SpeechTEK 2009 Securing Cloud Telephony
•
2 gostaram•505 visualizações
In this talk at SpeechTEK 2009 in New York City, Dan York, discussed: As voice and self-service applications move increasingly into the cloud and to IP communications, what do you need to be concerned about with regard to the security of hosted solutions? If you grow to trust the cloud, how can you be sure it will be there for you? What protections can you put in place? What backup plans can you establish? What questions should you ask potential hosted/cloud vendors? In this session, security professional Dan York will walk you through the basic risk areas of voice-over-IP security, explain how those relate to both hosted and hybrid configurations and leave you with a concrete list of questions to consider in considering hosted/cloud options.
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (8)
Semelhante a SpeechTEK 2009 Securing Cloud Telephony
Semelhante a SpeechTEK 2009 Securing Cloud Telephony (20)
Mais de Voxeo Corp
Mais de Voxeo Corp (20)
Último
Último (20)
SpeechTEK 2009 Securing Cloud Telephony
- 1. SpeechTEK 2009 Securing Cloud Telephony Dan York, CISSP Director of Conversations, Voxeo Best Practices Chair, VoIP Security Alliance (VOIPSA) dyork@voxeo.com
- 3. Security concerns in telephony are not new… Image courtesy of the Computer History Museum
- 4. Nor are our attempts to protect against threats… Image courtesy of Mike Sandman – http://www.sandman.com/
- 5. Privacy Availability Compliance Confidence Mobility Cost Avoidance Business Continuity
- 10. TDM security is relatively simple... PSTN Gateways TDM IVR Switch Physical Voicemail Wiring
- 11. VoIP security is more complex Operating Desktop PSTN E-mail Systems PCs Gateways Systems Network Web Firewalls Switches Servers Standards Voice over IVR Wireless Instant IP Devices Messaging Directories Internet Databases Physical Voicemail Wiring
- 12. Confidentiality Integrity Availability
- 13. Voice Application Diagram HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 14. Voice Transport HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 15. Voice Transport Voice Phone Browser PSTN (on svr) Voice Phone PBX Browser PSTN TDM (on svr) Voice Phone IP-PBX Browser PSTN SIP (on svr) SIP Voice Phone Service Browser PSTN Internet/WAN Provider (on svr) SIP Voice Phone Browser Internet/WAN (on svr) SIP
- 16. Voice Transport - SIP Voice Phone Browser PSTN (on svr) Voice Phone PBX Browser PSTN TDM (on svr) Voice Phone IP-PBX Browser PSTN SIP (on svr) SIP Voice Phone Service Browser PSTN Internet/WAN Provider (on svr) SIP Voice Phone Browser Internet/WAN (on svr) SIP
- 17. Voice Authentication HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ??? Who are you talking to?
- 18. Voice Biometrics Voice Auth Biometrics Svr HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 19. Web Transport HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 20. App/DB Server Transport HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 21. Server Security HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 22. Management Interfaces HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 23. APIs HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 24. Local Storage / Logging HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 25. Call Recording HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 26. Web Interaction - Authentication Web Svr HTTP Voice App/DB Web Phone Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 27. Web Interaction - XSS/Injection Web Input validation? Svr HTTP Voice App/DB Web Phone Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 28. External Interaction HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets ? Java XML ??? App/DB Svr
- 29. Moving Into The Cloud
- 30. Location - Single network/server HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 31. Location - Distributed HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML
- 32. Location - Distributed HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML
- 33. Location - Into the cloud HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or PHP perl python CCXML ruby servlets Java XML ???
- 34. Location - Distributed/Cloud HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML
- 35. Location - Distributed/Cloud HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML
- 36. Location - Hybrid HTTP Voice App/DB Web Phone Audio Browser ? (on svr) Svr Svr VoiceXML or CCXML HTTP Voice App/DB Web Browser ? (on svr) Svr Svr VoiceXML or CCXML
- 37. Can You Trust The Cloud To Be There?
- 38. Location/network questions • What level of network connectivity do you have available? • What kind of availability guarantees / Service Level Agreements (SLAs) do you have in place? • What kind of geographic redundancy is built into your underlying network? • What kind of network redundancy is built into your underlying network? • What kind of physical redundancy is built into your data centers? • What kind of monitoring do you perform? • What kind of scalability is in the cloud computing platform? • What kind of security, both network and physical, is part of the platform? • What kind of security policies and procedures are in place? • What kind of patch management plans? • Will firewall traversal be necessary (for instance, for a SIP trunk) and if so, how? • How scalable is the solution? • Do you have appropriately-trained and available staff?
- 39. Distributed Architectures Web App/DB Svr Svr Web App/DB Voice Svr Svr Browser (on svr) Phone Audio App/DB Voice Svr Browser (on svr) MR CP ASR
- 40. Geography
- 41. Confidentiality Integrity Availability
- 42. Thank you! Dan York, CISSP Director of Conversations, Voxeo Best Practices Chair, VoIP Security Alliance (VOIPSA) dyork@voxeo.com