VoIP Security

Courses: Data Networks
  • Course:VoIP Security
  • Course ID:VOIPSEC Duration:2 days Where: Your Office (7+ Persons)
  • Available as a private, customized course for your group at your offices or ours and in some cases as a WebLive(TM) class.

  • Download Course Description (PDF)

Course Outline

  • VoIP Security: An Introduction
    • Overview of VoIP security challenges
    • How VoIP relates to overall data security strategy
    • How VoIP relates to traditional telecom security
    • Introduction to the OSI model
    • Learning VoIP security using the OSI model: An introduction
    • VoIP architectural vulnerabilities
  • Physical Layer Security
    • Cabling and devices
    • Data center and server access, etc.
    • Endpoints
  • Data Link Layer Security
    • Firewalls and NAT’s
    • DoS Attacks
  • Transport Layer Security
    • Digest authentication
  • Session Layer Security
    • Protocols
      • SIP standard and attacks
      • H.323
      • IETF RFC VoIP standards
    • Application-level security vulnerabilities
      • Vendor-specific issues
    • Encryption
  • Presentation Layer Security
    • Rights and access levels
  • Application Layer Security
    • Password issues with VoIP and applications
    • User authentication
    • Remote system access issues
  • Network Security Issues and VoIP
  • Gateway Security
    • MGCP
    • Megaco/H.248
  • Network Policies and Security Management
  • Security Best Practices
    • Security audit methods
    • Vendor management
    • Testing systems and devices: Available tools
  • Wrap-up: Summary, Q/A, and Evaluations
Course Overview

Course in a Nutshell

Security is a concern for every company at every level. The wide adoption of VoIP and new protocol standards has introduced many new issues. For most enterprises, the adoption of VoIP is a migration path – a fact that contributes to increased complexity for the IT security personal and network administrators. VoIP introduces new systems, vendors, applications, servers, operating systems, and the like. The introduction of media gateways to handle traditional telephony converted to VoIP on the data network introduces security management challenges on the network. If not using media gateways, organizations are adopting VoIP providers that carry traffic on an IP network connection. This course will help you understand the issues of VoIP security on all levels of the network. We will follow the OSI model to ensure that all levels are covered. We will begin by learning the technical concepts related to network security. We will then study the protocols such as SIP and H.323 on the IP network. We will conclude with a discussion of the policies and procedures that enhance VoIP security.


Customize It!

  • Are you involved with commercial or military deployment planning for VoIP? Depending on your background and job, we can tailor the course to focus on the technical or managerial issues.
  • Are you a network engineer or administrator who would like to “fill in the holes” and catch up with the state-of-the-art of security planning? Let us know so we can focus on the areas that interest you the most.
  • Are you a VoIP network or application installer who would like to learn the security concepts and theory that underlie your craft? We can focus on the tools and techniques that will help you become more “tech savvy” on VoIP security issues.
  • Are you a manager, executive, or sales person whose work involves VoIP security systems? If so, we can emphasize those parts of the course that deal with policy management, vendor audits, and procedural security issues.


Learn How To

  • Learn how to evaluate your VoIP security concerns on all levels
  • Understand the key components of the OSI model as they relate to VoIP security planning
  • Discern security vulnerabilities of SIP and other popular VoIP protocols
  • Design for secured network communications by understanding protocol level attack methods
  • Formulate global policies for managing VoIP security
Audience / Prerequisites

Aimed At

Network security planning teams, network administrators, IT and telecom engineers, and IT security management. This course is also beneficial for the homeland security community and crime prevention/investigation officers.



Before taking this course, you should have completed either of the two courses listed above or possess equivalent experience.

Related Courses
  • "Very good course, up-to-date with current and future technology. Good speaker, great stories and examples, good listener, too. Just the right amount of content." – KP, Associate, Technical Services Organization