1B4 CVSC - Network Systems - Telephony

Ace your homework & exams now with Quizwiz!

Bluejacking Bluesnarfing Bluebugging War-nibbling Bluesniping

- Sending unsolicited text messages - Stealing information - Stealing mobile phone commands - Driving around looking for Bluetooth signals to attack - Using a laptop and powerful antenna to attack from a distance

Voice Protection Systems (VPS)

A ______ can block outbound access to a phone number or series of numbers, such as: •Known toll fraud/scam numbers •900/976 numbers It can also block inbound access numbers such as: •Known spamming fax lines •Telemarketing numbers •Block numbers that generate signal signatures consistent with war-dialing It can also either entirely block the caller ID for all outbound calls or set the caller ID for all those calls to a single number. Enterprise Telephony Manager (ETM) is an example of a _____.

U-TDOA (Uplink-Time Difference of Arrival)

A wireless location technology that relies on sensitive receivers typically located at the cell towers to determine the location of a mobile phone. Determines location based on the time it takes a signal to travel from a mobile phone to each of the sensitive receivers called Location Measurement Units (LMUs).

1G

Also referred to as AMPS (Advance Mobile Phone Service), analog mobile phone system standard developed by Bell Labs.

SIP Method INVITE

An _______ method indicates that the recipient user or service is invited to participate in a session. You can also use this method to modify the characteristics of a previously established session. The ______ message body might include the description of the media session being set up or modified, encoded per Session Description Protocol (SDP). A successful response (200 OK response) to an INVITE indicates the willingness of the called party to participate in the resulting media session.

SIP Fuzzing

An adversary sends malformed data packets to a SIP system with the intention of causing a crash. Was developed as a Black Box software testing technique to find implementation bugs using malformed/semi-malformed data injection in an automated fashion. Some of the impacts are: •Crashes: This is the most common impact and results in complete DoS. Extremely large fuzzed packets sometimes result in loops and heavy processing causing DoS of genuine requests •Buffer overflows: This is the most dangerous impact and the attacker gets to violate, confidentiality, integrity and availability. The attacker gains access using fuzzing in spite of all access control and encryption mechanisms. •A tool that can be used for this type of attack is PROTOS

SIP (Session Initiation Protocol)

An application layer protocol which works in concert with several other protocols and is only involved in the signaling portion of communication session. _______ is primarily used in setting up and tearing down voice or video calls.

The ______ (radio towers) are controlled by _______(s) that connect to ______ that service an area.

Base Transceiver Station (BTS), Base Station Controller (BSC), Mobile Switching Centers (MSC)

Monitoring

Cell phones are radio transmitters and with the right equipment can be intercepted or eavesdropped.

Home Location Register (HLR)

Central database that contains details of each mobile phone subscriber that is authorized to use the GSM core network. Is created when you get the SIM and remains as long as you are a subscriber.

_____ queries the ______ to properly handle incoming calls.

HLR , VLR

The ________ is a unique identification associated with all GSM and Universal Mobile Telecommunications System (UMTS) network mobile phone users. It is stored as a 64 bit field in the Subscriber Identity Module (SIM) inside the phone and is sent by the phone to the network. It is presented as a 15 digit long number, but can be shorter.

International Mobile subscriber Identity (IMSI)

Wideband Code Division Multiple Access (WCDMA)

International Telecommunication Union standard derived from CDMA, is officially known as IMT-2000 direct spread.

Visitor Location Register (VLR)

Is a database of subscribers who have roamed into the jurisdiction of the MSC (Mobile Switching Center) which it serves. A subscriber cannot be present in more than one ______ at a time. Data stored includes -IMSI -Authentication data -MSISDN (phone number) -GSM services that the subscriber is allowed to access -Access point subscribed -The HLR address of the subscriber

CDMA-2000

Is an upgrade from cdmaOne (2G standard). Is a family of 3G mobile technology standards for sending voice, data, and signaling data between mobile phones and cell sites.

Mobile Telephone Switching Center (MTSO)

Is equivalent to a PSTN's central office. It contains the switching equipment for the MSC for routing mobile phone calls. It also contains the equipment for controlling the cell sites that are connected to the MSC. It is responsible for interconnecting calls with the local and long distance landline telephone companies. It also provides resources needed to efficiently serve a mobile subscriber such as registration, authentication, location updating and call routing.

ETMS (Enterprise Telephony Management System)

Is made up of 5 components that consist of a Voice Firewall, Voice Intrusion Prevention System (VIPS), Usage Manager, Performance Manager, and a Call Recorder.

Media Gateway

Is responsible for interfacing IP network based voice communications with the traditional circuit-switched network.

3G

Made up of WCDMA, CDMA -2000, and EDGE. They are collectively known as IMT-2000 and offer packet-switched data at rates exceeding 384 Kbps.

CDMA (Code Division Multiple Access)

One of two standards used for 2G communications. Divides access by frequency. - Employs spread-spectrum technology and a special coding scheme to allow multiple users to be multiplexed over the same physical channel - Soft handover

TDMA (Time Division Multiple Access)

One of two standards used for 2G communications. Divides access by time. - Allows several users to share the same frequency channel by dividing the signal into different time slots - Three times the capacity of an analog system using the same number of channels - Can sometimes create interference (buzz sound) at a frequency which is directly connected to the time slot length

Mobile Switching Center (MSC)

Owned and deployed by mobile phone operators and allows mobile devices to communicate with each other and telephones in the wider PSTN (public switch telephone network). It is the primary service delivery node for GSM (Global System for Mobile communications) / CDMA (Code Division Multiple Access, and is responsible for routing voice calls and SMS as well as other services. It sets up and releases the end-to-end connection, handles mobility and hand-over requirements during the call and takes care of charging and real time pre-paid account monitoring.

5060 & 5061 5060 & 5061

SIP clients typically use Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) on port numbers ______ and/or _______ to connect to SIP servers and other SIP endpoints. Port _______ is commonly used for non-encrypted signaling traffic whereas port ______ is typically used for traffic encrypted with Transport Layer Security (TLS).

Session tear-down

Sending of 'bye' messages causes the target to think the call is over

EDGE

Straightforward upgrade to GSM and is compatible with TDMA systems. 3G technology.

A _______ is an integrated circuit that securely stores the IMSI and the related key used to identify and authenticate subscribers on mobile phones or computers.

Subscriber Identity Module (SIM)

Centralized Model (for VoIPs)

The _______ model is the first of two types that support VoIP applications. The ______ call model is where the media and signaling path are the same. The advantage of the model is the ability to control the media stream as it transverses through the server. In this model the server has the ability to monitor or copy all the calls. The disadvantage is the utilization of resources; this model is very resource intensive.

BSS (Base Station System), BSC (Base Station Controller), BST (Base Station Transceiver)

The ________ contains the __________ and the _________ associated with it.

Base Station Controller (BSC)

The part of the wireless system's infrastructure that controls one or multiple cell sites' radio signals, thus reducing the load on the switch. It performs radio signal management functions for base transceiver stations, managing functions such as frequency assignment and handoff.

Registration Hijacking

There is also ________________ where a rogue device registers itself within the registration server by impersonating a valid user and can now receive incoming calls intended for a valid user agent.

2G

Use the same radio technology as analog phones, but they use it in a different way. - Phone conversations are digitally encrypted -Significantly more efficient use of the spectrum allowing for greater mobile phone penetration levels -Introduced data services for mobile, starting with SMS text messages.

_____ queries the ______ to ensure you are an authorized user.

VLR , HLR

64 kbps

What is the data rate of a typical digitized phone call in kilobits per second (kbps)?

Man in the Middle

With a ___________ attack, the messages appear to be generated from within the system, so they would get around gateway-screening procedures. With trusted access, the perpetrator introduces a number of SS7 attacks. Once connected into the SS7 network, anyone using a computer with an SS7 protocol stack and a message generator could threaten a telecommunications network. These scenarios are highly probable.

Base Transceiver Station (BTS)

With cellular networks, this terminates the radio interface. It is the piece of equipment that facilitates wireless communication between User Equipment and the network. It is also referred to as the Radio Base Station (RBS).

Cloning

Your number is stolen or copied and used to run up bills and access the internet.

Microphone

Your phone is used to monitor conversations in your vicinity.

RTP (Realtime Transport Protocol)

____ is a standardized packet format for delivering audio and video over the IP Networks. It is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications, television services and web-based push-to-talk features. ____ is used in conjunction with the RTP Control Protocol (RTCP). While _____ carries the media streams (e.g., audio and video), RTCP is used to monitor transmission statistics and QoS. It also aids synchronization of multiple streams.

SDP (Session Description Protocol)

____ is intended for describing multimedia communication sessions for the purposes of session announcement, session invitation, and parameter negotiation. ____ does not deliver media itself but is used for negotiation between end points of media type, format, and all associated properties. The purpose of ____ is to communicate the media capabilities and desired properties between the communicating parties. It provides information such as session announcement, session invitation, and parameter negotiation.

Enterprise Telephony Management System (ETM)

_______ is a type of Voice Protection System (VPS) consisting of five components: •Voice Firewall ◦Blocks phone line attacks and controls voice network access •Voice Intrusion Prevention System (VIPS) ◦Prevents malicious /abusive call patterns such as toll fraud, social engineering, and spam •Usage Manager ◦Call accounting and resource utilization •Performance Manager ◦Provides real-time performance monitoring, call recording, and diagnostics •Call Recorder ◦Policy based devise. Can record targeted calls

Distributed Model (for VoIPs)

_______ model is typically deployed. In this call model the media path and signaling are separate much like the PSTN. The advantage of this model is that it is less resource intensive. The disadvantage is the media stream takes a separate path and cannot be recorded. In many commercial deployments such as banks and stock trading, it is required to record all calls.

SIP (Session Initiation Protocol)

_______ supports five facets of establishing and terminating multimedia communications: User location, User capabilities, User availability, Call setup and Call handling.

Denial of Service Attack (DoS)

_________is the easiest attack vector on analog systems. Through the use auto Dialer, one can call one or many numbers repeatedly for any given amount of time. If the attack vector is through a Private Branch Exchange (PBX)/Time Division Multiplexing (TDM), most are computerized; many have serial and web-based interfaces and or remote interfaces for administration. Some also use antiquated Operating Systems (OS) (Win 2000, Linux and UNIX).

SIP Method ACK

an _____ request confirms that the UAC (User Agent Client) has received the final response to an INVITE request. ____ is used only with INVITE requests. ____ is sent end to end for a 200 OK response.

- 2xx - 3xx - 4xx, 5xx, or 6xx

•A ____class response indicates successful processing of the SIP request •A ____ class response indicates that the SIP request needs to be redirected to another UAS for processing •A ____, ____, or ____ class of response indicates failure in processing of the SIP request

Replay Attack

•Use a tool like Wireshark to capture data ◦Manipulate the recording, broadcast it back to the target repeatedly causing a DoS ◦Tcpreplay can be used for this attack vector


Related study sets

سورة الكهف PART 1 (1-27)

View Set

Art History through 19th Century- Rococo and Art of the Enlightenment

View Set

Bio 101 Chapter 7: Membrane Structure and Functions

View Set

(Freedom Fighters: Viewpoint in an Article about Malala Yousafzai)

View Set

CHAPTER 2: Nature & Effects of Obligation

View Set

Econ test 2, chapter 5, 7,8,9,12

View Set