and Authentication According to 802.1X
- Security Measures in the WAN
- Identity under VoIP (SIP Identity)
- Local Authentication and via Proxy Chains
- Problems with Certificates
- SIPS and S/MIME
- SRTP and SRTCP
- Key Management with SDES, ZRTP, DTLS, and MIKEY
- WebRTC
- VoIP and IPSec
- NAT Solutions: STUN, TURN, and ICE
- Firewalls and VoIP
- Session Border Controller
- SIP-Connect 2.0
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
The course is aimed at planners and technicians who are responsible for the design and implementation of VoIP installations.
-
Knowledge Prerequisites
-
Good knowledge of the TCP/IP protocol family and common LAN technologies is required. Participants must be familiar with security concepts such as encryption and authentication. These can be learned, for example, in the course Security in IP networks - recognizing and closing security gaps. In addition, a solid basic knowledge of VoIP is required.
| 1 Fundamentals |
| 1.1 Introduction |
| 1.2 VoIP infrastructure |
| 1.2.1 End devices |
| 1.2.2 VoIP in the enterprise environment |
| 1.2.3 IP Centrex |
| 1.2.4 VoIP for residential customers |
| 1.2.5 SIP Trunking |
| 1.3 VoIP over the Internet |
| 1.4 WebRTC |
| 1.5 Session Initiation Protocol (SIP) |
| 1.5.1 Addressing |
| 1.5.2 Tasks of SIP Proxies |
| 1.5.3 The requests from INVITE to BYE |
| 1.5.4 A session structure in detail |
| 1.5.5 Security relevant fields |
| 1.5.6 The Message Body |
| 1.5.7 Session Description Protocol |
| 2 Attacks on VoIP |
| 2.1 Basic threats to VoIP |
| 2.2 Attacks on confidentiality |
| 2.2.1 Sniffing and Man in the Middle Attacks |
| 2.2.2 Identifying characteristics |
| 2.3 Attacks on integrity |
| 2.3.1 Attack on the media stream |
| 2.3.2 Attack on the signaling |
| 2.4 Attacks on the devices |
| 2.4.1 Denial of Service |
| 2.4.2 Buffer overflow |
| 2.4.3 Trojan horses etc. |
| 2.4.4 Theft of Service |
| 2.4.5 Spam for IP Telephony (SPIT) |
| 2.5 Conclusion |
| 2.6 Objectives of security in VoIP |
| 2.6.1 Confidentiality |
| 2.6.2 Data integrity |
| 2.6.3 Authenticity |
| 2.6.4 Availability |
| 3 Securing connections |
| 3.1 Security basics |
| 3.1.1 Encryption |
| 3.1.2 Certificates |
| 3.1.3 Integrity via hash values |
| 3.2 Special features of VoIP |
| 3.3 Authentication |
| 3.3.1 Initial authentication |
| 3.3.2 Integrity of subsequent packets |
| 3.3.3 Authentication with Pre-Shared Key |
| 3.3.4 Identity with VoIP |
| 3.3.5 Register with authentication |
| 3.3.6 SIP Identity |
| 3.4 Securing the media stream |
| 3.4.1 SRTP and SRTCP packet formats |
| 3.4.2 Encryption for SRTP |
| 3.4.3 Authentication for SRTP |
| 3.4.4 Key management of SRTP |
| 3.4.5 Key management |
| 3.4.6 Key management for signaling |
| 3.4.7 Key management in Session Description Protocol |
| 3.4.8 MIKEY |
| 3.4.9 ZRTP |
| 3.4.10 KMS-based key distribution |
| 3.4.11 DTLS-based key exchange |
| 3.4.12 T.38 and security |
| 3.4.13 MSRP and security |
| 3.5 Securing Signaling |
| 3.5.1 SIP and TLS |
| 3.5.2 S/MIME |
| 3.5.3 SIP and IPsec |
| 3.6 VPN solutions |
| 4 Security measures in the enterprise environment |
| 4.1 VoIP in the LAN |
| 4.1.1 VLANs |
| 4.1.2 The telephone as a switch |
| 4.2 Security measures in the LAN |
| 4.2.1 Voice VLANs |
| 4.2.2 Port security |
| 4.2.3 Authentication with IEEE 802.1X |
| 4.3 Mobile employees |
| 4.4 Commissioning of hardphones |
| 5 VoIP security in the provider network |
| 5.1 Overview of IMS Security architecture |
| 5.1.1 Who with whom in the IMS? |
| 5.1.2 Identities in the IMS |
| 5.1.3 Authentication and Key Agreement: First Choice in the IMS |
| 5.1.4 IMS AKA: The procedure |
| 5.1.5 SIP Digest |
| 5.1.6 NASS-IMS Bundled Authentication (NBA) |
| 5.2 Generic Bootstrapping Architecture |
| 5.3 RCS |
| 5.3.1 Auto Configuration |
| 5.3.2 Registration |
| 5.4 SIP Trunking |
| 5.4.1 Registration Mode |
| 5.4.2 Static Mode |
| 5.4.3 Identity |
| 6 Integration into the security infrastructure |
| 6.1 Session Border Controller |
| 6.1.1 Architecture |
| 6.1.2 SBC in the IP Multimedia Subsystem (IMS) |
| 6.1.3 Enterprise SBC |
| 6.2 VoIP and firewalls |
| 6.2.1 State Tables |
| 6.2.2 Application Layer Gateway |
| 6.3 VoIP and NAT |
| 6.3.1 NAT and VoIP |
| 6.3.2 Hosted NAT (Latching) |
| 6.3.3 STUN |
| 6.3.4 TURN |
| 6.3.5 Interactive Connectivity Establishment (ICE) |
| 6.4 NAT and Early Media |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Classroom Training
Hybrid Training
Trainer language German