|
|
Security provisions of VoIP traffic in Open source PBX
Chalás, Jaroslav ; Daněček, Vít (oponent) ; Šilhavý, Pavel (vedoucí práce)
Main goal of creating the Open Source project and GPL licence are free sources and applications available for a wide public. Competent communities are responsible for support and upgrade of Open source based applications and softwares, which are created on a voluntary bases. Due to this fact an implementation depends on plenty others publicly available libraries and applications, which sometimes complicate the installation process itself. Successfully created VoIP connection is two-phase based process. Signalization is necessary in the first place, which might be supported with H.323 or SIP. After call parameter negotiation – voice codec, cipher code, ports etc, the second phase takes over to transfer voice. Theoretical part of this thesis describes SIP, H.323, MGCP, RTP and IAX protocols, as well as secure ways of signalization and voice stream part of the call. These might be SIPS, SRTP, ZRTP and IPsec. In thesis Open Source Asterisk PBX is well described, when mentioning its options, features and community support. I put near options available for particular releases and introduce attacks and abuses which are possible to perform on the VoIP system in general, together with available, no cost and working tools to perform the attacks with. Practical part focuses on possibilities to generate experimental attacks on individual systen parts with exact definition of what the consequences are. Based on the overall analyse of achieved results I conclude three solutions as autoinstallation linux packages. These „deb“ packages consist of specific Asterisk release required to meet the security needs, ready-to-test configuration and guide to follow with correct options to set. Final security possibilities requires hardening on application layer, where Iptables takes its part. „Linux firewall“ as some express Iptables are configured to reflect VoIP system parameters and protect from DoS attacks.
|
|
|
Security provisions of VoIP traffic in Open source PBX
Chalás, Jaroslav ; Daněček, Vít (oponent) ; Šilhavý, Pavel (vedoucí práce)
Main goal of creating the Open Source project and GPL licence are free sources and applications available for a wide public. Competent communities are responsible for support and upgrade of Open source based applications and softwares, which are created on a voluntary bases. Due to this fact an implementation depends on plenty others publicly available libraries and applications, which sometimes complicate the installation process itself. Successfully created VoIP connection is two-phase based process. Signalization is necessary in the first place, which might be supported with H.323 or SIP. After call parameter negotiation – voice codec, cipher code, ports etc, the second phase takes over to transfer voice. Theoretical part of this thesis describes SIP, H.323, MGCP, RTP and IAX protocols, as well as secure ways of signalization and voice stream part of the call. These might be SIPS, SRTP, ZRTP and IPsec. In thesis Open Source Asterisk PBX is well described, when mentioning its options, features and community support. I put near options available for particular releases and introduce attacks and abuses which are possible to perform on the VoIP system in general, together with available, no cost and working tools to perform the attacks with. Practical part focuses on possibilities to generate experimental attacks on individual systen parts with exact definition of what the consequences are. Based on the overall analyse of achieved results I conclude three solutions as autoinstallation linux packages. These „deb“ packages consist of specific Asterisk release required to meet the security needs, ready-to-test configuration and guide to follow with correct options to set. Final security possibilities requires hardening on application layer, where Iptables takes its part. „Linux firewall“ as some express Iptables are configured to reflect VoIP system parameters and protect from DoS attacks.
|
host ::
RSS.