SlideShare uma empresa Scribd logo

Alessio Pennasilico VoIP security

CRS4 Research Center in Sardinia
CRS4 Research Center in Sardinia

Alessio Pennasilico @ CRS4 Colloquia 13_06-2011

Tecnologia
1 de 99
Baixar para ler offline
! VoIP (in)Security All your bases belong to us Alessio L.R. Pennasilico Phone/Fax +39 045 8271222 mayhem@alba.st Verona, Milano, Roma twitter: mayhemspp http://www.alba.st/ FaceBook: alessio.pennasilico Cagliari, 13 Giugno 2011
$ whois mayhem Security Evangelist @ Board of Directors: CLUSIT, ISSA Italian Chapter, Italian Linux Society, OpenBSD Italian User Group, Metro Olografix, Sikurezza.org, Spippolatori Hacker Club Hacker’s Profiling Project, CrISTAL, Recursiva.org Alessio L.R. Pennasilico 2
IT Security... Un inutile impedimento che rallenta le comuni operazioni e danneggia il business? Alessio L.R. Pennasilico 3
IT Security... O prevenzione e risposta ad eventi che danneggerebbero il business in modo peggiore? Alessio L.R. Pennasilico 4
Evoluzione La tecnologia si evolve… … e con essa anche le minacce! Alessio L.R. Pennasilico 5
Video: I signori della truffa Alessio L.R. Pennasilico 6
Alessio L.R. Pennasilico 6
How do I feel today? http://www.alba.st/
mayhem I’m worried Alessio L.R. Pennasilico 8
VoIP explosion “Mobile VoIP Users to Nearly 139 Million by 2014 Says In-Stat” Alessio L.R. Pennasilico 9
Telecom news Alessio L.R. Pennasilico 10
CALEA laws Alessio L.R. Pennasilico 11
Spyware economic interests Alessio L.R. Pennasilico 12
mayhem everyone wants to know something about me Alessio L.R. Pennasilico 13
mayhem it’s none of your business (KL) Alessio L.R. Pennasilico 14
History "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." Benjamin Franklin, 1759 Alessio L.R. Pennasilico 15
http://www.alba.st/ Phones
Phones eavesdropping Alessio L.R. Pennasilico 17
Phones It’s possible to listen to others’ conversations from another shared line phone. Alessio L.R. Pennasilico 18
Phones It’s possible to connect a specific eavesdropping device to the phone line with a crocodile clips Alessio L.R. Pennasilico 19
Phones It’s possible to eavesdrop from the central PBX or from ISP switches. Alessio L.R. Pennasilico 20
Phones It’s possible to eavesdrop from trunks with advanced technologies. Alessio L.R. Pennasilico 21
http://www.alba.st/ You want VoIP!
Deployment Faster, easier and cheaper to deploy over national IP network infrastructure Alessio L.R. Pennasilico 23
Services Native advanced services for every user Fax2Mail,VoiceMail, IVR, text2speech Alessio L.R. Pennasilico 24
Tools Plenty of OpenSource Projects full functionals and very mature user, business and carrier oriented Asterisk, FreeSwitch, OpenSER, OpenSBC Alessio L.R. Pennasilico 25
Standards Using standard protocols it’s truly interoperable SIP, H.323, IAX Alessio L.R. Pennasilico 26
Integration The PBX or the VoIP client can interact with other applications and use centralized data billing, E.164,CRM integration Alessio L.R. Pennasilico 27
Question but what about security? Alessio L.R. Pennasilico 28
All your VoIP belongs to us :) http://www.alba.st/
Traditional Telephony “I do it for one reason and one reason only. I'm learning about a system. The phone company is a System. A computer is a System, do you understand? If I do what I do, it is only to explore a system. Computers, systems, that's my bag. The phone company is nothing but a computer.” Captain Crunch, “Secrets of the Little Blue Box“, 1971 (slide from Hacker's Profile Project, http://hpp.recursiva.org) Alessio L.R. Pennasilico 30
Eavesdropping “Unknowns tapped the mobile phones of about 100 Greek politicians and offices, including the U.S. embassy in Athens and the Greek prime minister.” Bruce Schneier, his blog, 22nd June 2006 Greek wiretapping scandal Alessio L.R. Pennasilico 31
First attacks ... “A brute-force password attack was launched against a SIP-based PBX in what appeared to be an attempt to guess passwords. Queries were coming in about 10 per second. Extension/ identities were incrementing during each attempt, and it appeared that a full range of extensions were cycled over and over with the new password. The User-Agent: string was almost certainly falsified.” John Todd on VoIPSA mailinglist, May 24th 2006 Alessio L.R. Pennasilico 32
Frauds “Edwin Andreas Pena, a 23 year old Miami resident, was arrested by the Federal government: he was involved in a scheme to sell discounted Internet phone service by breaking into other Internet phone providers and routing connections through their networks.” The New York Times, June 7th 2006 Alessio L.R. Pennasilico 33
Robert Moore Alessio L.R. Pennasilico 34
Robert Moore “I'd say 85% of them were misconfigured routers. They had the default passwords on them: you would not believe the number of routers that had 'admin' or 'Cisco0' as passwords on them”. Alessio L.R. Pennasilico 34
Robert Moore "It's so easy a caveman can do it!" “I'd say 85% of them were misconfigured routers. They had the default passwords on them: you would not believe the number of routers that had 'admin' or 'Cisco0' as passwords on them”. Alessio L.R. Pennasilico 34
VoIP Risks Telephones had always been seen as secure, because they use proprietary hardware, proprietary protocols, and are disconnected from the other devices. Alessio L.R. Pennasilico 35
VoIP Risks Telephones had always been seen as secure, because they use proprietary hardware, proprietary protocols, and are disconnected from the other devices. VoIP multiply traditional telephony risks for IP network risks. Alessio L.R. Pennasilico 35
ISDN2SIP Alessio L.R. Pennasilico 36
Protect us! End user has no way to protect himself: he has to adhere to its carrier configuration. Providers and companies implementing a VoIP infrastructure should take care of their customers’ security and privacy. Alessio L.R. Pennasilico 37
SPIT SPAM over Internet Telephony will become an emergency. Low cost of VoIP calls, widespreading of human and tech resources, use of recorded messages, high revenues even on low purchases make SPIT an attractive business. Alessio L.R. Pennasilico 38
Vishing Voice Phishing is a typical fraud against end users, available thanks to VoIP characteristics. Cheapness of this technology permit to deploy this attack on a large scale, integrating some “old style” attacks (e.g. wardialing, caller id spoofing). This fraud is based on user’s trust in “telephone device” and trust in caller identity. Alessio L.R. Pennasilico 39
Risks Denial of Service (DoS), eavesdropping, identity theft, toll fraud,Vishing, SPIT are real risks. There are dozens of free, OpenSource, downloadable tools that are specific to test/attack VoIP protocols and devices. Alessio L.R. Pennasilico 40
Risks Denial of Service (DoS), eavesdropping, identity theft, toll fraud,Vishing, SPIT are real risks. There are dozens of free, OpenSource, downloadable tools that are specific to test/attack VoIP protocols and devices. We can use them to secure our infrastructure! Alessio L.R. Pennasilico 40
How does a phone call works? http://www.alba.st/
Boot sequence • Boot • Retrieve Conf • Registration • Signaling • RTP Alessio L.R. Pennasilico 42
Power up the phone ... Alessio L.R. Pennasilico 43
Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: Alessio L.R. Pennasilico 43
Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server Alessio L.R. Pennasilico 43
Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server • DHCP furnishes the TFTP server address to the phone Alessio L.R. Pennasilico 43
Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server • DHCP furnishes the TFTP server address to the phone • Phones download the firmware from the TFTP server Alessio L.R. Pennasilico 43
Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server • DHCP furnishes the TFTP server address to the phone • Phones download the firmware from the TFTP server • Phones download configuration from the TFTP server Alessio L.R. Pennasilico 43
Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server • DHCP furnishes the TFTP server address to the phone • Phones download the firmware from the TFTP server • Phones download configuration from the TFTP server • Phones authenticate on the VoIP server Alessio L.R. Pennasilico 43
...and start a call. When bootstrap is complete the phone exchanges some information with the server, to describe its status and inform the VoIP PBX about calls status (signaling). When a call is answered a new traffic flow of UDP packets starts, carrying our voice. This is called RTP and can be established between end points or between each SIP-UA and its server. Alessio L.R. Pennasilico 44
What can I do? :) DHCP Spoofing -> TFTP redirect TFTP Spoofing -> OS substitution TFTP Queries -> obtain configurations Password Sniffing PBX Spoofing -> negotiate auth RTP Traffic in clear Alessio L.R. Pennasilico 45
Hardening tips & triks http://www.alba.st/
VLAN Alessio L.R. Pennasilico 47
VLAN Packets mac mac Dati src dst T mac mac A Dati src dst G Alessio L.R. Pennasilico 48
Configure the phone Alessio L.R. Pennasilico 49
Configure the switch Alessio L.R. Pennasilico 50
Inter-VLAN routing You need at least a L3 device Can be a Firewall with ACL A VoIP protocols aware firewall is much more effective Alessio L.R. Pennasilico 51
AAA Authentication Authorization Accounting Do you have all 3 A ? Alessio L.R. Pennasilico 52
Encrypting VPN? Signaling -> TLS RTP -> SRTP PKI? Lawful interception? Alessio L.R. Pennasilico 53
Periodic PenTests Is your infrastructure secure today? If yes, will still be secure in 6 months? Alessio L.R. Pennasilico 54
http://www.alba.st/ Other advices...
mis-configuration 0039081XXXXXXX “Press 1 for commercial office, 2 for sales dept, 3 to access the search menu, 9 to talk with an operator” 3 0 0456152498 “Alba S.T. buon giorno, come posso esserle utile?” Alessio L.R. Pennasilico 56
“clever” devices Many network devices supports security feature to mitigate known attacks: ✓ gratuitous ARP block ✓ DHCP snooping ✓ flood detection ✓ QoS support ✓ … Alessio L.R. Pennasilico 57
Power over Ethernet Is you switch under an UPS? How long is your UPS able to stand on-battery powering phones? Alessio L.R. Pennasilico 58
Quality of Service Security feature? Can preserve the VoIP traffic from being delayed / dropped ...needed... Alessio L.R. Pennasilico 59
Redudancy Is it a security feature, or just about business continuity? Don’t know, but you need it :) Alessio L.R. Pennasilico 60
Training Security is unsuccessfully if you do not teach people what to do, how to use the new technology you give them, the importance of data they’re managing. Alessio L.R. Pennasilico 61
Tools to test your infrastructures... http://www.alba.st/
Ettercap The Man in the Middle attack suite. Multiplatform, usable from console or in a window manager. Ettercap allows to perform all typical layer 2 tests to understand how vulnerable our switched network is if not correctly protected. Keywords: arp spoofing, arp poisoning, hijacking, sniffing, decoding, dns spoofing, dos, flood. http://ettercap.sourceforge.net/ Alessio L.R. Pennasilico 63
Ettercap (2) Alessio L.R. Pennasilico 64
Vomit Voice Over Misconfigured Internet Telephones, from a standard tcpdump log trace, can create a wave file with the audio conversation intercepted on the monitored network. It supports MGCP protocol with G.711 codec and works only on Linux. ./vomit -r elisa.dump | waveplay -S 8000 -B 16 -C 1 Alessio L.R. Pennasilico 65
Wireshark Multiplatform Sniffer, with a lot of decoders that allows to manage the intercepted traffic. Wireshark can identify and decode both signaling and RTP traffic and shows all information needed for a successive analysis. http://www.wireshark.org/ Alessio L.R. Pennasilico 66
Wireshark (2) Alessio L.R. Pennasilico 67
Oreka Available for Windows and Linux, supports Cisco Call Manager, Lucent APX8000, Avaya, S8500, Siemens HiPath,VocalData, Sylantro and Asterisk SIP channel protocols. Eavesdrops and records RTP part of phone calls. Simple, intuitive, accessible through a web interface, based on a MySQL database. http://oreka.sourceforge.net/ Alessio L.R. Pennasilico 68
Ohrwurm “Ear worm” is an RTP fuzzer. It sends a large amount of requests, with different combinations of parameters, some correct and some with few or no sense, to interprete the answers and identify anomalies.. Anomalies are often the launchpad to discover a bug or some implementation defect. http://mazzoo.de/blog/2006/08/25#ohrwurm Alessio L.R. Pennasilico 69
SipSak SIP Swiss Army Knife permits to interact with any SIP device, forging ad-hoc SIP traffic to gather information on its target features and behaviour. http://sipsak.org/ Alessio L.R. Pennasilico 70
Smap By merging nmap and SipSak, this project realizes a new specific tool, a program able to detect all SIP devices in the network and produce a report for each one. This will permit us to obtain a map of VoIP devices, with their features, brand and model. http://www.wormulon.net/index.php?/archives/1125-smap-released.html Alessio L.R. Pennasilico 71
SiVus It’s a SIP security scanner: it verifies characteristics of scan targets and compares them against a database of known misconfigurations or bugs. This database is increasing in a very impressive way … http://www.vopsecurity.org/html/tools.html Alessio L.R. Pennasilico 72
SipVicious SIPVicious is an integrated suite that allows to scan, enumerate, and crack SIP accounts. svmap - this is a sip scanner. Lists SIP devices found on an IP range svwar - identifies active extensions on a PBX svcrack - an online password cracker for SIP PBX svreport - manages sessions and exports reports to various formats Alessio L.R. Pennasilico 73
Scan mayhem$ python svmap.py 192.168.99.0/24 | SIP Device | User Agent | ------------------------------------- | 192.168.99.13:5060 | Asterisk PBX | Alessio L.R. Pennasilico 74
Enumerate mayhem$ python svwar.py -e 100-200 192.168.99.13 | Extension | Authentication | ------------------------------ | 120 | reqauth | | 111 | reqauth | | 125 | noauth | Alessio L.R. Pennasilico 75
Brute Force mayhem$ python svcrack.py -n -u 111 -r 1000-9999 192.168.99.13 | Extension | Password | ------------------------ | 111 | 1234 | mayhem$ python svcrack.py -n -u 120 -r 1000-9999 192.168.99.13 | Extension | Password | ------------------------ | 120 | 1357 | Alessio L.R. Pennasilico 76
Other tools Packet Gen & Packet Scan RTP Flooder Shoot Invite flooder Sipness RTP injector Sipshare Sipscan Sip scenario reg. hijacker eraser/adder Siptest harness Fuzzy Packet Sipv6analyzer Iax Flooder Winsip Call Generator Cain & Abel Sipsim SipKill Mediapro SFTF Netdude VoIPong SipBomber SipP Alessio L.R. Pennasilico 77
http://www.alba.st/ Conclusions
Conclusions ✓ Pay attention to risk analysis and planning! ✓ Divide in multiple VLAN ✓ Implement QoS ✓ Be extremely careful in AAA ✓ Use cryptography! (TLS, SRTP) ✓ Use “clever” devices (can mitigate mitm, garp, spoofing, flooding and other known attacks) ✓ Application level Firewall ✓ Avoid single point of failure ✓ Periodic security test Alessio L.R. Pennasilico 79
Bibliography http://www.voipsa.org http://www.voip-info.org http://misitano.com/pubs/voip-ictsec.pdf http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58.zip http://www.nytimes.com/2006/06/08/technology/08voice.html http://www.schneier.com/blog/ http://www.cloudmark.com/press/releases/?release=2006-04-25-2 http://www.usdoj.gov/usao/nj/press/files/pdffiles/penacomplaint.pdf http://www.usdoj.gov/usao/pae/News/Pr/2005/feb/Moore.pdf Scholz - Attacking VoIP Networks Alessio L.R. Pennasilico 80
VoIP explosion “Mobile VoIP Users to Nearly 139 Million by 2014 Says In-Stat” Alessio L.R. Pennasilico 81
Conclusioni VoIP can be secure Alessio L.R. Pennasilico 82
Conclusioni more secure than traditional telephony Alessio L.R. Pennasilico 83
Conclusioni it depends on us Alessio L.R. Pennasilico 84
! These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike-2.5 version; you can copy, modify, or sell them. “Please” cite your source and use the same licence :) Alessio L.R. Pennasilico Phone/Fax +39 045 8271222 mayhem@alba.st Verona, Milano, Roma twitter: mayhemspp http://www.alba.st/ FaceBook: alessio.pennasilico Cagliari, 13 Giugno 2011
! Domande? These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike-2.5 version; you can copy, modify, or sell them. “Please” cite your source and use the same licence :) Alessio L.R. Pennasilico Phone/Fax +39 045 8271222 mayhem@alba.st Verona, Milano, Roma twitter: mayhemspp http://www.alba.st/ FaceBook: alessio.pennasilico Cagliari, 13 Giugno 2011
! These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike-2.5 Grazie dell’attenzione! version; you can copy, modify, or sell them. “Please” cite your source and use the same licence :) Alessio L.R. Pennasilico Phone/Fax +39 045 8271222 mayhem@alba.st Verona, Milano, Roma twitter: mayhemspp http://www.alba.st/ FaceBook: alessio.pennasilico Cagliari, 13 Giugno 2011
Quote del Video Il nostro mondo non è più dominato dalle armi, dall'energia, dai soldi; è dominato da piccoli uno e zero, da bit e da dati, tutto è solo elettronica. C'è una guerra là fuori, amico mio. Una guerra mondiale. E non ha la minima importanza chi ha più pallottole, ha importanza chi controlla le informazioni. Ciò che si vede, si sente, come lavoriamo, cosa pensiamo, si basa tutto sull'informazione! Alessio L.R. Pennasilico 86

Recomendados

Polycom SoundStation VTX 1000
Polycom SoundStation VTX 1000Polycom SoundStation VTX 1000
Polycom SoundStation VTX 1000MetrolineDirect.com
 
Phone CommunicationpresentacióN01
Phone CommunicationpresentacióN01Phone CommunicationpresentacióN01
Phone CommunicationpresentacióN01vivianaeliza
 
VoIP and You - 2011
VoIP and You - 2011VoIP and You - 2011
VoIP and You - 2011rosecheng
 
VoIP Security for Dummies
VoIP Security for DummiesVoIP Security for Dummies
VoIP Security for DummiesAvaya Inc.
 
Pamplona
PamplonaPamplona
Pamplonapedrou2000
 
WesternWild
WesternWildWesternWild
WesternWildJames Weeding
 
Los mapuches de Makewe-Pelales
Los mapuches de Makewe-PelalesLos mapuches de Makewe-Pelales
Los mapuches de Makewe-PelalesJaime Ibakatxe-Burgos
 
Hastings future cities retrofit training manual v1.01
Hastings future cities retrofit training manual v1.01Hastings future cities retrofit training manual v1.01
Hastings future cities retrofit training manual v1.01EnergiseHastings
 

Recomendados

Polycom SoundStation VTX 1000
Polycom SoundStation VTX 1000Polycom SoundStation VTX 1000
Polycom SoundStation VTX 1000MetrolineDirect.com
 
Phone CommunicationpresentacióN01
Phone CommunicationpresentacióN01Phone CommunicationpresentacióN01
Phone CommunicationpresentacióN01vivianaeliza
 
VoIP and You - 2011
VoIP and You - 2011VoIP and You - 2011
VoIP and You - 2011rosecheng
 
VoIP Security for Dummies
VoIP Security for DummiesVoIP Security for Dummies
VoIP Security for DummiesAvaya Inc.
 
Pamplona
PamplonaPamplona
Pamplonapedrou2000
 
WesternWild
WesternWildWesternWild
WesternWildJames Weeding
 
Los mapuches de Makewe-Pelales
Los mapuches de Makewe-PelalesLos mapuches de Makewe-Pelales
Los mapuches de Makewe-PelalesJaime Ibakatxe-Burgos
 
Hastings future cities retrofit training manual v1.01
Hastings future cities retrofit training manual v1.01Hastings future cities retrofit training manual v1.01
Hastings future cities retrofit training manual v1.01EnergiseHastings
 
Plexi-Ch'Art 2013
Plexi-Ch'Art 2013Plexi-Ch'Art 2013
Plexi-Ch'Art 2013Massimo Cremagnani
 
Ortsbo Free Online Translation Software
Ortsbo Free Online Translation SoftwareOrtsbo Free Online Translation Software
Ortsbo Free Online Translation SoftwareClarence878Wilkerson
 
Derechos sexuales ultima version
Derechos sexuales ultima versionDerechos sexuales ultima version
Derechos sexuales ultima versionAlex Ury
 
Slideshare para empresas
Slideshare para empresasSlideshare para empresas
Slideshare para empresasCristina Pan García
 
Management (IP)
Management (IP)Management (IP)
Management (IP)Tanat Tonguthaisri
 
Winalite - Solicitud de Transferencia de Código - Plan de Lujo
Winalite - Solicitud de Transferencia de Código - Plan de LujoWinalite - Solicitud de Transferencia de Código - Plan de Lujo
Winalite - Solicitud de Transferencia de Código - Plan de LujoANECTO MOGOLLON
 
Tp. artelino s. david
Tp. artelino s. davidTp. artelino s. david
Tp. artelino s. davidDAVID ARTELINO
 
SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709
SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709
SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709finance32
 
Estudios Sociales
Estudios SocialesEstudios Sociales
Estudios SocialesAbsalonp
 
Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...
Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...
Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...Dr Dev Kambhampati
 
Controversia acerca de Jesús
Controversia acerca de JesúsControversia acerca de Jesús
Controversia acerca de JesúsLuis Kun
 
HISTORIA DE EPICA
HISTORIA DE EPICAHISTORIA DE EPICA
HISTORIA DE EPICAVanessa Aracely
 
La escucha activa
La escucha activaLa escucha activa
La escucha activaUNIVERSIDAD RICARDO PALMA
 
La nueva triple frontera: California, China, y Chile
La nueva triple frontera: California, China, y ChileLa nueva triple frontera: California, China, y Chile
La nueva triple frontera: California, China, y ChileLeslie Forman
 
Terapia de desintoxicación de la matrix extracelular con GUNA
Terapia de desintoxicación de la matrix extracelular con GUNATerapia de desintoxicación de la matrix extracelular con GUNA
Terapia de desintoxicación de la matrix extracelular con GUNANaturpharma (Medicina Biológica)
 
Upec rapport de_stage_zegowitz
Upec rapport de_stage_zegowitzUpec rapport de_stage_zegowitz
Upec rapport de_stage_zegowitzbendaoud
 
Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...
Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...
Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...Rohit Nadkarni
 
The 666 system of the mark or name or the number of his name of the beast c...
The 666 system of the mark or name or the number of his name of the beast c...The 666 system of the mark or name or the number of his name of the beast c...
The 666 system of the mark or name or the number of his name of the beast c...Iglesia Cristiana Casa de Júbilo y Consagración
 
Tema 9 geo ext 4ºeso bueno
Tema 9 geo ext 4ºeso buenoTema 9 geo ext 4ºeso bueno
Tema 9 geo ext 4ºeso buenotrinidadsotonavarro
 
The future is close
The future is closeThe future is close
The future is closeCRS4 Research Center in Sardinia
 
The future is close
The future is closeThe future is close
The future is closeCRS4 Research Center in Sardinia
 
Presentazione Linea B2 progetto Tutti a Iscol@ 2017
Presentazione Linea B2 progetto Tutti a Iscol@ 2017Presentazione Linea B2 progetto Tutti a Iscol@ 2017
Presentazione Linea B2 progetto Tutti a Iscol@ 2017CRS4 Research Center in Sardinia
 

Mais conteúdo relacionado

Destaque

Ortsbo Free Online Translation Software
Ortsbo Free Online Translation SoftwareOrtsbo Free Online Translation Software
Ortsbo Free Online Translation SoftwareClarence878Wilkerson
 
Derechos sexuales ultima version
Derechos sexuales ultima versionDerechos sexuales ultima version
Derechos sexuales ultima versionAlex Ury
 
Winalite - Solicitud de Transferencia de Código - Plan de Lujo
Winalite - Solicitud de Transferencia de Código - Plan de LujoWinalite - Solicitud de Transferencia de Código - Plan de Lujo
Winalite - Solicitud de Transferencia de Código - Plan de LujoANECTO MOGOLLON
 
SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709
SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709
SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709finance32
 
Estudios Sociales
Estudios SocialesEstudios Sociales
Estudios SocialesAbsalonp
 
Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...
Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...
Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...Dr Dev Kambhampati
 
Controversia acerca de Jesús
Controversia acerca de JesúsControversia acerca de Jesús
Controversia acerca de JesúsLuis Kun
 
La nueva triple frontera: California, China, y Chile
La nueva triple frontera: California, China, y ChileLa nueva triple frontera: California, China, y Chile
La nueva triple frontera: California, China, y ChileLeslie Forman
 
Terapia de desintoxicación de la matrix extracelular con GUNA
Terapia de desintoxicación de la matrix extracelular con GUNATerapia de desintoxicación de la matrix extracelular con GUNA
Terapia de desintoxicación de la matrix extracelular con GUNANaturpharma (Medicina Biológica)
 
Upec rapport de_stage_zegowitz
Upec rapport de_stage_zegowitzUpec rapport de_stage_zegowitz
Upec rapport de_stage_zegowitzbendaoud
 
Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...
Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...
Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...Rohit Nadkarni
 

Destaque (19)

Plexi-Ch'Art 2013
Plexi-Ch'Art 2013Plexi-Ch'Art 2013
Plexi-Ch'Art 2013
 
Ortsbo Free Online Translation Software
Ortsbo Free Online Translation SoftwareOrtsbo Free Online Translation Software
Ortsbo Free Online Translation Software
 
Derechos sexuales ultima version
Derechos sexuales ultima versionDerechos sexuales ultima version
Derechos sexuales ultima version
 
Slideshare para empresas
Slideshare para empresasSlideshare para empresas
Slideshare para empresas
 
Management (IP)
Management (IP)Management (IP)
Management (IP)
 
Winalite - Solicitud de Transferencia de Código - Plan de Lujo
Winalite - Solicitud de Transferencia de Código - Plan de LujoWinalite - Solicitud de Transferencia de Código - Plan de Lujo
Winalite - Solicitud de Transferencia de Código - Plan de Lujo
 
Tp. artelino s. david
Tp. artelino s. davidTp. artelino s. david
Tp. artelino s. david
 
SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709
SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709
SNX 7AE88A38-45E7-4B82-BFFB-3404FD8027A5_SNX012709
 
Estudios Sociales
Estudios SocialesEstudios Sociales
Estudios Sociales
 
Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...
Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...
Dr Dev Kambhampati | Doing Business in Switzerland - 2014 Country Commercial ...
 
Controversia acerca de Jesús
Controversia acerca de JesúsControversia acerca de Jesús
Controversia acerca de Jesús
 
HISTORIA DE EPICA
HISTORIA DE EPICAHISTORIA DE EPICA
HISTORIA DE EPICA
 
La escucha activa
La escucha activaLa escucha activa
La escucha activa
 
La nueva triple frontera: California, China, y Chile
La nueva triple frontera: California, China, y ChileLa nueva triple frontera: California, China, y Chile
La nueva triple frontera: California, China, y Chile
 
Terapia de desintoxicación de la matrix extracelular con GUNA
Terapia de desintoxicación de la matrix extracelular con GUNATerapia de desintoxicación de la matrix extracelular con GUNA
Terapia de desintoxicación de la matrix extracelular con GUNA
 
Upec rapport de_stage_zegowitz
Upec rapport de_stage_zegowitzUpec rapport de_stage_zegowitz
Upec rapport de_stage_zegowitz
 
Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...
Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...
Development Plan and Environment: A Case of Ahmedabad. A Master Dissertation ...
 
The 666 system of the mark or name or the number of his name of the beast c...
The 666 system of the mark or name or the number of his name of the beast c...The 666 system of the mark or name or the number of his name of the beast c...
The 666 system of the mark or name or the number of his name of the beast c...
 
Tema 9 geo ext 4ºeso bueno
Tema 9 geo ext 4ºeso buenoTema 9 geo ext 4ºeso bueno
Tema 9 geo ext 4ºeso bueno
 

Mais de CRS4 Research Center in Sardinia

Sequenziamento Esomico. Maria Valentini (CRS4), Cagliari, 18 Novembre 2015
Sequenziamento Esomico. Maria Valentini (CRS4), Cagliari, 18 Novembre 2015Sequenziamento Esomico. Maria Valentini (CRS4), Cagliari, 18 Novembre 2015
Sequenziamento Esomico. Maria Valentini (CRS4), Cagliari, 18 Novembre 2015CRS4 Research Center in Sardinia
 
Near Surface Geoscience Conference 2015, Turin - A Spatial Velocity Analysis ...
Near Surface Geoscience Conference 2015, Turin - A Spatial Velocity Analysis ...Near Surface Geoscience Conference 2015, Turin - A Spatial Velocity Analysis ...
Near Surface Geoscience Conference 2015, Turin - A Spatial Velocity Analysis ...CRS4 Research Center in Sardinia
 
GIS partecipativo. Laura Muscas e Valentina Spanu (CRS4), Cagliari, 21 Ottobr...
GIS partecipativo. Laura Muscas e Valentina Spanu (CRS4), Cagliari, 21 Ottobr...GIS partecipativo. Laura Muscas e Valentina Spanu (CRS4), Cagliari, 21 Ottobr...
GIS partecipativo. Laura Muscas e Valentina Spanu (CRS4), Cagliari, 21 Ottobr...CRS4 Research Center in Sardinia
 
Alfonso Damiano (Università di Cagliari) ICT per Smart Grid
Alfonso Damiano (Università di Cagliari) ICT per Smart Grid Alfonso Damiano (Università di Cagliari) ICT per Smart Grid
Alfonso Damiano (Università di Cagliari) ICT per Smart Grid CRS4 Research Center in Sardinia
 
Dinamica Molecolare e Modellistica dell'interazione di lipidi col recettore P...
Dinamica Molecolare e Modellistica dell'interazione di lipidi col recettore P...Dinamica Molecolare e Modellistica dell'interazione di lipidi col recettore P...
Dinamica Molecolare e Modellistica dell'interazione di lipidi col recettore P...CRS4 Research Center in Sardinia
 
Innovazione e infrastrutture cloud per lo sviluppo di applicativi web e mobil...
Innovazione e infrastrutture cloud per lo sviluppo di applicativi web e mobil...Innovazione e infrastrutture cloud per lo sviluppo di applicativi web e mobil...
Innovazione e infrastrutture cloud per lo sviluppo di applicativi web e mobil...CRS4 Research Center in Sardinia
 
ORDBMS e NoSQL nel trattamento dei dati geografici parte seconda. 30 Sett. 2015
ORDBMS e NoSQL nel trattamento dei dati geografici parte seconda. 30 Sett. 2015ORDBMS e NoSQL nel trattamento dei dati geografici parte seconda. 30 Sett. 2015
ORDBMS e NoSQL nel trattamento dei dati geografici parte seconda. 30 Sett. 2015CRS4 Research Center in Sardinia
 
Sistemi No-Sql e Object-Relational nella gestione dei dati geografici 30 Sett...
Sistemi No-Sql e Object-Relational nella gestione dei dati geografici 30 Sett...Sistemi No-Sql e Object-Relational nella gestione dei dati geografici 30 Sett...
Sistemi No-Sql e Object-Relational nella gestione dei dati geografici 30 Sett...CRS4 Research Center in Sardinia
 
Elementi di sismica a riflessione e Georadar (Gian Piero Deidda, UNICA)
Elementi di sismica a riflessione e Georadar (Gian Piero Deidda, UNICA)Elementi di sismica a riflessione e Georadar (Gian Piero Deidda, UNICA)
Elementi di sismica a riflessione e Georadar (Gian Piero Deidda, UNICA)CRS4 Research Center in Sardinia
 
Near Surface Geoscience Conference 2014, Athens - Real-­time or full­‐precisi...
Near Surface Geoscience Conference 2014, Athens - Real-­time or full­‐precisi...Near Surface Geoscience Conference 2014, Athens - Real-­time or full­‐precisi...
Near Surface Geoscience Conference 2014, Athens - Real-­time or full­‐precisi...CRS4 Research Center in Sardinia
 
Luigi Atzori Metabolomica: Introduzione e review di alcune applicazioni in am...
Luigi Atzori Metabolomica: Introduzione e review di alcune applicazioni in am...Luigi Atzori Metabolomica: Introduzione e review di alcune applicazioni in am...
Luigi Atzori Metabolomica: Introduzione e review di alcune applicazioni in am...CRS4 Research Center in Sardinia
 

Mais de CRS4 Research Center in Sardinia (20)

The future is close
The future is closeThe future is close
The future is close
 
The future is close
The future is closeThe future is close
The future is close
 
Presentazione Linea B2 progetto Tutti a Iscol@ 2017
Presentazione Linea B2 progetto Tutti a Iscol@ 2017Presentazione Linea B2 progetto Tutti a Iscol@ 2017
Presentazione Linea B2 progetto Tutti a Iscol@ 2017
 
Iscola linea B 2016
Iscola linea B 2016Iscola linea B 2016
Iscola linea B 2016
 
Sequenziamento Esomico. Maria Valentini (CRS4), Cagliari, 18 Novembre 2015
Sequenziamento Esomico. Maria Valentini (CRS4), Cagliari, 18 Novembre 2015Sequenziamento Esomico. Maria Valentini (CRS4), Cagliari, 18 Novembre 2015
Sequenziamento Esomico. Maria Valentini (CRS4), Cagliari, 18 Novembre 2015
 
Near Surface Geoscience Conference 2015, Turin - A Spatial Velocity Analysis ...
Near Surface Geoscience Conference 2015, Turin - A Spatial Velocity Analysis ...Near Surface Geoscience Conference 2015, Turin - A Spatial Velocity Analysis ...
Near Surface Geoscience Conference 2015, Turin - A Spatial Velocity Analysis ...
 
GIS partecipativo. Laura Muscas e Valentina Spanu (CRS4), Cagliari, 21 Ottobr...
GIS partecipativo. Laura Muscas e Valentina Spanu (CRS4), Cagliari, 21 Ottobr...GIS partecipativo. Laura Muscas e Valentina Spanu (CRS4), Cagliari, 21 Ottobr...
GIS partecipativo. Laura Muscas e Valentina Spanu (CRS4), Cagliari, 21 Ottobr...
 
Alfonso Damiano (Università di Cagliari) ICT per Smart Grid
Alfonso Damiano (Università di Cagliari) ICT per Smart Grid Alfonso Damiano (Università di Cagliari) ICT per Smart Grid
Alfonso Damiano (Università di Cagliari) ICT per Smart Grid
 
Big Data Infrastructures - Hadoop ecosystem, M. E. Piras
Big Data Infrastructures - Hadoop ecosystem, M. E. PirasBig Data Infrastructures - Hadoop ecosystem, M. E. Piras
Big Data Infrastructures - Hadoop ecosystem, M. E. Piras
 
Big Data Analytics, Giovanni Delussu e Marco Enrico Piras
Big Data Analytics, Giovanni Delussu e Marco Enrico Piras Big Data Analytics, Giovanni Delussu e Marco Enrico Piras
Big Data Analytics, Giovanni Delussu e Marco Enrico Piras
 
Dinamica Molecolare e Modellistica dell'interazione di lipidi col recettore P...
Dinamica Molecolare e Modellistica dell'interazione di lipidi col recettore P...Dinamica Molecolare e Modellistica dell'interazione di lipidi col recettore P...
Dinamica Molecolare e Modellistica dell'interazione di lipidi col recettore P...
 
Innovazione e infrastrutture cloud per lo sviluppo di applicativi web e mobil...
Innovazione e infrastrutture cloud per lo sviluppo di applicativi web e mobil...Innovazione e infrastrutture cloud per lo sviluppo di applicativi web e mobil...
Innovazione e infrastrutture cloud per lo sviluppo di applicativi web e mobil...
 
ORDBMS e NoSQL nel trattamento dei dati geografici parte seconda. 30 Sett. 2015
ORDBMS e NoSQL nel trattamento dei dati geografici parte seconda. 30 Sett. 2015ORDBMS e NoSQL nel trattamento dei dati geografici parte seconda. 30 Sett. 2015
ORDBMS e NoSQL nel trattamento dei dati geografici parte seconda. 30 Sett. 2015
 
Sistemi No-Sql e Object-Relational nella gestione dei dati geografici 30 Sett...
Sistemi No-Sql e Object-Relational nella gestione dei dati geografici 30 Sett...Sistemi No-Sql e Object-Relational nella gestione dei dati geografici 30 Sett...
Sistemi No-Sql e Object-Relational nella gestione dei dati geografici 30 Sett...
 
Elementi di sismica a riflessione e Georadar (Gian Piero Deidda, UNICA)
Elementi di sismica a riflessione e Georadar (Gian Piero Deidda, UNICA)Elementi di sismica a riflessione e Georadar (Gian Piero Deidda, UNICA)
Elementi di sismica a riflessione e Georadar (Gian Piero Deidda, UNICA)
 
Near Surface Geoscience Conference 2014, Athens - Real-­time or full­‐precisi...
Near Surface Geoscience Conference 2014, Athens - Real-­time or full­‐precisi...Near Surface Geoscience Conference 2014, Athens - Real-­time or full­‐precisi...
Near Surface Geoscience Conference 2014, Athens - Real-­time or full­‐precisi...
 
SmartGeo/Eiagrid portal (Guido Satta, CRS4)
SmartGeo/Eiagrid portal (Guido Satta, CRS4)SmartGeo/Eiagrid portal (Guido Satta, CRS4)
SmartGeo/Eiagrid portal (Guido Satta, CRS4)
 
Luigi Atzori Metabolomica: Introduzione e review di alcune applicazioni in am...
Luigi Atzori Metabolomica: Introduzione e review di alcune applicazioni in am...Luigi Atzori Metabolomica: Introduzione e review di alcune applicazioni in am...
Luigi Atzori Metabolomica: Introduzione e review di alcune applicazioni in am...
 
Mobile Graphics (part2)
Mobile Graphics (part2)Mobile Graphics (part2)
Mobile Graphics (part2)
 
Mobile Graphics (part1)
Mobile Graphics (part1)Mobile Graphics (part1)
Mobile Graphics (part1)
 

Último

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Último (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Alessio Pennasilico VoIP security

  • 1. ! VoIP (in)Security All your bases belong to us Alessio L.R. Pennasilico Phone/Fax +39 045 8271222 mayhem@alba.st Verona, Milano, Roma twitter: mayhemspp http://www.alba.st/ FaceBook: alessio.pennasilico Cagliari, 13 Giugno 2011
  • 2. $ whois mayhem Security Evangelist @ Board of Directors: CLUSIT, ISSA Italian Chapter, Italian Linux Society, OpenBSD Italian User Group, Metro Olografix, Sikurezza.org, Spippolatori Hacker Club Hacker’s Profiling Project, CrISTAL, Recursiva.org Alessio L.R. Pennasilico 2
  • 3. IT Security... Un inutile impedimento che rallenta le comuni operazioni e danneggia il business? Alessio L.R. Pennasilico 3
  • 4. IT Security... O prevenzione e risposta ad eventi che danneggerebbero il business in modo peggiore? Alessio L.R. Pennasilico 4
  • 5. Evoluzione La tecnologia si evolve… … e con essa anche le minacce! Alessio L.R. Pennasilico 5
  • 6. Video: I signori della truffa Alessio L.R. Pennasilico 6
  • 8. How do I feel today? http://www.alba.st/
  • 9. mayhem I’m worried Alessio L.R. Pennasilico 8
  • 10. VoIP explosion “Mobile VoIP Users to Nearly 139 Million by 2014 Says In-Stat” Alessio L.R. Pennasilico 9
  • 11. Telecom news Alessio L.R. Pennasilico 10
  • 12. CALEA laws Alessio L.R. Pennasilico 11
  • 13. Spyware economic interests Alessio L.R. Pennasilico 12
  • 14. mayhem everyone wants to know something about me Alessio L.R. Pennasilico 13
  • 15. mayhem it’s none of your business (KL) Alessio L.R. Pennasilico 14
  • 16. History "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." Benjamin Franklin, 1759 Alessio L.R. Pennasilico 15
  • 18. Phones eavesdropping Alessio L.R. Pennasilico 17
  • 19. Phones It’s possible to listen to others’ conversations from another shared line phone. Alessio L.R. Pennasilico 18
  • 20. Phones It’s possible to connect a specific eavesdropping device to the phone line with a crocodile clips Alessio L.R. Pennasilico 19
  • 21. Phones It’s possible to eavesdrop from the central PBX or from ISP switches. Alessio L.R. Pennasilico 20
  • 22. Phones It’s possible to eavesdrop from trunks with advanced technologies. Alessio L.R. Pennasilico 21
  • 23. http://www.alba.st/ You want VoIP!
  • 24. Deployment Faster, easier and cheaper to deploy over national IP network infrastructure Alessio L.R. Pennasilico 23
  • 25. Services Native advanced services for every user Fax2Mail,VoiceMail, IVR, text2speech Alessio L.R. Pennasilico 24
  • 26. Tools Plenty of OpenSource Projects full functionals and very mature user, business and carrier oriented Asterisk, FreeSwitch, OpenSER, OpenSBC Alessio L.R. Pennasilico 25
  • 27. Standards Using standard protocols it’s truly interoperable SIP, H.323, IAX Alessio L.R. Pennasilico 26
  • 28. Integration The PBX or the VoIP client can interact with other applications and use centralized data billing, E.164,CRM integration Alessio L.R. Pennasilico 27
  • 29. Question but what about security? Alessio L.R. Pennasilico 28
  • 30. All your VoIP belongs to us :) http://www.alba.st/
  • 31. Traditional Telephony “I do it for one reason and one reason only. I'm learning about a system. The phone company is a System. A computer is a System, do you understand? If I do what I do, it is only to explore a system. Computers, systems, that's my bag. The phone company is nothing but a computer.” Captain Crunch, “Secrets of the Little Blue Box“, 1971 (slide from Hacker's Profile Project, http://hpp.recursiva.org) Alessio L.R. Pennasilico 30
  • 32. Eavesdropping “Unknowns tapped the mobile phones of about 100 Greek politicians and offices, including the U.S. embassy in Athens and the Greek prime minister.” Bruce Schneier, his blog, 22nd June 2006 Greek wiretapping scandal Alessio L.R. Pennasilico 31
  • 33. First attacks ... “A brute-force password attack was launched against a SIP-based PBX in what appeared to be an attempt to guess passwords. Queries were coming in about 10 per second. Extension/ identities were incrementing during each attempt, and it appeared that a full range of extensions were cycled over and over with the new password. The User-Agent: string was almost certainly falsified.” John Todd on VoIPSA mailinglist, May 24th 2006 Alessio L.R. Pennasilico 32
  • 34. Frauds “Edwin Andreas Pena, a 23 year old Miami resident, was arrested by the Federal government: he was involved in a scheme to sell discounted Internet phone service by breaking into other Internet phone providers and routing connections through their networks.” The New York Times, June 7th 2006 Alessio L.R. Pennasilico 33
  • 35. Robert Moore Alessio L.R. Pennasilico 34
  • 36. Robert Moore “I'd say 85% of them were misconfigured routers. They had the default passwords on them: you would not believe the number of routers that had 'admin' or 'Cisco0' as passwords on them”. Alessio L.R. Pennasilico 34
  • 37. Robert Moore "It's so easy a caveman can do it!" “I'd say 85% of them were misconfigured routers. They had the default passwords on them: you would not believe the number of routers that had 'admin' or 'Cisco0' as passwords on them”. Alessio L.R. Pennasilico 34
  • 38. VoIP Risks Telephones had always been seen as secure, because they use proprietary hardware, proprietary protocols, and are disconnected from the other devices. Alessio L.R. Pennasilico 35
  • 39. VoIP Risks Telephones had always been seen as secure, because they use proprietary hardware, proprietary protocols, and are disconnected from the other devices. VoIP multiply traditional telephony risks for IP network risks. Alessio L.R. Pennasilico 35
  • 41. Protect us! End user has no way to protect himself: he has to adhere to its carrier configuration. Providers and companies implementing a VoIP infrastructure should take care of their customers’ security and privacy. Alessio L.R. Pennasilico 37
  • 42. SPIT SPAM over Internet Telephony will become an emergency. Low cost of VoIP calls, widespreading of human and tech resources, use of recorded messages, high revenues even on low purchases make SPIT an attractive business. Alessio L.R. Pennasilico 38
  • 43. Vishing Voice Phishing is a typical fraud against end users, available thanks to VoIP characteristics. Cheapness of this technology permit to deploy this attack on a large scale, integrating some “old style” attacks (e.g. wardialing, caller id spoofing). This fraud is based on user’s trust in “telephone device” and trust in caller identity. Alessio L.R. Pennasilico 39
  • 44. Risks Denial of Service (DoS), eavesdropping, identity theft, toll fraud,Vishing, SPIT are real risks. There are dozens of free, OpenSource, downloadable tools that are specific to test/attack VoIP protocols and devices. Alessio L.R. Pennasilico 40
  • 45. Risks Denial of Service (DoS), eavesdropping, identity theft, toll fraud,Vishing, SPIT are real risks. There are dozens of free, OpenSource, downloadable tools that are specific to test/attack VoIP protocols and devices. We can use them to secure our infrastructure! Alessio L.R. Pennasilico 40
  • 46. How does a phone call works? http://www.alba.st/
  • 47. Boot sequence • Boot • Retrieve Conf • Registration • Signaling • RTP Alessio L.R. Pennasilico 42
  • 48. Power up the phone ... Alessio L.R. Pennasilico 43
  • 49. Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: Alessio L.R. Pennasilico 43
  • 50. Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server Alessio L.R. Pennasilico 43
  • 51. Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server • DHCP furnishes the TFTP server address to the phone Alessio L.R. Pennasilico 43
  • 52. Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server • DHCP furnishes the TFTP server address to the phone • Phones download the firmware from the TFTP server Alessio L.R. Pennasilico 43
  • 53. Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server • DHCP furnishes the TFTP server address to the phone • Phones download the firmware from the TFTP server • Phones download configuration from the TFTP server Alessio L.R. Pennasilico 43
  • 54. Power up the phone ... VoIP phones execute some actions at bootstrap, many of these vulnerable to different legacy attacks: • Phones obtain IP address from a DHCP server • DHCP furnishes the TFTP server address to the phone • Phones download the firmware from the TFTP server • Phones download configuration from the TFTP server • Phones authenticate on the VoIP server Alessio L.R. Pennasilico 43
  • 55. ...and start a call. When bootstrap is complete the phone exchanges some information with the server, to describe its status and inform the VoIP PBX about calls status (signaling). When a call is answered a new traffic flow of UDP packets starts, carrying our voice. This is called RTP and can be established between end points or between each SIP-UA and its server. Alessio L.R. Pennasilico 44
  • 56. What can I do? :) DHCP Spoofing -> TFTP redirect TFTP Spoofing -> OS substitution TFTP Queries -> obtain configurations Password Sniffing PBX Spoofing -> negotiate auth RTP Traffic in clear Alessio L.R. Pennasilico 45
  • 57. Hardening tips & triks http://www.alba.st/
  • 59. VLAN Packets mac mac Dati src dst T mac mac A Dati src dst G Alessio L.R. Pennasilico 48
  • 60. Configure the phone Alessio L.R. Pennasilico 49
  • 61. Configure the switch Alessio L.R. Pennasilico 50
  • 62. Inter-VLAN routing You need at least a L3 device Can be a Firewall with ACL A VoIP protocols aware firewall is much more effective Alessio L.R. Pennasilico 51
  • 63. AAA Authentication Authorization Accounting Do you have all 3 A ? Alessio L.R. Pennasilico 52
  • 64. Encrypting VPN? Signaling -> TLS RTP -> SRTP PKI? Lawful interception? Alessio L.R. Pennasilico 53
  • 65. Periodic PenTests Is your infrastructure secure today? If yes, will still be secure in 6 months? Alessio L.R. Pennasilico 54
  • 66. http://www.alba.st/ Other advices...
  • 67. mis-configuration 0039081XXXXXXX “Press 1 for commercial office, 2 for sales dept, 3 to access the search menu, 9 to talk with an operator” 3 0 0456152498 “Alba S.T. buon giorno, come posso esserle utile?” Alessio L.R. Pennasilico 56
  • 68. “clever” devices Many network devices supports security feature to mitigate known attacks: ✓ gratuitous ARP block ✓ DHCP snooping ✓ flood detection ✓ QoS support ✓ … Alessio L.R. Pennasilico 57
  • 69. Power over Ethernet Is you switch under an UPS? How long is your UPS able to stand on-battery powering phones? Alessio L.R. Pennasilico 58
  • 70. Quality of Service Security feature? Can preserve the VoIP traffic from being delayed / dropped ...needed... Alessio L.R. Pennasilico 59
  • 71. Redudancy Is it a security feature, or just about business continuity? Don’t know, but you need it :) Alessio L.R. Pennasilico 60
  • 72. Training Security is unsuccessfully if you do not teach people what to do, how to use the new technology you give them, the importance of data they’re managing. Alessio L.R. Pennasilico 61
  • 73. Tools to test your infrastructures... http://www.alba.st/
  • 74. Ettercap The Man in the Middle attack suite. Multiplatform, usable from console or in a window manager. Ettercap allows to perform all typical layer 2 tests to understand how vulnerable our switched network is if not correctly protected. Keywords: arp spoofing, arp poisoning, hijacking, sniffing, decoding, dns spoofing, dos, flood. http://ettercap.sourceforge.net/ Alessio L.R. Pennasilico 63
  • 75. Ettercap (2) Alessio L.R. Pennasilico 64
  • 76. Vomit Voice Over Misconfigured Internet Telephones, from a standard tcpdump log trace, can create a wave file with the audio conversation intercepted on the monitored network. It supports MGCP protocol with G.711 codec and works only on Linux. ./vomit -r elisa.dump | waveplay -S 8000 -B 16 -C 1 Alessio L.R. Pennasilico 65
  • 77. Wireshark Multiplatform Sniffer, with a lot of decoders that allows to manage the intercepted traffic. Wireshark can identify and decode both signaling and RTP traffic and shows all information needed for a successive analysis. http://www.wireshark.org/ Alessio L.R. Pennasilico 66
  • 78. Wireshark (2) Alessio L.R. Pennasilico 67
  • 79. Oreka Available for Windows and Linux, supports Cisco Call Manager, Lucent APX8000, Avaya, S8500, Siemens HiPath,VocalData, Sylantro and Asterisk SIP channel protocols. Eavesdrops and records RTP part of phone calls. Simple, intuitive, accessible through a web interface, based on a MySQL database. http://oreka.sourceforge.net/ Alessio L.R. Pennasilico 68
  • 80. Ohrwurm “Ear worm” is an RTP fuzzer. It sends a large amount of requests, with different combinations of parameters, some correct and some with few or no sense, to interprete the answers and identify anomalies.. Anomalies are often the launchpad to discover a bug or some implementation defect. http://mazzoo.de/blog/2006/08/25#ohrwurm Alessio L.R. Pennasilico 69
  • 81. SipSak SIP Swiss Army Knife permits to interact with any SIP device, forging ad-hoc SIP traffic to gather information on its target features and behaviour. http://sipsak.org/ Alessio L.R. Pennasilico 70
  • 82. Smap By merging nmap and SipSak, this project realizes a new specific tool, a program able to detect all SIP devices in the network and produce a report for each one. This will permit us to obtain a map of VoIP devices, with their features, brand and model. http://www.wormulon.net/index.php?/archives/1125-smap-released.html Alessio L.R. Pennasilico 71
  • 83. SiVus It’s a SIP security scanner: it verifies characteristics of scan targets and compares them against a database of known misconfigurations or bugs. This database is increasing in a very impressive way … http://www.vopsecurity.org/html/tools.html Alessio L.R. Pennasilico 72
  • 84. SipVicious SIPVicious is an integrated suite that allows to scan, enumerate, and crack SIP accounts. svmap - this is a sip scanner. Lists SIP devices found on an IP range svwar - identifies active extensions on a PBX svcrack - an online password cracker for SIP PBX svreport - manages sessions and exports reports to various formats Alessio L.R. Pennasilico 73
  • 85. Scan mayhem$ python svmap.py 192.168.99.0/24 | SIP Device | User Agent | ------------------------------------- | 192.168.99.13:5060 | Asterisk PBX | Alessio L.R. Pennasilico 74
  • 86. Enumerate mayhem$ python svwar.py -e 100-200 192.168.99.13 | Extension | Authentication | ------------------------------ | 120 | reqauth | | 111 | reqauth | | 125 | noauth | Alessio L.R. Pennasilico 75
  • 87. Brute Force mayhem$ python svcrack.py -n -u 111 -r 1000-9999 192.168.99.13 | Extension | Password | ------------------------ | 111 | 1234 | mayhem$ python svcrack.py -n -u 120 -r 1000-9999 192.168.99.13 | Extension | Password | ------------------------ | 120 | 1357 | Alessio L.R. Pennasilico 76
  • 88. Other tools Packet Gen & Packet Scan RTP Flooder Shoot Invite flooder Sipness RTP injector Sipshare Sipscan Sip scenario reg. hijacker eraser/adder Siptest harness Fuzzy Packet Sipv6analyzer Iax Flooder Winsip Call Generator Cain & Abel Sipsim SipKill Mediapro SFTF Netdude VoIPong SipBomber SipP Alessio L.R. Pennasilico 77
  • 89. http://www.alba.st/ Conclusions
  • 90. Conclusions ✓ Pay attention to risk analysis and planning! ✓ Divide in multiple VLAN ✓ Implement QoS ✓ Be extremely careful in AAA ✓ Use cryptography! (TLS, SRTP) ✓ Use “clever” devices (can mitigate mitm, garp, spoofing, flooding and other known attacks) ✓ Application level Firewall ✓ Avoid single point of failure ✓ Periodic security test Alessio L.R. Pennasilico 79
  • 91. Bibliography http://www.voipsa.org http://www.voip-info.org http://misitano.com/pubs/voip-ictsec.pdf http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58.zip http://www.nytimes.com/2006/06/08/technology/08voice.html http://www.schneier.com/blog/ http://www.cloudmark.com/press/releases/?release=2006-04-25-2 http://www.usdoj.gov/usao/nj/press/files/pdffiles/penacomplaint.pdf http://www.usdoj.gov/usao/pae/News/Pr/2005/feb/Moore.pdf Scholz - Attacking VoIP Networks Alessio L.R. Pennasilico 80
  • 92. VoIP explosion “Mobile VoIP Users to Nearly 139 Million by 2014 Says In-Stat” Alessio L.R. Pennasilico 81
  • 93. Conclusioni VoIP can be secure Alessio L.R. Pennasilico 82
  • 94. Conclusioni more secure than traditional telephony Alessio L.R. Pennasilico 83
  • 95. Conclusioni it depends on us Alessio L.R. Pennasilico 84
  • 96. ! These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike-2.5 version; you can copy, modify, or sell them. “Please” cite your source and use the same licence :) Alessio L.R. Pennasilico Phone/Fax +39 045 8271222 mayhem@alba.st Verona, Milano, Roma twitter: mayhemspp http://www.alba.st/ FaceBook: alessio.pennasilico Cagliari, 13 Giugno 2011
  • 97. ! Domande? These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike-2.5 version; you can copy, modify, or sell them. “Please” cite your source and use the same licence :) Alessio L.R. Pennasilico Phone/Fax +39 045 8271222 mayhem@alba.st Verona, Milano, Roma twitter: mayhemspp http://www.alba.st/ FaceBook: alessio.pennasilico Cagliari, 13 Giugno 2011
  • 98. ! These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike-2.5 Grazie dell’attenzione! version; you can copy, modify, or sell them. “Please” cite your source and use the same licence :) Alessio L.R. Pennasilico Phone/Fax +39 045 8271222 mayhem@alba.st Verona, Milano, Roma twitter: mayhemspp http://www.alba.st/ FaceBook: alessio.pennasilico Cagliari, 13 Giugno 2011
  • 99. Quote del Video Il nostro mondo non è più dominato dalle armi, dall'energia, dai soldi; è dominato da piccoli uno e zero, da bit e da dati, tutto è solo elettronica. C'è una guerra là fuori, amico mio. Una guerra mondiale. E non ha la minima importanza chi ha più pallottole, ha importanza chi controlla le informazioni. Ciò che si vede, si sente, come lavoriamo, cosa pensiamo, si basa tutto sull'informazione! Alessio L.R. Pennasilico 86