Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Class-based defense solution for VoIP networks
Because VoIP works on IP infrastructure, it is vulnerable to attack. The theory that Juniper launched began with the most effective methods in network security and similar to any other IP network.
The first is to know all the relevant components including servers, IP protocols, processes, users and use a risk analysis pattern to determine where the risks are. Then select the appropriate technology or process to minimize the risks.
The network center of the business or service provider is located in the VoIP application server or UNIX server or PC running Linux operating system. The core network also has servers running the user and cost data management program to support VoIP applications.
At the periphery are gateway servers, servers that communicate with other VoIP network servers or transfer calls between switched and VoIP voice networks. The client is the IP phone that converts the digital signal into audio.
Source: checkpoint Juniper defense strategy lies in network layers, helping to protect each core device, edge area and client device, based on three main factors: Identifying the identity of network users, processes Control and technology are applied to protect the above content.
The first two goals can be accomplished with normal security checks, which identify those involved in the operation and specify security rights to enforce certain tasks. The protection of the application server's network core and devices similar to the protection of LANs against known IP attack risks such as operating system hack (OS vulnerabily), attack denial of service dispersal / denial of service (DOS / DDOS), or other forms of unauthorized intrusion.
For any operating system, it is necessary to use the latest version with all installed patches and remove unknown services as well as user accounts for remote access control.
US security firm recommends that businesses consider using unauthorized intrusion detection and prevention systems (IDP / IPS) to control traffic. Such a system can be bundled to layer 7 to identify potential threats. For example, the preferred goal of a computer worm attack is a VoIP application with a web interface for administrators and web servers. An IDP device can use multiple methods to detect provocation and prevent harmful traffic by reducing packets from the network.
Numerous gateway implementations can also be seen in the boundary layer. Typically, the server provides user registration, determines the incoming VoIP traffic and transfers calls to the destination. The two main protocols for VoIP traffic are H.323 and SIP. Both use the Real-time Transport Protocol (RTP) for communications. The VoIP application will start a session using a static port to transmit information and then start transferring information using a random port. However, allowing connections to any port is a security risk for deliberate attacks. In such a case, there should be a gateway located behind a VoIP protection firewall application (such as the NetScreen integrated firewall product line). High-throughput firewall devices should also be considered, as network latency will affect call quality.
The firewall should provide an application level gateway to block VoIP traffic, classify the protocol and check which dynamic ports need to be opened by the application. This feature opens a path that allows the information to be transmitted in a specific conversation and closes after the call is completed.
When the user ends the call via IP, the conversation content is still sensitive data, which must not be exposed to the public network. Therefore, IP telephone equipment should support an effective authentication mechanism for registration of VoIP servers. Additional encryption with the use of a virtual private network (VPN) channel should also be applied to both call setup and communication.
In short, VoIP technology provides businesses with new ways to save costs and improve operational efficiency. In order to maximize the effectiveness of this technology, administrators should use a layer-based defense approach to understand network threats and ensure that they can resist attacks.
Xuan Kim
Lesley MontoyaYou should read it
- Voice over the internet: 10 reasons!
- Bringing Skype to Windows 8.1 by default, Microsoft may be sued
- The basic advantages of Linux servers and Window servers
- Difference between VoLTE and VoIP
- Microsoft promises to fix Skype errors
- Improve Internet speed to increase VoIP quality
- Balancing download of Exchange 2007 SP1 Hub Transport servers with Windows Network Load Balancing (Part 1)
- Load balancing in Web applications
May be interested
- Class (Class) in C #
when you define a class in c #, you define a blueprint for a data type. this does not really define any data, but it defines the meaning of that class name. that is, what an object of that class consists of, what activities can be performed on that object. - Managing Windows networks using Script - Part 12: Properties of the WMI classback in the third part of this series, we developed a simple script called displaytimezone.vbs to display the current time zone setting on your computer. this article will show you how to display all the properties of the wmi class.
- Mysterious creatures 'dance' strange dance when someone touches itseeing the 'strange object' on the tree, the curious man touched his hand and was startled to see its reaction.
- Guide to playing Merge Tactics Kingdom Defense for newbiesmerge tactics kingdom defense is one of the most popular mobile defense strategy games today. in merge tactics, the player's task is to do whatever it takes to protect your kingdom from the invading forces.
- How to turn on / off Self-Defense in Avast Antivirusself-defense is a feature in avast antivirus software that helps to protect software from being disabled or removed by other malware. this post will show you how to enable / disable the self-defense feature in avast antivirus.
- How to Crash a Class in Collegein many universities, classes can be impacted. colleges often do not have enough funding to supply enough professors to meet the demand. here are some ways to get into a class when all the spots are full. waitlist the class, if possible....
- Storage class in C programminga storage class defines the scope (visibility) and the lifetime of a variable or / and functions in the c program. the preceding type specifications can be changed. here are the storage classes that can be used in the c program.
- How to Hack Radiant Defense on Windows 8 Using Cheat Engineradiant defense for windows 8 is a fun tower defense game, in which you defend your base from aliens. this tutorial will teach you how to hack radiant defense on windows 8 using a free tool called cheat engine. download and install radiant...
- Interface in C ++ (Abstract class)an interface describes the behavior or capabilities of a class in c ++ without signing to a specific implementation of that class.
- Difference between VoLTE and VoIPthere are key differences between voip and volte that you need to consider before trying them out.
Protect personal information on 'social networks'
Five tips for safe online shopping
Norton 360 - Comprehensive PC protection
Password management problems in IE and Firefox
Password management problems in IE and Firefox (The last part)
Protect yourself by keeping your hardware safe