Security in Real-Time IP Communications › docs › english › Security_RTIP.pdf · ment that real-time IP communications must be secure also indicates the need for a holistic approach:

Security in Real-Time IP Communications

A white paper on today’s #1information & communication issue

s

November 2004

Contents

Introduction 3

The security challenge 4

Real-time communication concerns 7

How security can be compromised 8

Identifying vulnerable areas 10

HiPath Security Strategy 11

Security-enabled HiPath Products 12

HiPath Security Solutions 14

HiPath Security Services 15

Customer strategies and solutions 16

Conclusions 18

Acronyms used in this paper 19

This white paper focuses on the need to enable robust security mechanisms for real-time

IP communications, the principal medium being telephony. Real-time communications

are essential part of day-to-day operations and the medium is also becoming an integral

part of mainstream business processes. This means that the various mechanisms

must form part of a holistic solution and the resulting solution must be preceded by

a security strategy.

Security issues cannot be addressed via point solutions and there are no easy answers.

Viruses and other threats emerge, mechanisms are implemented, and at later stage

new developments can be expected. Thus, the security strategy has to be on-going

and proactive. The Siemens HiPath Portfolio offers an arsenal of effective weapons to

protect real-time IP communications and IT against security threats.

2 Security in Real-Time IP Communications

s

The business case for real-time IP communications is conclusive. It has the proven

ability to boost profi tability via lower costs, increased personal and workgroup

productivity, and facilitate competitive differentiation. In addition, IP telephony can

become an integral part of many business processes. Thus, many enterprises are

starting to view IP Telephony and other real-time IP applications as cornerstones of

their business communication. This is clearly a positive trend, but it is clear that real-time

communication like voice has to be secured against the kind of issues usually associated

with IT, e.g. Denial of Service (DoS) attacks, viruses, and worms. The need to ensure

that users are identifi ed and authenticated is a related issue, as is the encryption of

traffi c over the Internet, the Intranet, and wireless links.

Security has become a key issue for CIOs and IT Managers. The rather new require-

ment that real-time IP communications must be secure also indicates the need for a

holistic approach: there is little value in addressing unsecured areas via point solutions.

Enterprises need security rings that keep the bad guys out and let the good guys in.

Introduction

This white paper outlines Siemens’ expertise, starting with an examination of the

security challenges that businesses face and the protective mechanisms that can be

employed. This is followed by an overview of Siemens Communications Enterprise

Systems’ and Enterprise Services’ security portfolio, which includes:

¢ security-enabled HiPath Communication products

¢ dedicated security solutions and systems

¢ security services, which include analysis, consulting, building and management.

The paper concludes with an outline of the various steps required to defi ne a security

strategy and a customized solution.

Introduction

Security in Real-Time IP Communications 3

s

There are four reasons why security has become such an important issue:

1) IP Technology and the Internet culture

Internet and intranets are based on open standards and the same communications

protocol (IP). Without the addition of security measures, their interfaces are equivalent

to an open, unguarded door. Open standards make markets and allow millions of people

to share information and resources. That is the positive side of the Internet culture, but

openness and the distributed nature also makes the environment vulnerable to external

and internal security attacks. This has been exploited by hackers. Thus, security is an

intrinsic issue to be addressed by high-tech locks and bolts.

2) Mobility

The mobility paradigm of “anywhere, anytime communications” was the driving force

behind the huge success of cellular telephony. Today we have wireless access to the

Internet, another open environment carrying confi dential information. In this case

security is a real issue and end-to-end solutions are required for mobile professionals

and technicians as well as employees working from home.

3) Ecosystems and outsourcing

Currently enterprises focus on core competences, peripheral activities being provided

by partners, e.g. manufacturing, call centers, or IT. This means that there is a complex

fl ow of information around the ecosystem, i.e. the partners, suppliers, and customers.

Thus, there are more doors that need to be secured against the bad guys without

blocking access to authorized third parties.

4) The need for speed

Many companies operate their businesses around the clock and around the world.

They are “competing in time”, i.e. they compete in a competitive global market where

the ability to conduct business in ”real time” is not only a key differentiator, it may

represent the difference between success and failure. This underlines the importance

of having delay-free business processes (the key factor of the so-called Real-Time

Enterprise (RTE)), so delays caused by security breaches and the resulting loss of

business continuity are unacceptable.

The security challenge



s

5) External regulations (legal, governmental or liability)

Regulations enacted to prevent the fi nancial consequences of attacks, terrorism, or

dubious corporate practices have received widespread attention and media coverage.

This has led to the need for improved confi dentiality generally and for best-of-breed

security solutions, as well as secure and transparent management processes.

Due to the need to run their communications and business processes round the clock

(24 x 7), many companies made considerable investments in high-availability (e.g. 5 x

9) systems. Their value, however, is seriously reduced if a security breach brings them

down for several hours or, even worse, a few days. It is therefore abundantly clear why

security moved to the top of CIO agendas (#2 of CIO business priorities and #1 of CIO

technical priorities, according to Gartner, Nov 2003).

There is no doubt that the time to act for any enterprise relying on IP communications

is now! Waiting is the worst option.

Creating a security strategy is a challenge since there are numerous unknowns. Expect

the unexpected! You do not know what type of attack to expect, the probability of an

attack, when it will happen, or the fi nancial consequence. It is therefore very hard to

quantify the ROI of security solutions. Moreover, security is a moving target: like it or

not, we are in a fast and permanent race between threats and prevention. Another

factor is the dissemination of fear and uncertainty by the media, particularly Internet

news feeds. This means that development of a robust security strategy requires a

The following statistics indicate the importance of security:

Estimates of the cost of security breaches in 2003 worldwide amount to tens

of billions of dollars. Other statistics that will resonate with IT Managers1

include:

Cost of violations to information security in USA:

> $100.000 10% of companies

$10.000 to $100.000 17% of companies

Note that many security breaches are not publicly reported, so in reality the

cost is considerably higher.

Downtimes of servers, applications, and networks in USA due to security

violations:

More than 3 days: 7%

1 to 3 days: 10%

8 to 24 hours 21%1) Source: IT-Security 2003, InformationWeek



s

combination of expertise and experience. And security experts may not be part of

your IT resources. Thus, outsourcing your security requirements must be carefully

considered but might be a conceivable option.

The race has started but the information and communications industry has not been

idle. A number of important security standards have matured and have been or are

being incorporated into products and systems. This is good news. In the meantime

vendors have developed many proprietary solutions. Altogether this means that one is

initially confronted with a confusing list of acronyms and terms, and a zoo of available

security methods and tools.



s

Real-time communication concerns

As mentioned in the introduction, real-time communications have to be secured against

the kind of issues that are usually associated with data applications and services. Today

there are countless potential attackers who know how to attack a data network, its

computers and business applications. Sometimes they are young people who simply

“have fun” while using a trial and error method to crack into a system.

In the past telephony security was a minor issue. Circuit-switched systems could be

threatened by fraud, theft of service, unauthorized use of modems, line interception,

and dial-in administration access, but all in all the problem was under control of the

vendors: except from administration access, the danger was rather restricted to

attackers such as fraudulent employees, criminals, secret service agents, and so on.

They had to burgle their way into PBX equipment rooms or cable cabinets and use

specialized equipment. Telephone security was not a widespread problem because

PBXs were proprietary, closed systems.

Everything changes with the emerging converged communication, when voice and

data employ the same protocol and the same network. In this case, telephony becomes

a real-time IP application that is similar to an IT application. IP PBXs are open systems

typically running MS Windows or Linux, which means that a data-centric attack could

bring the telephone system down, which is very serious. We accept (even have to

assume) data networks to fail from time to time, while many PBXs and the public

network have that famous 5 x 9 (99.999%) uptime record.

Converged IP PBXs are robust platforms that employ traditional circuit-switched telephony

as well as packet-switched VoIP (Voice over IP). Regular phones are connected to the

circuit-switched side and IP phones to the other. The early business case for converged

platforms, which is still valid, was the ease with which they allow IP communications

to be introduced into corporate environments; they facilitated migration and were

less disruptive than the fork-lift alternative. Today, many customers see converged

IP PBXs as a longer-term option, since in case of disruption on the IP side, the regular

phones continue to work internally and externally over the PSTN. Underpinning this,

there have been several well-published examples of large sites where native IP PBXs

were fork-lifted out and replaced by converged platforms.

Real-time communication concerns


s

How security can be compromised

VoIP is a service on a shared data-centric IP network; it can be accessed by users on

the LAN and, directly or indirectly, by mobile users or teleworkers. VoIP signaling for

example (the method to control call setup) uses identifi ed IP Ports (just like many IT

applications), the ports for voice payload are negotiated. This makes telephony systems

more vulnerable. They can and should be protected using data-type mechanisms, but

some attacks require VoIP-specifi c measures.

The convergence of data and voice security is illustrated in fi g.1. The most important

threats to VoIP systems and their remedies are as follows:

Unauthorized access to systems

Unauthorized access may be local or remote. This fundamental issue is addressed using

various security mechanisms. VoIP users and their devices must be authorized and

authenticated, e.g., using the IEEE 802.1x Standard on layer 2. Remote access should

only be allowed over a VPN or with strong authentication. In addition, fi rewalls and/or

PKI (Public Key Infrastructure) should be employed. PKI provides an X.509/certifi cate-

based infrastructure for encryption of IDs and digitally signed documents/messages.

Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) can be used

to recognize or prevent intrusions by identifying unusual traffi c patterns.

Interception/Eavesdropping

The term indicates that the attacker is located between the two end points of a

communications link intending to monitor, record or even manipulate the data stream.

In some cases the attacker might try to take complete control of the link, hence the

term “connection hijacking”, also known as the “man in the middle” manipulation threat.

Interception is addressed fi rst of all by exploiting all network security features, then

Figure 1. Security in a voice-data convergence scenario.

Multimedia-Applicationsand Networks

Yesterday Today Tomorrow

Threats:Spoofi ngDenial of Service (DoS)Sniffi ngHackingVirus, Worm etc.

Threats:Interception/EavesdroppingUnauthorized accessFraudRisk of Outage/DoSManipulation

IP PBX

LAN

Data Networks

Voice Networks

FewInterfaces

SomeInterfaces



s

by higher layer encryption, e.g., using SRTP (Secure Real-time Transport Protocol) for

voice/video payload and TLS (Transport Layer Security) for signaling protection, for both

SIP and H.323 VoIP Standards. WLAN security has been addressed by the IEEE 802.11i

Standard. Traffi c over VPNs (Virtual Private Networks) will normally be encrypted using

IPsec or SSL. Note that SSL VPNs are not recommended for delay-sensitive applications

like VoIP. Network equipment such as routers and switches should also be hardened

in order to prevent ARP (Address Resolution Protocol) spoofi ng.

Fraud

Toll fraud is unauthorized access that makes use of resources without paying for them.

Remedies include use of authentication, use of IDS/IPS non-repudiation mechanisms

for proof-of-service-usage, and separation of the local data network by fi rewalls.

Denial of service

Denial of Service covers actions and events that prevent systems from providing agreed

levels of service to authorized users. A “Load-based DoS” involves bombarding a server

with millions of requests. A “Malformed Request DoS” is a sophisticated protocol

request that exploits a vulnerable area, e.g. in the operating system. Both attacks

impact the availability of resources and could lead to degraded Quality of Service (QoS).

Remedies include using hardened network components and implementing measures

within a protocol engine in the targeted application. Furthermore, IDS/IPS could be

deployed to detect and react upon DoS attacks.

Manipulation

This is unauthorized modifi cation of information (including program code), typically

caused by computer viruses and worms. Remedies include: fi rewalls, PKI, IDS/IPS,

antivirus software, access controls and integrity protection of data.

Protocol attack

A protocol attack exploits vulnerability in VoIP protocols such as SIP or H.323. VoIP

vendors have to provide secure protocol implementations.

Spam

Spam (unsolicited messages) can be used as a vehicle to transfer viruses to recipients

or may block resources resulting in a lower Quality of Service.



s

Identifying vulnerable areas

The following areas of a complete IP Telephony system might be vulnerable: fi rst, the

IP PBXs themselves since they play a business-critical role; and second, the IP network.

Critical areas of an IP PBX are: the communications platform, applications and their

application platform, client devices, and the management software.

Communication platform: the main target of attackers is the operating system. An

attack will typically originate on regular computer servers, i.e. the initial target may

come on the data side. Other attacks maybe DoS and protocol attacks, attacks via remote

access (often on administrator level), etc.. In addition, access points and gateways are

vulnerable and the remedy is similar to that of communication platforms.

Application platform and applications: Critical vulnerabilities of real-time

applications include: intercepting a voice mailbox and abuse of the service by registration

hijacking or toll fraud, and manipulation of statistic or accounting data. Note that the

application platform of an IP softswitch might include mission-critical IT middleware

components like databases or directories.

Clients: IP hard- and softphones should be hardened to make sure that data, voice

streams and authentication cannot be accessed or altered by unauthorized parties. The

obvious objective is to retain baseline telephony in case of an attack. Communications

protocols must be secured, e.g. employ TLS for HTTP, LDAP and signaling, SRTP for bearer

encryption, and replace FTP by alternatives like Secure FTP. When SRTP is implemented

in both parties’ devices, the result is a secure end-to-end voice/video connection. For

IP phones authentication on layer 2 using IEEE 802.1x is highly recommended. If the

devices use an industry-standard client OS, as softphones do, then precautions similar

to those in communication platforms should be taken.

Management software: this will normally manage the user and administrator rights

and the resources. Thus, local and remote administration access (including logon) must

provide strong authentication and traffi c must be encrypted. Software distribution

modules must carefully be protected against fraud and manipulation.

Last but not least, the IP network infrastructure needs to be secure. Network devices

such as routers and switches have to be protected anyway. Note that Siemens HiPath

Systems are basically network vendor-independent, i.e. they can use the network

infrastructure of all major vendors.

Identifying vulnerable areas


s

HiPath Security Strategy

Siemens Communications is playing a leading role, possibly the leading role, in the big

convergence picture. Our IP Communication Systems and real-time, presence-aware

applications set the enterprise communications and security bar. We have defi ned

security as one of the most important preconditions for customers to reach their real-

time IP communication objectives like effi ciency, productivity and mobility.

Siemens is also a very experienced vendor of IT security solutions and services. Many

of the mechanisms employed for real-time IP communication are based on proven IT

technologies and practices. The company is therefore able to combine these two core

competences and offer best-in-class solutions for real-time communications.

The company’s security objectives are:

¢ to be proactive

¢ to deliver best-in-class secured HiPath products

¢ to improve security management process and organization in order to optimize

HiPath Security regarding short reaction times to security alerts and quality

¢ to offer a comprehensive suite of security solutions and services.

Our security portfolio includes the following segments and demonstrates that Siemens

is a highly qualifi ed one stop security shop (Fig. 2):

¢ secured HiPath products by built-in security features

¢ HiPath security solutions to enable customers to customize their security policies

and systems, e.g. employ complementary solutions

¢ HiPath Security Services, to help customers build up and maintain a secure business

environment. We also share internal security experiences with our customers.

Figure 2. Portfolio for protecting and enabling the enterprise.

HiPath Security Strategy


s

Security-enabled HiPath Products

Security Policy

The HiPath Security Policy is a set of rules to ensure on-going security improvements

of HiPath products and solutions. The policy includes: defi ned common security

requirements across the entire portfolio; a security monitoring and patching process;

positioning of security as an integral part of the product development process; and

the distribution of security information. The monitoring and patching process receives

security alerts from, e.g. customers, vendors and security monitoring bodies like CERT

(Computer Emergency Response Team). A customer interface to the monitoring process

provides fast security alerting between customers and Siemens. An inter-departmental

process-driven organization has taken the responsibility for policy execution.

The combination of a robust policy and the virtual organization means that Siemens

can anticipate and prevent security threats quickly, reliably and consistently.


Security is built into all relevant building blocks of IP-enabled HiPath systems and is

still an ongoing process in order to provide:

¢ secure HiPath Communication Platforms including HiPath Gateways

¢ secure HiPath IP Phones and IP Softphones

¢ secure HiPath Applications

¢ secure HiPath MetaManagement.

Security measures implemented in HiPath products include:

l all new HiPath products and new HiPath product versions go through a security

enabling program

l proactive consideration of cross-product security requirements in an early phase

of product development cycle, for example:

ü protection against viruses, worms and DoS attacks, i.e. hardening of HiPath

products

ü protection against illegal use of resources, misconfi guration, and interception,

e.g. avoiding clear text protocols like Telnet, FTP; securing passwords used

for log-ins or transmissions; prevention against call charge fraud; voice

encryption

ü securing of protocol implementations

l security certifi cation by a quasi-neutral Siemens body

l software updates in case of actual critical vulnerabilities

l adoption of relevant security standards.

The portfolio of built-in security functions in HiPath products will include:

¢ hardened HiPath Platforms

¢ support of payload encryption using SRTP and signaling encryption using TLS in

the most important gateways and IP phones



s

¢ support of IEEE 802.1x Authentication in IP hard- and softphones

¢ H.235 Security Annex D (Base line Security Profi le) for authentication of IP phones

and message integrity of the data stream

¢ VPN support based on IPsec by selected gateways for IP trunking and by selected

IP softphones

¢ HiPath Applications: authenticated administrator/user access, encrypted storage

and transfer of sensible data, and usage of secure protocols of relevant security

standards

¢ OpenScape: Kerberos-based user authentication, presence notifi cations and instant

messaging restricted to closed user groups, SIP signaling and Instant Messaging

encryption using TLS and payload encryption for IP phones using SRTP

¢ HiPath MetaManagement: authenticated and encrypted administrator access, e.g.,

secured browser-based remote access, and secure management protocols

¢ HiPath Deployment Service (DLS) offering software upgrading of clients is protected

by access control using passwords and https encryption of software downloads

¢ support of WLAN security as mentioned below.

WLANs are being increasingly used for real-time communications and can be seen

as a natural extension of a wireline HiPath network. Details on the company’s WLAN

solution can be found in the white paper “Enterprise-grade Voice over Wireless LAN”.

WLANs continue to be perceived as insecure for reasons that are mainly historic, e.g.

security was weak and access points shipped with the security mechanism turned off.

The reason is simple: they were not designed for the task they ended up performing.

This issue is addressed by the new security standard IEEE 802.11i, which was ratifi ed in

June 2004, and standard-compliant access points can be expected in late 2004. This is a

very positive development, however, access points that were installed before this date

will be insecure if they are only protected by WEP. There was a pre-standard security

protocol known as WPA (Wi-Fi Protected Access) that includes 802.1x Authentication

and this is generally considered to be robust.



s

http://www.siemens.com/Daten/siecom/HQ/ICN/Internet/Enterprise_Networks/WORKAREA/kasprzyk/templatedata/English/document/binary/whitepaper_WLAN_e_1196903.pdf

HiPath Security Solutions

Siemens’ comprehensive portfolio of dedicated security solutions and products

addresses IT and communication security concerns as well as physical access, and is

independent of the network vendor. The fl exibility has facilitated vertical solutions in

several areas, e.g. in healthcare, education and government.

The portfolio (see Fig. 3) is a comprehensive array of solutions under the umbrella

name “HiPath SIcurity”:

¢ Network and Systems Security Solutions based on various building blocks like

fi rewalls, virtual private networks (VPNs), and antivirus components

¢ Solutions based on smart cards. These are used to control access to systems and

networks as well as buildings, departments and rooms. They include single sign-on,

smart-card production, smart card device operating system, etc. The solutions can

be integrated into a Public Key Infrastructure

¢ Solutions for Identity and Access Management. Used to ensure robust control of

users and their privileges. In an Identity Management Solution authorized individuals

receive their access rights at the designated times. An Identity Management System

is required in order to maintain an ID database, assign rights to those IDs, and

authenticate employees and third parties such as business partners when they

access important corporate resources.

Figure 3. Key examples from HiPath Solutions and Services Portfolio .

HiPath Security Solutions


s

HiPath Security Services

There are three reasons why security services are as important as secured products

and security tools. One, this is a relatively new and complex subject that requires

considerable know-how and experience. Moreover, the environment is very dynamic;

new threats arise with unfortunate regularity. Two, a managed outsourced service

brings peace of mind and allows IT management to focus on the enterprises’ core

business. And three, qualifi ed security personnel is scarce, as evidenced by the fact that

60% of North American midsize businesses don’t have a dedicated security resource

(Gartner Dataquest, Nov 2003).

Siemens Communications’ Enterprise Security Services are targeted to build and

maintain best-in-class security of customer communications and IT infrastructures by

a complete suite of services from consulting up to managed security services. Siemens

takes advantage of its experience in voice and data networks and IT Management

Services.

The Security Services portfolio includes:

¢ Security Analysis and Consulting: professional services covering IT and real-time

communication security, like security frameworks, security assessments and

designs, risk analysis, ROI analysis, as well as security certifi cation according to

British/International Security Standard BS 7799/ISO 17799 (Fig. 3)

¢ HiPath product-related security services: professional services for HiPath related

applications and solutions, covering security aspects in every phase of the real-time

communication deployment (consult, design and build)

¢ Managed Security Services, including cyclic security assessment of installed HiPath

Products and Solutions.

HiPath Security Services


s

Customer strategies and solutions

Siemens has recognized that most enterprises want to defi ne and implement their

own security policies and solutions. They want modular solutions, enabling them to

adopt real-time IP communication to their own existing security strategy. To date, there

are still many enterprises that have not started to include real-time communication.

However, they have become increasingly aware that earlier security issues were

addressed individually and this resulted in a set of ‘island’ solutions. This approach

cannot handle the increasing variety of threats and a proactive and holistic strategy

is required. Enterprises have to take the lead in the race between security threats

and security prevention. A recent message from Gerhard Eschelbeck, Qualys Inc., at

Blackhat Conference, Las Vegas, July 2004, says that companies are taking typically

62 days (!) to patch internal vulnerabilities and are still struggling to protect systems

against external attacks.

To build an effi cient and effective security strategy companies need to

1) take a holistic view; defi ne security as a cross-organizational task

2) identify all potential threats and understand the prevention mechanisms.

Recognize that people are often the weakest link in the security chain

3) start with a careful risk analysis and a defi nition of security requirements

4) make a systematic evaluation of existing security solutions

5) defi ne a robust security policy (including rules, risk vs. investment, security

management processes, etc.)

6) create a realistic plan for securing the network infrastructure (needed anyway

for IT security). Consider network design opportunities (e.g. VLAN separation

of voice and data) and the deployment of converged IP/TDM platforms

7) evaluate the merits of different VoIP scenarios, e.g. campus VoIP, trunking,

IP-WAN and Internet Service Provider-supplied links, WLAN

8) leverage existing IT security know-how

9) evaluate offers of vendors with extensive, hands-on experience like Siemens

10) check the building blocks of the proposed solution; are they “security-certifi ed”;

how were they tested?

11) establish an event-driven security management (if not in place for IT

security)

12) improve security mindshare throughout the enterprise and communicate the

impact of failure to comply with corporate policy

13) defi ne worst case scenarios and be prepared for the worst to happen

14) don’t lean back! Recognize the ongoing race between threats and prevention

Do it! Your enemy will not waste any time! Will you?



s

The holistic view mentioned above shall include a “Layered security architecture” model.

It is a technical strategy of protection by layered rings of defense perimeters, with

different measures placed at each level of the system. An example is given on the title

page (many attacks may be thwarted at the outer ring, but inner rings may also thwart

attacks from the outside and the inside):

1) Real-time IP communication, being the core object to be secured

2) Applications Layer: includes the application entities to be secured, like real-time

IP communication applications, messaging, or IT application programs

3) Resources Layer: includes PBX systems incl. PBX Management, operating systems,

network infrastructure, clients

4) Security & Access Management Layer: controls/enables the data traffi c to resources

and applications, using, e.g., fi rewalls, intrusion detection or prevention systems,

smart-card applications, single sign-on, VPN

5) Perimeter Layer: contains infrastructures controlled by other parties, e.g. service

provider domains with VPNs

6) Customer & Partner Layer: includes domains of customers and business partners

involved in common business processes and who must spend additional efforts to

protect processes, applications, or resources.



s

Conclusions

Security is today’s #1 information & communication issue and mandatory for business

continuity. Attacks are growing in number rapidly and they are becoming increasingly

sophisticated. They exploit many of the developments that have given us a dynamic

business environment, e.g. open systems, wireless communications, a mobile workforce

and outsourcing. But holistic security solutions that keep the bad guys out and let

the good guys in are even more sophisticated, i.e. they work. However, security is an

on-going issue so constant vigilance is required and the security solutions must be

maintained continuously.

The need for comprehensive, holistic security is relatively new and any meaningful

solution must be holistic since the whole I & C spectrum is open to attack. The inevitable

result is a shortage of security expertise within many if not most organizations. An

expertise cannot be acquired by closing doors after an attack has been made: by then

it is too late. Thus, there is a very real need for informed, objective, in-depth analysis

and solution competence from companies such as Siemens.

The company’s expertise covers that I and C spectrum and in the area of real-time

communications we are market leader. In addition, Siemens has merged two large

communications divisions into one, a move that will ensure that the company continues

to offer and deliver best-in-class security solutions and services in the convergence

space, i.e. real-time communications and IT as well as the fi xed-mobile convergence.

.

Conclusions


s

Acronyms used in this paper

DoS Denial of Service

I & C Information and Communication

IPsec IP Security Protocol

OS Operating system

Phishing (= password fi shing), a threat by fraudulent emails

PKI Public Key Infrastructure

PSTN Public Switched Telephone Network

ROI Return on Investment

Spam undesired email. Not a dedicated security threat, but emails can be used as

a vehicle to transfer viruses to recipients

SRTP Secure Real Time Protocol

SSL Secure Sockets Layer

TLS Transport Layer Security

VPN Virtual Private Network

© Siemens AG 2004 • Communications • Hofmannstr. 51 • D-81359 München

The information provided in this white paper contains merely general descriptions or characteristics of performance which in case of

actual use do not always apply as described or which may change as a result of further development of the products. An obligation

to provide the respective characteristics shall only exist if expressly agreed in the terms of the contract. Availability and technical

specifi cations are subject to change without notice. Printed in Germany.


s

Documents

Security in Real-Time IP Communications › docs › english › Security_RTIP.pdf · ment that real-time IP communications must be secure also indicates the need for a holistic approach: