[VOIPSEC] VOIP and IDS

Mark Teicher mht3 at earthlink.net
Tue Jul 12 16:17:21 CDT 2005 

SecureLogix has a solution that is called Enterprise Telephony Management that is client/server/appliance based.
Voice IPS is not exactly how I would define their product, but more policy centric based, very stateful firewalish, The product has the ability to produce nice looking CDR reports, and 50 or 60 so other pre-defined reports.  
The ability to create custom reports, but it still requires a person(s) or Security/Telecommunication department with a thorough understanding of their telecommunication/data infrastructure to best utilize/tune//return on investment  on the solution.  Their technology is based on call detection (i.e. is this call a {data|modem|modem energy|fax|STU|STUIII| etc, then one can create rules based on the type of call, duration, particular times, volume, etc, etc.  

SecureLogix ETM 5.0 recently introduced some new features that encompass or account for VoIP Coverage but not on all VoIP products 

Cisco, Nortel is fully supported and other vendors are slowly being supported based on how helpful and willing those other vendors are with equipment and such to assist in full interoperability testing with SecureLogix.

/cheers

/m

-----Original Message-----
From: Chris Moore <chris.moore at u4eatech.com>
Sent: Jul 12, 2005 4:34 PM
To: scottbeverly at mercuryrm.com, 'Henrik Ingo' <henrik.ingo at sesca.com>
Cc: "'Smith, Donald'" <Donald.Smith at qwest.com>, Voipsec at voipsa.org
Subject: RE: [VOIPSEC] VOIP and IDS

You should look into "Secure Logix" (http://www.securelogix.com/) they have
something like this (call pattern recognition) and I believe they are
adding(added?) VoIP support..


-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Scott Beverly
Sent: Tuesday, July 12, 2005 6:46 AM
To: Henrik Ingo
Cc: Smith, Donald; Voipsec at voipsa.org
Subject: Re: [VOIPSEC] VOIP and IDS

What I was envisioning was something with a learning engine that can
learn to understand patterns in usage.  This is more what I thought the
original poster was interested in using for an anti-fraud type thing.  I
don't know, but I suspect that credit card companies have been using
this kind of AI for years to spot fraud in card usage.  This type of
thing wouldn't be as interested in a packet flow like an IDS but more in
the billing records or call authorization accounting.

Scott...

On Tue, 2005-07-12 at 09:22 +0300, Henrik Ingo wrote:
> Thanks for your answer...
> 
> Smith, Donald wrote:
> > Sir, I would recommend you forward your question to the snort developers
> > list.
> > snort-devel at lists.sourceforge.net
> > 
> 
> Sure, I realise that, but in the end I'm more interested in the SIP and 
> VOIP part and IDS in general, snort just being one case of IDS.
> 
> > In general snort handles stateful type connections via a preprocessor.
> > That is how fragments, long running scans etc... are handled.
> > 
> > I think it would be interesting to have a H323 or SIP snort preprocessor
> > someone on the developers list might agree:)
> > As for gsm type discovery of anolomies you would have to maintain a LOT
> > more information but it should be possible.
> 
> Hence the question. If a system is set up to recognize things like "some 
> packets during the last minute amount up to scan X" it might not be 
> suitable for things like "last months calls add up to a rather sizeable 
> bill". Also that kind of "phone network" IDS might actually be more 
> feasible to do in concert with the SIP proxy and backend database, 
> rather than sniffing the network and storing the same data in the IDS 
> (snort or otherwise) system.
> 
> henrik
-- 
Scott Beverly
Mercury Risk Management
scottbeverly at mercuryrm do t com

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


"The Truth Lies at the Heart of the Art of Combat.  Once it is mastered, Though shall fear no one, though the devil himself may bar thy way...."

More information about the Voipsec mailing list