SIP Security
- SIP Security: An Introduction
- SIP security challenges: An overview
- How SIP security fits into the overall data security strategy
- How SIP security relates to the traditional telecommunications security
- Discussion of the SIP protocol using the OSI model
- SIP’s architectural vulnerabilities
- Physical Layer Security: Discussion of Security Factors of SIP Endpoints (Telephones)
- Configuration files
- Tools for loading configuration files
- User access levels
- Other security factors
- Data Link Layer Security
- Firewalls and NAT’s
- SIP architecture and potential threats that are handled by the firewall
- Denial of Service (DoS) attacks
- DoS attacks on SIP network components
- DoS risk mitigation
- Transport Layer Security: Digest Authentication and SIP
- How it is implemented in the SIP protocol
- How it is used against threats or attacks.
- Session Layer Security
- Security vulnerabilities of the SIP protocol
- SIP standard and attacks
- IETF and security standards
- Application-level security vulnerabilities
- General
- Vendor-specific issues for the leading vendors
- Encryption issues for SIP
- Encryption as it relates to SIP
- Tradeoff between real-time processing requirements and security
- Presentation Layer Security: Rights and Access Levels
- Application Layer Security: Load Balancers, Proxy Servers, Media Servers, etc.
- Securing SIP architecture components
- Password issues with SIP and applications
- User authentication
- Remote system access issues
- SIP-T (SIP Trunking)
- Architecture
- Protocol and formats
- Vendor/carrier Issues and variations
- Network Security Issues and SIP
- New vulnerabilities related to SIP messages on the network
- How SIP fits into the current network security plans and designs
- Security of Gateways, One of the Most Vulnerable Elements of SIP design
- Security Best Practices Related to the SIP Protocol
- Security audit methods
- Vendor management
- Testing systems and devices: Available tools
- Wrap-up: Course Recap, Q/A, and Evaluations
