Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Abdullah Al Mamun 062507056
1. Individual Assignment
Fraud monitoring system for voip or ip telephony
Name: M.Abdullah -Al -Mamun
ID# 062507056
Faculty: Dr. Mashiur Rahman
ETE- 605 Sec- 2
Semester: Spring 2008
Date: 15/04/2008
2. Table of contents
1. Introduction
2. Voice over IP Connections and communications
3. what type of illegality can be occurred
4. What will Fraud management do
5. Deep Packet Inspection
6. PTS Deployment for BTTB
7. Security Operations Services
8. Conclusion
9. Sources and references
3. Acknowledgments
This document has benefited from review and comment by many experts. I
particularly want to thank, Sandvine International, Dr. Moshiur Rahman and
BTRC for many contributions to improving the quality of this case study. First part
of this document is derived what is VoIP, than what type of illegality can be
occurred and finaly the fraud management system developed and derived by
sandvine international.
4. Introduction
What is voip:
voIP (pronounced voyp or vip) is the name of a new communications technology
that changes the meaning of the phrase telephone call. VoIP stands for voice
over Internet protocol, and it means “voice transmitted over a computer network.”
Internet protocol (IP) networking is supported by all sorts of networks: corporate,
private, public, cable, and even wireless networks. Don’t be fooled by the
“Internet” part of the acronym. VoIP runs over any type of network. Currently, in
the corporate sector, the private dedicated network option is the preferred type.
For the telecommuter or home user, the hands-down favorite is broadband. You
can access your account on the VoIP network by a desktop telephone, a wireless
IP phone (similar to a cell phone), or the soft screen dial pad of your laptop or
desktop computer.
What is Fraud:
In criminal law, fraud is the crime or offense of deliberately deceiving another in
order to damage them – usually, to obtain property or services unjustly. Fraud
can be accomplished through the aid of forged objects. In the criminal law of
common law jurisdictions it may be called "theft by deception," "larceny by trick,"
"larceny by fraud and deception" or something similar.
History of VoIP:
Voice over Internet Protocol has been a subject of interest almost since the first
computer network. By 1973, voice was being transmitted over the early Internet.
The technology for transmitting voice conversations over the Internet has been
available to end-users since at least the early 1980s. In 1996, a shrink-wrapped
software product called Vocaltec Internet Phone (release 4) provided VoIP along
with extra features such as voice mail and caller ID. However, it did not offer a
gateway to the PSTN, so it was only possible to speak to other Vocaltec Internet
Phone users. In 1997, Level 3 began development of its first soft switch (a term
they invented in 1998); soft switches were designed to replace traditional
hardware telephone switches by serving as gateways between telephone
networks.
5. Voice over IP Connections and communications:
Voice over IP – the transmission of voice over packet-switched IP networks – is
one of the most important emerging trends in telecommunications. As with many
new technologies, VOIP introduces both security risks and opportunities. VOIP
has a very different architecture than traditional circuit-based telephony, and
these differences result in significant security issues. Lower cost and greater
flexibility are among the promises of VOIP for the enterprise, but VOIP should not
be installed without careful consideration of the security problems introduced.
Administrators may mistakenly assume that since digitized voice travels in
packets, they can simply plug VOIP components into their already-secured
networks and remain secure. However, the process is not that simple. This
publication explains the challenges of VOIP security for agency and commercial
users of VOIP, and outlines steps needed to help secure an organization’s VOIP
network. VOIP security considerations for the public switched telephone network
(PSTN) are largely outside the scope of this document.
VOIP systems take a wide variety of forms, including traditional telephone
handsets, conferencing units, and mobile units. In addition to end-user
equipment, VOIP systems include a variety of other components, including call
processors/call managers, gateways, routers, firewalls, and protocols. Most of
these components have counterparts used in data networks, but the performance
demands of VOIP mean that ordinary network software and hardware must be
supplemented with special VOIP components. Not only does VOIP require higher
performance than most data systems, critical services, such as Emergency 911
must be accommodated. One of the main sources of confusion for those new to
VOIP is the (natural) assumption that because digitized voice travels in packets
just like other data, existing network architectures and tools can be used without
change. However, VOIP adds a number of complications to existing network
technology, and these problems are magnified by security considerations.
Quality of Service (QoS) is fundamental to the operation of a VOIP network that
meets users’ quality expectations. However, the implementation of various
security measures can cause a marked deterioration in QoS. These
complications range from firewalls delaying or blocking call setups to encryption-
produced latency and delay variation (jitter). Because of the time-critical nature of
VOIP, and its low tolerance for disruption and packet loss, many security
measures implemented in traditional data networks are simply not applicable to
VOIP in their current form; firewalls, intrusion detection systems, and other
components must be specialized for VOIP. Current VOIP systems use either a
proprietary protocol, or one of two standards, H.323 and the Session Initiation
Protocol (SIP). Although SIP seems to be gaining in popularity, neither of these
protocols has become dominant in the market yet, so it often makes sense to
incorporate components that can support both. In addition to SIP and H.323
6. there are also two further standards, media gateway control protocol (MGCP)
and Megaco/H.248, which may be used in large deployments for gateway
decomposition. These standards may be used to ease message handling with
media gateways, or on the other hand they can easily be used to implement
terminals without any intelligence, similar to today’s phones connected to a PBX
using a stimulus protocol.
Packet networks depend for their successful operation on a large number of
configurable parameters: IP and MAC (physical) addresses of voice terminals,
addresses of routers and firewalls, and VOIP specific software such as call
processing components (call managers) and other programs used to place and
route calls. Many of these network parameters are established dynamically every
time network components are restarted, or when a VOIP telephone is restarted
or added to the network. Because there are so many places in a network with
dynamically configurable parameters, intruders have a wide array of potentially
vulnerable points to attack.
Firewalls are a staple of security in today’s IP networks. Whether protecting a
LAN or WAN, encapsulating a DMZ, or just protecting a single computer, a
firewall is usually the first line of defense against would be attackers. Firewalls
work by blocking traffic deemed to be invasive, intrusive, or just plain malicious
from flowing through them. Acceptable traffic is determined by a set of rules
programmed into the firewall by the network administrator. The introduction of
firewalls to the VOIP network complicates several aspects of VOIP, most notably
dynamic port trafficking and call setup procedures. Network Address Translation
(NAT) is a powerful tool that can be used to hide internal network addresses and
enable several endpoints within a LAN to use the same (external) IP address.
The benefits of NATs come at a price. For one thing, an attempt to make a call
into the network becomes very complex when a NAT is introduced. The situation
is somewhat similar to an office building where mail is addressed with
employees’ names and the building address, but internal addressing is handled
by the company mailroom. There are also several issues associated with the
transmission of voice data across the NAT, including an incompatibility with
IPsec. Although the use of NATs may be reduced as IPv6 is adopted, they will
remain a common component in networks for years to come, so VOIP systems
must deal with the complexities of NATs.
Firewalls, gateways, and other such devices can also help keep intruders from
compromising a network. However, firewalls are no defense against an internal
hacker. Another layer of defense is necessary at the protocol level to protect the
voice traffic. In VOIP, as in data networks, this can be accomplished by
encrypting the packets at the IP level using IPsec, or at the application level with
7. secure RTP, the real-time transport protocol (RFC 3550). However, several
factors, including the expansion of packet size, ciphering latency, and a lack of
QoS urgency in the cryptographic engine itself can cause an excessive amount
of latency in the VOIP packet delivery. This leads to degraded voice quality,
again highlighting the tradeoff between security and voice quality, and
emphasizing a need for speed.
VOIP is still an emerging technology, so it is difficult to develop a complete
picture of what a mature worldwide VOIP network will one day look like. As the
emergence of SIP has shown, new technologies and new protocol designs have
the ability to radically change VOIP. Although there are currently many different
architectures and protocols to choose from, eventually a true standard will
emerge. Unless a widely used open standard emerges, solutions will be likely to
include a number of proprietary elements, which can limit an enterprise’s future
choices. The most widely used of the competing standards are SIP and H.323.
Some observers believe that SIP will become dominant. Major vendors are
investing an increasing portion of their development effort into SIP products. An
extension of SIP, the SIP for Instant Messaging and Presence Leveraging
Extensions (SIMPLE) standard, is being incorporated into products that support
Instant Messaging. Until a truly dominant standard emerges, organizations
moving to VOIP should consider gateways and other network elements that
support both H.323 and SIP. Such a strategy helps to ensure a stable and robust
VOIP network in the years that come, no matter which protocol prevails.
Designing, deploying, and securely operating a VOIP network is a complex effort
that requires careful preparation. The integration of a VOIP system into an
already congested or overburdened network could create serious problems for
the organization. There is no easy “one size fits all” solution to the issues
discussed in these chapters. An organization must investigate carefully how its
network is laid out and which solution fits its needs best. In recent years, a new
way to connect to the PSTN has cropped up. Companies are using PRIs, T1, and
other technologies to connect to the PSTN, and then resell those connections to
consumers. The users connect to the companies offering these connections
through Voice over IP technologies. By so doing, we can skip dealing with LECs
completely. This service is called Origination and Termination. Through these
services, we can receive a real telephone number, with the area code depending
on what the provider has access to. Not all providers can offer numbers in every
locality. This means that our number could be long distance from our next-door
neighbor, yet local to someone in the next state. The advantage of this, however,
is that the provider will route most of the calls over their VoIP infrastructure and
will then use the PSTN when they get to their most local point at the receiving
end, which can mean that long distance charges are dramatically reduced. If we
call a variety of countries, states or cities it can be worthwhile to research a
provider that offers local PSTN access to the areas we call most.
The rates per minute are usually very attractive. Often, long distance is at the
same rate as local calls. One thing to watch out for is that some providers charge
8. for incoming minutes, much like on a cellular telephone, and some providers also
charge for local calls. Another thing to be aware of is that some providers require
that you use their Analog Terminal Adapter (ATA). This means that they will send
you a box that you plug into the Internet, which speaks Voice over IP. Then, you
have a POTS line to connect a phone (or Asterisk) to. Voice over IP makes
sense in many installations. But for the quality to be acceptable, a reliable
Internet connection with low latency is required. Another thing to watch out for is
jitter. Jitter refers to the variation in latency from packet to packet. Most protocols
can handle latency a lot better if it is constant throughout the call.
what type of illegality can be occurred:
• Illegal generating and terminating of VoIP calls
• Less QOS
• Network Traffic jamming
What will Fraud management do:
• Stop illegal VoIP usage
• Allow licensed VoIP usage
• Monitor VoIP services
• Set the traffic policy for better VoIP service
• CDR for usage billing
Deep Packet Inspection:
Deep Packet Inspection (DPI) is a packet filtering technology that examines not
only the header part but also the data part of a through-passing packet,
searching for non-protocol compliance or predefined criteria to decide if the
packet can pass.
This is in contrast to shallow packet inspection (usually called just packet
inspection) which just checks the header portion of a packet.
DPI-based policy solutions offer a truly flexible approach to manage today’s VoIP
based upon the national regulatory requirements. The leading provider of
intelligent broadband network solutions for the industry’s most powerful platform
enabling per-subscriber DPI-based policy solutions to solve both business and
technology challenges in the world’s largest broadband networks
9. fig 1: DPI inspection
• Proven application identification and traffic shaping
• Flexible network deployment options
• Advanced reporting including VoIP analysis
• Recognize True Scalability
• Leading Redundancy Options
• Seamless Integration
• Gain Control and Visibility
Enhanced DPI Signature Analysis: Recognizes protocol identifiers anywhere
within a TCP packet, across multiple TCP packets and even using UDP control
messages. Flexible processing ensures that we can address new techniques as
application protocols continue to evolve in the future. Real-time Behavioral
Analysis: characterizes traffic by application categories through a real-time
comparison with defined behavior thresholds. Service providers can immediately
control unwanted traffic behavior that is affecting reliable network operation and
service quality.
11. fig 3: VoIP call by provider by protocol
PTS Deployment for BTTB:
For a customized solution for BTTB we will need to know
1. The network topology
2. The bandwidth
3. The exact solution requirements
Policy Traffic Switch (PTS) enables service providers to apply different traffic
policies for voice calls originating or terminating on the public network.
Restrict selective VoIP services that provide domestic or international
connections to the PSTN network
12. fig 5:Detailed Drill Down, Network Provider, VoIP Provider, Subscriber
Security Operations Services:
• Attack monitoring, analysis, and classification: determines the nature of
the attack and identifies specific remedies in real time.
• Behavior detection and signature updates:
may be automated or as designated by the service provider.
• Security research and test lab:
delivers in depth traffic analysis to discover hidden and emerging threats,
provides 24X7 monitoring and attack response.
Cans spam:
Spam trojan mitigation arms service providers with a network-based approach to
eliminating all malicious worm and spam trojan traffic on service provider
networks
Kills worms:
Network-based worm mitigation attacks worms at all five stages of their
development, effectively shutting down worm/DoS traffic.
13. Prevents DoS attacks:
Network-based DoS mitigation protects the subscriber experience by filtering
DoS attacks and eliminating malicious traffic while allowing all legitimate requests
to proceed through the network.
Defends servers:
Protects inherently vulnerable mail servers and prevents DNS poisoning by
stopping illegitimate requests before they become a threat to subscribers and the
network.
Cleanses network:
Security Operations team provides ongoing analysis to ensure optimal network
health and distant warning in the event of an attack. Sandvine’s visibility into
global service provider networks acts as a 'network telescope,' uncovering
malicious traffic threats before they spread around the globe.
Conclusion:
If we consider the physical security is managed than this web base solution is a
smart monitoring and control tool for BTRC or any other lawful authority/
This can be the ultimate solution for VoIP management in Bangladesh.
DPI based solution provides the total transparency needed to manage VoIP
according to set policies.
Policy Traffic Switch can stop the illegal use of VoIP while optimizing bandwidth
for licensed VoIP in Bangladesh.
14. Sources:
IETF http://www.ietf.org
SIP Forum http://www.sipforum.org
3rd Generation Partnership Project http://www.3gpp.org
SIP Working Group http://www.softarmor.com/sipwg
SIPPING Working Group http://www.softarmor.com/sipping
ETSI TISPAN http://portal.etsi.org/tispan
References:
Ericsson – ‘Combinational services – the pragmatic first step toward all-IP’,
published in Ericsson Review No.2, 2003
Sandvine intervational