VoLTE Security Training

VoLTE Security Training

Print Friendly, PDF & Email

Introduction:

VoLTE Security Training course with Hands-on Labs – (Online, Onsite and Classroom Live)

VoLTE Security Training covers all VoLTE security and insecurity aspects of voice, video and multimedia solutions in LTE, EPC and IMS networks. Voice over LTE (VoLTE) is an integrated and essential foundation for the future of mobile service provider business models in transition from 2G and 3G networks to LTE and VoLTE. Migration to VoLTE will have performance, interoperability, security, signaling, and billing challenges for the mobile operators and need to be addressed.

Duration: 2 days

Related Courses

Customize It:

  • If you are familiar with some aspects of this VoLTE Security Training course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the VoLTE Security Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the VoLTE Security Training course in manner understandable to lay audiences.

VoLTE Security Training – Audience / Target Group:

The target audience for this VoLTE Security Training course:

  • IT managers, network engineers, telecom managers, security managers, IT auditors, project managers, analysts, security engineers, security administrators, or any technical professional working with or planning to work with commercial and government based VoLTE technologies including: Security professionals, incident handling teams, penetration testers, auditors, network security planning teams, network administrators, IT and telecom engineers, and IT security management. This course is also beneficial for the homeland security community, DoD and crime prevention/investigation officers.

VoLTE Security Training – Objectives:

Upon completing this VoLTE Security Training course, learners will be able to meet these objectives:

  • Understand LTE, IMS and VoLTE
  • Learn VoLTE security issues
  • Identify VoLTE security features
  • Evaluate VoLTE security
  • Understand the threats and security holes with VoLTE call control protocols
  • Identify IMS and SIP Security Features and learn how to configure and administer those features
  • Learn SIP security issues including Port usage risk, firewall inspection, and NAT configurations
  • Examine VoLTE best practices to support risk mitigation
  • Examine VoLTE management tools and best practices to support risk mitigation
  • Learn how NAT, STUN, TURN, ICE, IMS security nodes and firewalls impact call setup, media streams, latency, and application level gateway
  • Understand SIP NAT Traversal
  • Examine how to overcome NAT issues using STUN, TURN, and ICE
  • Examine cryptographic protocols, Datagram Transport Layer Security (DTLS) protocol, Secure Real-time Transport Protocol (SRTP) protocol and Session Description Protocol Security Descriptions (SDES) protocol

VoLTE Security Training – Course Syllabus:

Overview of Voice over LTE (VoLTE)

  • Traditional Mobile Systems
  • VoLTE network architecture
  • VoLTE protocols
  • VoLTE signaling, media and supporting protocols
  • VoLTE support protocols
  • VoLTE proprietary protocols
  • VoLTE media protocols

VoLTE Security Issues

  • VOLTE Risks, Threats, and Vulnerabilities
  • Confidentiality and Privacy
  • Integrity Issues
  • Availability and Denial of Service
  • Proxy Servers
  • Encryption Issues and Performance
  • Existing Security Features within the SIP Protocol
  • Authentication of Signaling Data using HTTP Digest Authentication
  • S/MIME Usage within SIP
  • Confidentiality of Media Data
  • TLS usage within SIP
  • IPSEC usage within SIP
  • Security Enhancements for SIP
  • VoLTE scenarios through protocols
  • Application-Layer Gateways (ALG’s)
  • Session Border Controllers (SBC’s)

VoLTE Attack Vectors

  • Mobile network to the attacker
  • VoLTE Security Threat Overview
  • LTE, IMS, IP and Voice Network Designs
  • Types of attacks
  • Denial of Service (DOS)
  • TCP/IP insecurity
  • Eavesdropping
  • Sniffing/Snooping/Wiretapping
  • Quality of Service Issues
  • Quality of Service Implications for Security
  • Best Practices
  • Hacking terminal equipment identity (IMEI) of a called party
  • Leaking geolocation information of a callee
  • P-CSCF and Session Border Controller (SBC)
  • DDOS attack from mobile terminals
  • Dealing with Attacks
  • Integrity, Confidentiality, Authentication and Non-repudiation
  • Eavesdropping
  • Jamming
  • Active modification
  • Toll stealing
  • Unauthorized Access
  • Toll Fraud
  • Application Layer Attack Mitigation
  • Secure VoLTE protocols
  • DTLS, S/MIME, SIP over IPSec, and SIP identity
  • VoLTE supporting infrastructure

VoLTE Defense and Mitigation

  • Hardened SBC DDOS handling
  • SIP INVITE phone number enumeration
  • INVITE rate-limiting function
  • Embed information in SDP
  • Limit the size of SDP
  • Source ID spoofing
  • Policing by SBC
    Topology leak on key SIP headers
  • SBC strips out unnecessary headers
  • Leaking IMEI information
  • Uniform Resource Name (URN) pattern
  • Excluding information on responses
  • Geolocation information
  • IMS implementations
  • Cell ID of the callee
  • P-Access-Network-Info header of responses
  • SBC strips out unnecessary headers
  • VoLTE Network Security Design

Secure VoLTE Protocols

  • VLANs, port security controls, and 802.1x/EAP
  • SIP MD5 authentication, Secure SIP (SIPS or SIP/TLS)
  • SIP over DTLS, S/MIME
  • SIP over IPSec, and SIP identity
  • Media protocols
  • SRTP, SDES, secure call recording, and RTP over IPSec
  • Key-exchange protocols
  • MIKEY, Descriptions, ZRTP, and DTLS-SRTP
  • Man-in-the-Middle (MitM), port scanning, and banner grabbing
  • ARP spoofing and MitM attacks
  • VoLTE signaling attacks: (SIP-based)
  • VoLTE Media Attacks: (RTP-based)
  • RTP eavesdropping
  • Voice conversations and DTMF tones
  • RTP recording
  • RTP manipulation
  • Replacing, inserting, and mixing audio in standard and MitM scenarios
  • Signaling plane
  • Call setup and tear down
  • Gateways and endpoints
  • Management plane

VoLTE Security and Audit Policies

  • Policy Creation
  • Policy Conformance
  • Incident Handling
  • Auditing Standards and Certifications
  • Basic Auditing and Assessing Strategies
  • The Six-Step Audit Process

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

    Time frame:

    0