Individual Assignment

Fraud monitoring system for voip or ip telephony

Name: M.Abdullah -Al -Mamun ID# 062507056

Faculty: Dr. Mashiur Rahman

ETE- 605 Sec- 2

Semester: Spring 2008 Date: 15/04/2008

Table of contents 1. Introduction 2. Voice over IP Connections and communications 3. what type of illegality can be occurred 4. What will Fraud management do 5. Deep Packet Inspection 6. PTS Deployment for BTTB 7. Security Operations Services 8. Conclusion 9. Sources and references

Acknowledgments This document has benefited from review and comment by many experts. I particularly want to thank, Sandvine International, Dr. Moshiur Rahman and BTRC for many contributions to improving the quality of this case study. First part of this document is derived what is VoIP, than what type of illegality can be occurred and finaly the fraud management system developed and derived by sandvine international.

Introduction

What is voip: voIP (pronounced voyp or vip) is the name of a new communications technology that changes the meaning of the phrase telephone call. VoIP stands for voice over Internet protocol, and it means “voice transmitted over a computer network.” Internet protocol (IP) networking is supported by all sorts of networks: corporate, private, public, cable, and even wireless networks. Don’t be fooled by the “Internet” part of the acronym. VoIP runs over any type of network. Currently, in the corporate sector, the private dedicated network option is the preferred type. For the telecommuter or home user, the hands-down favorite is broadband. You can access your account on the VoIP network by a desktop telephone, a wireless IP phone (similar to a cell phone), or the soft screen dial pad of your laptop or desktop computer. What is Fraud: In criminal law, fraud is the crime or offense of deliberately deceiving another in order to damage them – usually, to obtain property or services unjustly. Fraud can be accomplished through the aid of forged objects. In the criminal law of common law jurisdictions it may be called "theft by deception," "larceny by trick," "larceny by fraud and deception" or something similar. History of VoIP: Voice over Internet Protocol has been a subject of interest almost since the first computer network. By 1973, voice was being transmitted over the early Internet. The technology for transmitting voice conversations over the Internet has been available to end-users since at least the early 1980s. In 1996, a shrink-wrapped software product called Vocaltec Internet Phone (release 4) provided VoIP along with extra features such as voice mail and caller ID. However, it did not offer a gateway to the PSTN, so it was only possible to speak to other Vocaltec Internet Phone users. In 1997, Level 3 began development of its first soft switch (a term they invented in 1998); soft switches were designed to replace traditional hardware telephone switches by serving as gateways between telephone networks.

Voice over IP Connections and communications: Voice over IP – the transmission of voice over packet-switched IP networks – is one of the most important emerging trends in telecommunications. As with many new technologies, VOIP introduces both security risks and opportunities. VOIP has a very different architecture than traditional circuit-based telephony, and these differences result in significant security issues. Lower cost and greater flexibility are among the promises of VOIP for the enterprise, but VOIP should not be installed without careful consideration of the security problems introduced. Administrators may mistakenly assume that since digitized voice travels in packets, they can simply plug VOIP components into their already-secured networks and remain secure. However, the process is not that simple. This publication explains the challenges of VOIP security for agency and commercial users of VOIP, and outlines steps needed to help secure an organization’s VOIP network. VOIP security considerations for the public switched telephone network (PSTN) are largely outside the scope of this document. VOIP systems take a wide variety of forms, including traditional telephone handsets, conferencing units, and mobile units. In addition to end-user equipment, VOIP systems include a variety of other components, including call processors/call managers, gateways, routers, firewalls, and protocols. Most of these components have counterparts used in data networks, but the performance demands of VOIP mean that ordinary network software and hardware must be supplemented with special VOIP components. Not only does VOIP require higher performance than most data systems, critical services, such as Emergency 911 must be accommodated. One of the main sources of confusion for those new to VOIP is the (natural) assumption that because digitized voice travels in packets just like other data, existing network architectures and tools can be used without change. However, VOIP adds a number of complications to existing network technology, and these problems are magnified by security considerations. Quality of Service (QoS) is fundamental to the operation of a VOIP network that meets users’ quality expectations. However, the implementation of various security measures can cause a marked deterioration in QoS. These complications range from firewalls delaying or blocking call setups to encryption-produced latency and delay variation (jitter). Because of the time-critical nature of VOIP, and its low tolerance for disruption and packet loss, many security measures implemented in traditional data networks are simply not applicable to VOIP in their current form; firewalls, intrusion detection systems, and other components must be specialized for VOIP. Current VOIP systems use either a proprietary protocol, or one of two standards, H.323 and the Session Initiation Protocol (SIP). Although SIP seems to be gaining in popularity, neither of these protocols has become dominant in the market yet, so it often makes sense to incorporate components that can support both. In addition to SIP and H.323

there are also two further standards, media gateway control protocol (MGCP) and Megaco/H.248, which may be used in large deployments for gateway decomposition. These standards may be used to ease message handling with media gateways, or on the other hand they can easily be used to implement terminals without any intelligence, similar to today’s phones connected to a PBX using a stimulus protocol. Packet networks depend for their successful operation on a large number of configurable parameters: IP and MAC (physical) addresses of voice terminals, addresses of routers and firewalls, and VOIP specific software such as call processing components (call managers) and other programs used to place and route calls. Many of these network parameters are established dynamically every time network components are restarted, or when a VOIP telephone is restarted or added to the network. Because there are so many places in a network with dynamically configurable parameters, intruders have a wide array of potentially vulnerable points to attack. Firewalls are a staple of security in today’s IP networks. Whether protecting a LAN or WAN, encapsulating a DMZ, or just protecting a single computer, a firewall is usually the first line of defense against would be attackers. Firewalls work by blocking traffic deemed to be invasive, intrusive, or just plain malicious from flowing through them. Acceptable traffic is determined by a set of rules programmed into the firewall by the network administrator. The introduction of firewalls to the VOIP network complicates several aspects of VOIP, most notably dynamic port trafficking and call setup procedures. Network Address Translation (NAT) is a powerful tool that can be used to hide internal network addresses and enable several endpoints within a LAN to use the same (external) IP address. The benefits of NATs come at a price. For one thing, an attempt to make a call into the network becomes very complex when a NAT is introduced. The situation is somewhat similar to an office building where mail is addressed with employees’ names and the building address, but internal addressing is handled by the company mailroom. There are also several issues associated with the transmission of voice data across the NAT, including an incompatibility with IPsec. Although the use of NATs may be reduced as IPv6 is adopted, they will remain a common component in networks for years to come, so VOIP systems must deal with the complexities of NATs. Firewalls, gateways, and other such devices can also help keep intruders from compromising a network. However, firewalls are no defense against an internal hacker. Another layer of defense is necessary at the protocol level to protect the voice traffic. In VOIP, as in data networks, this can be accomplished by encrypting the packets at the IP level using IPsec, or at the application level with

secure RTP, the real-time transport protocol (RFC 3550). However, several factors, including the expansion of packet size, ciphering latency, and a lack of QoS urgency in the cryptographic engine itself can cause an excessive amount of latency in the VOIP packet delivery. This leads to degraded voice quality, again highlighting the tradeoff between security and voice quality, and emphasizing a need for speed. VOIP is still an emerging technology, so it is difficult to develop a complete picture of what a mature worldwide VOIP network will one day look like. As the emergence of SIP has shown, new technologies and new protocol designs have the ability to radically change VOIP. Although there are currently many different architectures and protocols to choose from, eventually a true standard will emerge. Unless a widely used open standard emerges, solutions will be likely to include a number of proprietary elements, which can limit an enterprise’s future choices. The most widely used of the competing standards are SIP and H.323. Some observers believe that SIP will become dominant. Major vendors are investing an increasing portion of their development effort into SIP products. An extension of SIP, the SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) standard, is being incorporated into products that support Instant Messaging. Until a truly dominant standard emerges, organizations moving to VOIP should consider gateways and other network elements that support both H.323 and SIP. Such a strategy helps to ensure a stable and robust VOIP network in the years that come, no matter which protocol prevails. Designing, deploying, and securely operating a VOIP network is a complex effort that requires careful preparation. The integration of a VOIP system into an already congested or overburdened network could create serious problems for the organization. There is no easy “one size fits all” solution to the issues discussed in these chapters. An organization must investigate carefully how its network is laid out and which solution fits its needs best. In recent years, a new way to connect to the PSTN has cropped up. Companies are using PRIs, T1, and other technologies to connect to the PSTN, and then resell those connections to consumers. The users connect to the companies offering these connections through Voice over IP technologies. By so doing, we can skip dealing with LECs completely. This service is called Origination and Termination. Through these services, we can receive a real telephone number, with the area code depending on what the provider has access to. Not all providers can offer numbers in every locality. This means that our number could be long distance from our next-door neighbor, yet local to someone in the next state. The advantage of this, however, is that the provider will route most of the calls over their VoIP infrastructure and will then use the PSTN when they get to their most local point at the receiving end, which can mean that long distance charges are dramatically reduced. If we call a variety of countries, states or cities it can be worthwhile to research a provider that offers local PSTN access to the areas we call most. The rates per minute are usually very attractive. Often, long distance is at the same rate as local calls. One thing to watch out for is that some providers charge

for incoming minutes, much like on a cellular telephone, and some providers also charge for local calls. Another thing to be aware of is that some providers require that you use their Analog Terminal Adapter (ATA). This means that they will send you a box that you plug into the Internet, which speaks Voice over IP. Then, you have a POTS line to connect a phone (or Asterisk) to. Voice over IP makes sense in many installations. But for the quality to be acceptable, a reliable Internet connection with low latency is required. Another thing to watch out for is jitter. Jitter refers to the variation in latency from packet to packet. Most protocols can handle latency a lot better if it is constant throughout the call. what type of illegality can be occurred:

• Illegal generating and terminating of VoIP calls • Less QOS • Network Traffic jamming

What will Fraud management do:

• Stop illegal VoIP usage • Allow licensed VoIP usage • Monitor VoIP services • Set the traffic policy for better VoIP service • CDR for usage billing

Deep Packet Inspection: Deep Packet Inspection (DPI) is a packet filtering technology that examines not only the header part but also the data part of a through-passing packet, searching for non-protocol compliance or predefined criteria to decide if the packet can pass. This is in contrast to shallow packet inspection (usually called just packet inspection) which just checks the header portion of a packet. DPI-based policy solutions offer a truly flexible approach to manage today’s VoIP based upon the national regulatory requirements. The leading provider of intelligent broadband network solutions for the industry’s most powerful platform enabling per-subscriber DPI-based policy solutions to solve both business and technology challenges in the world’s largest broadband networks

fig 1: DPI inspection

• Proven application identification and traffic shaping • Flexible network deployment options • Advanced reporting including VoIP analysis • Recognize True Scalability • Leading Redundancy Options • Seamless Integration • Gain Control and Visibility

Enhanced DPI Signature Analysis: Recognizes protocol identifiers anywhere within a TCP packet, across multiple TCP packets and even using UDP control messages. Flexible processing ensures that we can address new techniques as application protocols continue to evolve in the future. Real-time Behavioral Analysis: characterizes traffic by application categories through a real-time comparison with defined behavior thresholds. Service providers can immediately control unwanted traffic behavior that is affecting reliable network operation and service quality.

fig 2: Bandwidth by protocol

fig 3: VoIP Bandwidth by protocol

fig 3: VoIP call by provider by protocol

PTS Deployment for BTTB: For a customized solution for BTTB we will need to know 1. The network topology 2. The bandwidth 3. The exact solution requirements Policy Traffic Switch (PTS) enables service providers to apply different traffic policies for voice calls originating or terminating on the public network. Restrict selective VoIP services that provide domestic or international connections to the PSTN network

fig 5:Detailed Drill Down, Network Provider, VoIP Provider, Subscriber Security Operations Services:

• Attack monitoring, analysis, and classification: determines the nature of the attack and identifies specific remedies in real time.

• Behavior detection and signature updates:

may be automated or as designated by the service provider.

• Security research and test lab: delivers in depth traffic analysis to discover hidden and emerging threats, provides 24X7 monitoring and attack response.

Cans spam: Spam trojan mitigation arms service providers with a network-based approach to eliminating all malicious worm and spam trojan traffic on service provider networks Kills worms: Network-based worm mitigation attacks worms at all five stages of their development, effectively shutting down worm/DoS traffic.

Prevents DoS attacks: Network-based DoS mitigation protects the subscriber experience by filtering DoS attacks and eliminating malicious traffic while allowing all legitimate requests to proceed through the network. Defends servers: Protects inherently vulnerable mail servers and prevents DNS poisoning by stopping illegitimate requests before they become a threat to subscribers and the network. Cleanses network: Security Operations team provides ongoing analysis to ensure optimal network health and distant warning in the event of an attack. Sandvine’s visibility into global service provider networks acts as a 'network telescope,' uncovering malicious traffic threats before they spread around the globe. Conclusion: If we consider the physical security is managed than this web base solution is a smart monitoring and control tool for BTRC or any other lawful authority/ This can be the ultimate solution for VoIP management in Bangladesh. DPI based solution provides the total transparency needed to manage VoIP according to set policies. Policy Traffic Switch can stop the illegal use of VoIP while optimizing bandwidth for licensed VoIP in Bangladesh.

Sources: IETF http://www.ietf.org SIP Forum http://www.sipforum.org 3rd Generation Partnership Project http://www.3gpp.org SIP Working Group http://www.softarmor.com/sipwg SIPPING Working Group http://www.softarmor.com/sipping ETSI TISPAN http://portal.etsi.org/tispan References: Ericsson – ‘Combinational services – the pragmatic first step toward all-IP’, published in Ericsson Review No.2, 2003 Sandvine intervational