-
While the topic of security was of minor significance in traditional telephony, it can no longer be neglected during the integration into the IP world without becoming guilty of gross negligence. Anyone who intends to protect their VoIP installations should be familiar both with the impending threats and the counter-measures. The course systematically analyzes points of attack of VoIP and explains the available protective measures on the network and application layer. The latter are then weighted on the basis of the different VoIP architectures. The students learn how to provide adequate VoIP security in their own future projects.
-
Course Contents
-
- Principle Dangers for VoIP
- Attack on the Media Stream
- Attacks on Signaling
- Attacks on the Devices
- Security Measures in the LAN and WLAN
- Port Security and Authentication According to 802.1X
- Security Measures in the WAN
- Identity under VoIP (SIP Identity)
- Local Authentication and via Proxy Chains
- Problems with Certificates
- SIPS and S/MIME
- SRTP and SRTCP
- Key Management with SDES, ZRTP, DTLS, and MIKEY
- WebRTC
- VoIP and IPSec
- NAT Solutions: STUN, TURN, and ICE
- Firewalls and VoIP
- Session Border Controller
- SIP-Connect 2.0
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
This course addresses designers and technicians responsible for the design and implementation of VoIP installations.
-
Knowledge Prerequisites
-
Profound know-how of the TCP/IP protocol family and common LAN technologies is required. Students should be familiar with security concepts, such as encryption and authentication. These can be imparted, for instance, in the Security Concepts and Technologies – Encryption, Authentication and Data Integrity course. Sound basic knowledge about VoIP is another prerequisite.
| 1 Fundamentals |
| 1.1 Introduction |
| 1.2 VoIP infrastructure |
| 1.2.1 End devices |
| 1.2.2 VoIP in the enterprise environment |
| 1.2.3 IP Centrex |
| 1.2.4 VoIP for residential customers |
| 1.2.5 SIP Trunking |
| 1.3 VoIP over the Internet |
| 1.4 WebRTC |
| 1.5 Session Initiation Protocol (SIP) |
| 1.5.1 Addressing |
| 1.5.2 Tasks of SIP Proxies |
| 1.5.3 The requests from INVITE to BYE |
| 1.5.4 A session structure in detail |
| 1.5.5 Security relevant fields |
| 1.5.6 The Message Body |
| 1.5.7 Session Description Protocol |
| 2 Attacks on VoIP |
| 2.1 Basic threats to VoIP |
| 2.2 Attacks on confidentiality |
| 2.2.1 Sniffing and Man in the Middle Attacks |
| 2.2.2 Identifying characteristics |
| 2.3 Attacks on integrity |
| 2.3.1 Attack on the media stream |
| 2.3.2 Attack on the signaling |
| 2.4 Attacks on the devices |
| 2.4.1 Denial of Service |
| 2.4.2 Buffer overflow |
| 2.4.3 Trojan horses etc. |
| 2.4.4 Theft of Service |
| 2.4.5 Spam for IP Telephony (SPIT) |
| 2.5 Conclusion |
| 2.6 Objectives of security in VoIP |
| 2.6.1 Confidentiality |
| 2.6.2 Data integrity |
| 2.6.3 Authenticity |
| 2.6.4 Availability |
| 3 Securing connections |
| 3.1 Security basics |
| 3.1.1 Encryption |
| 3.1.2 Certificates |
| 3.1.3 Integrity via hash values |
| 3.2 Special features of VoIP |
| 3.3 Authentication |
| 3.3.1 Initial authentication |
| 3.3.2 Integrity of subsequent packets |
| 3.3.3 Authentication with Pre-Shared Key |
| 3.3.4 Identity with VoIP |
| 3.3.5 Register with authentication |
| 3.3.6 SIP Identity |
| 3.4 Securing the media stream |
| 3.4.1 SRTP and SRTCP packet formats |
| 3.4.2 Encryption for SRTP |
| 3.4.3 Authentication for SRTP |
| 3.4.4 Key management of SRTP |
| 3.4.5 Key management |
| 3.4.6 Key management for signaling |
| 3.4.7 Key management in Session Description Protocol |
| 3.4.8 MIKEY |
| 3.4.9 ZRTP |
| 3.4.10 KMS-based key distribution |
| 3.4.11 DTLS-based key exchange |
| 3.4.12 T.38 and security |
| 3.4.13 MSRP and security |
| 3.5 Securing Signaling |
| 3.5.1 SIP and TLS |
| 3.5.2 S/MIME |
| 3.5.3 SIP and IPsec |
| 3.6 VPN solutions |
| 4 Security measures in the enterprise environment |
| 4.1 VoIP in the LAN |
| 4.1.1 VLANs |
| 4.1.2 The telephone as a switch |
| 4.2 Security measures in the LAN |
| 4.2.1 Voice VLANs |
| 4.2.2 Port security |
| 4.2.3 Authentication with IEEE 802.1X |
| 4.3 Mobile employees |
| 4.4 Commissioning of hardphones |
| 5 VoIP security in the provider network |
| 5.1 Overview of IMS Security architecture |
| 5.1.1 Who with whom in the IMS? |
| 5.1.2 Identities in the IMS |
| 5.1.3 Authentication and Key Agreement: First Choice in the IMS |
| 5.1.4 IMS AKA: The procedure |
| 5.1.5 SIP Digest |
| 5.1.6 NASS-IMS Bundled Authentication (NBA) |
| 5.2 Generic Bootstrapping Architecture |
| 5.3 RCS |
| 5.3.1 Auto Configuration |
| 5.3.2 Registration |
| 5.4 SIP Trunking |
| 5.4.1 Registration Mode |
| 5.4.2 Static Mode |
| 5.4.3 Identity |
| 6 Integration into the security infrastructure |
| 6.1 Session Border Controller |
| 6.1.1 Architecture |
| 6.1.2 SBC in the IP Multimedia Subsystem (IMS) |
| 6.1.3 Enterprise SBC |
| 6.2 VoIP and firewalls |
| 6.2.1 State Tables |
| 6.2.2 Application Layer Gateway |
| 6.3 VoIP and NAT |
| 6.3.1 NAT and VoIP |
| 6.3.2 Hosted NAT (Latching) |
| 6.3.3 STUN |
| 6.3.4 TURN |
| 6.3.5 Interactive Connectivity Establishment (ICE) |
| 6.4 NAT and Early Media |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.-
While the topic of security was of minor significance in traditional telephony, it can no longer be neglected during the integration into the IP world without becoming guilty of gross negligence. Anyone who intends to protect their VoIP installations should be familiar both with the impending threats and the counter-measures. The course systematically analyzes points of attack of VoIP and explains the available protective measures on the network and application layer. The latter are then weighted on the basis of the different VoIP architectures. The students learn how to provide adequate VoIP security in their own future projects.
-
Course Contents
-
- Principle Dangers for VoIP
- Attack on the Media Stream
- Attacks on Signaling
- Attacks on the Devices
- Security Measures in the LAN and WLAN
- Port Security and Authentication According to 802.1X
- Security Measures in the WAN
- Identity under VoIP (SIP Identity)
- Local Authentication and via Proxy Chains
- Problems with Certificates
- SIPS and S/MIME
- SRTP and SRTCP
- Key Management with SDES, ZRTP, DTLS, and MIKEY
- WebRTC
- VoIP and IPSec
- NAT Solutions: STUN, TURN, and ICE
- Firewalls and VoIP
- Session Border Controller
- SIP-Connect 2.0
You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.
-
Target Group
-
This course addresses designers and technicians responsible for the design and implementation of VoIP installations.
-
Knowledge Prerequisites
-
Profound know-how of the TCP/IP protocol family and common LAN technologies is required. Students should be familiar with security concepts, such as encryption and authentication. These can be imparted, for instance, in the Security Concepts and Technologies – Encryption, Authentication and Data Integrity course. Sound basic knowledge about VoIP is another prerequisite.
| 1 Fundamentals |
| 1.1 Introduction |
| 1.2 VoIP infrastructure |
| 1.2.1 End devices |
| 1.2.2 VoIP in the enterprise environment |
| 1.2.3 IP Centrex |
| 1.2.4 VoIP for residential customers |
| 1.2.5 SIP Trunking |
| 1.3 VoIP over the Internet |
| 1.4 WebRTC |
| 1.5 Session Initiation Protocol (SIP) |
| 1.5.1 Addressing |
| 1.5.2 Tasks of SIP Proxies |
| 1.5.3 The requests from INVITE to BYE |
| 1.5.4 A session structure in detail |
| 1.5.5 Security relevant fields |
| 1.5.6 The Message Body |
| 1.5.7 Session Description Protocol |
| 2 Attacks on VoIP |
| 2.1 Basic threats to VoIP |
| 2.2 Attacks on confidentiality |
| 2.2.1 Sniffing and Man in the Middle Attacks |
| 2.2.2 Identifying characteristics |
| 2.3 Attacks on integrity |
| 2.3.1 Attack on the media stream |
| 2.3.2 Attack on the signaling |
| 2.4 Attacks on the devices |
| 2.4.1 Denial of Service |
| 2.4.2 Buffer overflow |
| 2.4.3 Trojan horses etc. |
| 2.4.4 Theft of Service |
| 2.4.5 Spam for IP Telephony (SPIT) |
| 2.5 Conclusion |
| 2.6 Objectives of security in VoIP |
| 2.6.1 Confidentiality |
| 2.6.2 Data integrity |
| 2.6.3 Authenticity |
| 2.6.4 Availability |
| 3 Securing connections |
| 3.1 Security basics |
| 3.1.1 Encryption |
| 3.1.2 Certificates |
| 3.1.3 Integrity via hash values |
| 3.2 Special features of VoIP |
| 3.3 Authentication |
| 3.3.1 Initial authentication |
| 3.3.2 Integrity of subsequent packets |
| 3.3.3 Authentication with Pre-Shared Key |
| 3.3.4 Identity with VoIP |
| 3.3.5 Register with authentication |
| 3.3.6 SIP Identity |
| 3.4 Securing the media stream |
| 3.4.1 SRTP and SRTCP packet formats |
| 3.4.2 Encryption for SRTP |
| 3.4.3 Authentication for SRTP |
| 3.4.4 Key management of SRTP |
| 3.4.5 Key management |
| 3.4.6 Key management for signaling |
| 3.4.7 Key management in Session Description Protocol |
| 3.4.8 MIKEY |
| 3.4.9 ZRTP |
| 3.4.10 KMS-based key distribution |
| 3.4.11 DTLS-based key exchange |
| 3.4.12 T.38 and security |
| 3.4.13 MSRP and security |
| 3.5 Securing Signaling |
| 3.5.1 SIP and TLS |
| 3.5.2 S/MIME |
| 3.5.3 SIP and IPsec |
| 3.6 VPN solutions |
| 4 Security measures in the enterprise environment |
| 4.1 VoIP in the LAN |
| 4.1.1 VLANs |
| 4.1.2 The telephone as a switch |
| 4.2 Security measures in the LAN |
| 4.2.1 Voice VLANs |
| 4.2.2 Port security |
| 4.2.3 Authentication with IEEE 802.1X |
| 4.3 Mobile employees |
| 4.4 Commissioning of hardphones |
| 5 VoIP security in the provider network |
| 5.1 Overview of IMS Security architecture |
| 5.1.1 Who with whom in the IMS? |
| 5.1.2 Identities in the IMS |
| 5.1.3 Authentication and Key Agreement: First Choice in the IMS |
| 5.1.4 IMS AKA: The procedure |
| 5.1.5 SIP Digest |
| 5.1.6 NASS-IMS Bundled Authentication (NBA) |
| 5.2 Generic Bootstrapping Architecture |
| 5.3 RCS |
| 5.3.1 Auto Configuration |
| 5.3.2 Registration |
| 5.4 SIP Trunking |
| 5.4.1 Registration Mode |
| 5.4.2 Static Mode |
| 5.4.3 Identity |
| 6 Integration into the security infrastructure |
| 6.1 Session Border Controller |
| 6.1.1 Architecture |
| 6.1.2 SBC in the IP Multimedia Subsystem (IMS) |
| 6.1.3 Enterprise SBC |
| 6.2 VoIP and firewalls |
| 6.2.1 State Tables |
| 6.2.2 Application Layer Gateway |
| 6.3 VoIP and NAT |
| 6.3.1 NAT and VoIP |
| 6.3.2 Hosted NAT (Latching) |
| 6.3.3 STUN |
| 6.3.4 TURN |
| 6.3.5 Interactive Connectivity Establishment (ICE) |
| 6.4 NAT and Early Media |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Hybrid Training
Trainer language German