VoIP - Secure PDF

Bo mt trong VoIP
LI M U
Nh ta thy vi s pht trin ca mng chuyn mch gi IP cng vi
s hi nhp mnh m vo nn kinh t ca khu vc v th gii. V mt trong
nhng yu t quan trng c th cch tranh c l chi ph thp. Cng v
l do m VoIP ang tr thnh mt cng ngh rt ph bin vi chi ph thp
v cu trc mm do p ng c nhu cu ca ngi s dng. Tuy nhin,
thit lp mt h thng VoIP th ngoi cht lng dch v (QoS) th cng cn
phi tnh n bo mt cho h thng VoIP. Vic tch hp cc dch v thoi, d
liu, video, trn cng mt h tng mng IP mang n nhiu nguy c tim
n v bo mt. Khng ch do mng IP l mt mng cng cng, nguy c b tn
cng rt ln m bn thn cc giao thc VoIP cng c nhng nguy c v bo
mt.
Xut pht t nhng ngh trn m em quyt nh chn ti Bo Mt
Trong VoIP. Trong gii hn ti, em ch tm hiu v l thuyt bo mt cho
h thng VoIP. Ni dung ca ti bao gm tm hiu v kin trc v cc giao
thc ca cc mng VoIP c th, t phn tch nhng l hng trong mng
VoIP v cc cng ngh khc phc cc l hng . Ni dung lun vn c
chia thnh 3 chng:
Chng 1: Tng Quan Trong Mng VoIP
Chng 2: Cng Ngh Trong VoIP
Chng 3: Bo Mt Trong VoIP
Trong qu trnh nghin cu ti ny, do kin thc v kinh nghim ca
em cn hn ch v vy khng trnh c nhng thiu st, rt mong c s
nhn xt v gp ca Thy C cng bn b.
Hi Phng, ngy thng nm 2010
Sinh vin
Trn Mnh Tuyn
Bo mt trong VoIP
Chng 1:
TNG QUAN TRONG MNG VoIP

1.1 Gii thiu chung v VoIP
VoIP (Voice over Internet Protocol) l cng ngh cho php truyn
thoi s dng giao thc mng IP, trn c s h tng sn c ca mng Internet.
VoIP l mt trong nhng cng ngh vin thng ang c quan tm nht hin
nay khng ch i vi nh khai thc, cc nh sn xut m cn c vi ngi s
dng dch v.
Hnh 1.1: M hnh truyn thoi qua IP

VoIP da trn s kt hp ca mng chuyn mch knh v chuyn mch
gi l mng IP. Mi loi mng c mt c im khc bit nhau. Trong mng
chuyn mch knh mt knh truyn dn dnh ring c thit lp gia hai
thit b u cui thng qua mt hay nhiu nt chuyn mch trung gian. Dng
thng tin truyn trn knh ny l dng bt truyn lin tc theo thi gian. Bng
thng ca knh dnh ring c m bo v c nh trong qu trnh lin lc
(64Kbps i vi mng in thoi PSTN), v tr thng tin l rt nh ch c
thng thi gian truyn thng tin trn knh. Khc vi mng chuyn mch knh,
mng chuyn mch gi (Packet Switching Network) s dng h thng lu tr
Bo mt trong VoIP
ri truyn trn cc nt mng. Thng tin c chia thnh cc gi, mi gi c
thm cc thng tin iu khin cn thit cho qu trnh truyn nh l a ch ni
gi, a ch ni nhn Cc gi thng tin n cc nt mng c s l v lu
tr trong mt thi gian nht nh ri mi c truyn n cc nt tip theo
sao cho vic s dng knh c hiu qu nht. Trong mng chuyn mch gi
khng c knh dnh ring no c thit lp, bng thng ca knh logic gia
hai thit b u cui thng khng c nh, v tr thng tin thng ln hn
mng chuyn mch gi rt nhiu.
Nguyn tc VoIP gm vic s ha tn hiu ging ni, nn tn hiu s
ha, chia tn hiu thnh cc gi v truyn nhng gi s liu ny trn nn IP.
n ni nhn, cc gi s liu c ghp li, gii m ra tn hiu analog
phc hi m thanh.
VoIP cho php thc hin cuc gi dng my tnh qua mng d liu nh
internet. VoIP chuyn i tn hiu thoi t in thoi tng t analog vo tn
hiu s digital trc khi truyn qua internet, sau chuyn i ngc li
u nhn. Khi to mt cuc gi VoIP dng in thoi vi mt b iu hp,
chng ta s nghe m mi gi, quay s s xy ra sau tin trnh ny. VoIP cng
th s cho php to mt cuc gi trc tip t my tnh dng loi in thoi
tng ng hay dng microphone.
VoIP cho php to cuc gi ng di qua mng d liu IP c sn thay
v c truyn qua mng PSTN (public switched telephone network). Ngy
nay nhiu cng ty thc hin gii php VoIP ca h gim chi ph cho
nhng cuc gi ng di gia nhiu chi nhnh xa nhau.
p dng VoIP c th khai thc tnh hiu qu ca mng truyn s liu,
khai thc tnh linh hot trong pht trin cc ng dng mi ca giao thc IP.
Tuy nhin thc hin v ng dng v bo v trong VoIP l phc tp.
gi in qua VoIP, ngi dng cn c chng trnh phn mm in
thoi SIP hoc mt in thoi VoIP dng phn cng. C th gi in thoi
n bt c u, cho bt k ai i vi c s in thoi VoIP v nhng ngi
dng s in thoi bnh thng.
Bo mt trong VoIP
Hnh 1.2: M hnh chung ca mt k ni VoIP

1.2 Cc c tnh ca mng VoIP
1.2.1. u im
VoIP ra i nhm khai thc tnh hiu qu ca cc mng truyn s liu,
khai thc tnh linh hot trong pht trin cc ng dng mi ca giao thc IP v
n c p dng trn mt mng ton cu l mng Internet. Cc tin b ca
cng ngh mang n cho VoIP nhng u im sau:
Gim chi ph cuc gi: u im ni bt ca in thoi IP so vi dch
v in thoi hin ti l kh nng cung cp nhng cuc gi ng di gi r
vi cht lng chp nhn c. Nu dch v in thoi IP c trin khai th
chi ph cho mt cuc gi ng di s ch tng ng vi chi ph truy nhp
Internet. Nguyn nhn dn n chi ph thp nh vy l do tn hiu thoi c
truyn ti trong mng IP c kh nng s dng knh hiu qu cao. ng thi,
k thut nn thoi tin tin gim tc bt t 64Kbps xung thp ti 8Kbps
kt hp vi tc x l nhanh ca cc b vi x l ngy nay cho php vic
truyn ting ni theo thi gian thc l c th thc hin c vi lng ti
nguyn bng thng thp hn nhiu so vi k thut c.
Kh nng m rng: Nu nh cc h tng i thng l nhng h
thng kn, th rt kh thm vo nhng tnh nng th cc thit b trong
Bo mt trong VoIP
mng Internet thng c kh nng thm vo nhng tnh nng mi. Chnh tnh
mm do mang li cho dch v in thoi IP kh nng m rng d dng
hn so vi in thoi truyn thng.
Khng cn thng tin iu khin thit lp knh truyn vt l: Gi
thng tin trong mng IP truyn n ch m khng cn mt s thit lp knh
no. Gi tin ch cn mang a ch ca ni nhn cui cng l thng tin c
th n c ch. Do vy, vic iu khin cuc gi trong mng IP ch cn
tp trung vo chc nng cuc gi m khng cn phi tp trung vo chc nng
thit lp knh.
Qun l bng thng: Trong in thoi chuyn mch knh, ti nguyn
bng thng cung cp cho mt cuc thoi l c nh (mt knh 64Kbps),
nhng trong in thoi IP vic phn chia ti nguyn cho cc cuc thoi linh
hot hn nhiu. Khi mt cuc lin lc din ra, nu lu lng ca mng thp
th bng thng dnh cho lin lc s cho cht lng thoi tt nht c th, nhng
khi lu lng ca mng cao th mng s hn ch bng thng ca tng cuc
gi mc duy tr cht lng thoi chp nhn c nhm phc v cng lc
c nhiu ngi nht. im ny cng l mt yu t lm tng hiu qu s
dng ca in thoi IP.Vic qun l bng thng mt cch tit kim nh vy
cho php ngi ta ngh ti nhng dch v cao cp hn nh in thoi hi
ngh, iu m vi cng ngh chuyn mch c th khng thc hin v chi ph
qu cao.
Nhiu tnh nng dch v: Tnh linh hot ca mng IP cho php to ra
nhiu tnh nng mi trong dch v thoi nh: Cho bit thng tin v ngi gi
ti hay mt thu bao in thoi IP c th c nhiu s lin lc m ch cn mt
thit b u cui duy nht.
Kh nng multimedia: Trong mt cuc gi ngi s dng c th va
ni chuyn va s dng cc dch v khc nh truyn file, chia s d liu, hay
xem hnh nh ca ngi ni chuyn bn kia.
S dng hiu qu: Nh bit VoIP truyn thoi qua mng Internet
v s dng giao thc IP, ngy nay IP l giao thc mng c s dng rng ri
nht v c rt nhiu ng dng ang c khai thc trn c s cc giao thc
ca mng IP, VoIP c th kt hp s dng cc ng dng ny nng cao hiu
Bo mt trong VoIP
qu s dng mng. K thut VoIP c s dng ch yu kt hp vi cc
mng my tnh do c th tn dng c s pht trin ca cng ngh thng
tin nng cao hiu qu s dng, cc phn mm s h tr rt nhiu cho vic
khai thc cc dch v ca mng VoIP. Cng ngh thng tin cng pht trin th
vic khai thc cng c hiu qu, s xut hin nhiu dch v mi h tr ngi s
dng trong mi lnh vc.
1.2.2 Nhc im
K thut phc tp: Truyn tn hiu theo thi gian thc trn mng
chuyn mch gi l rt kh thc hin do mt gi trong mng l khng th
trnh v tr khng c nh ca cc gi thng tin khi truyn trn mng.
c c mt dch v thoi chp nhn c cn phi c mt k thut nn tn
hiu t c nhng yu cu kht khe nh: T s nn ln, c kh nng suy
on v to li thng tin ca cc gi b tht lcTc x l ca cc b
Codec phi nhanh khng lm cuc m thoi b gin on. ng thi
c s h tng ca mng cng cn c nng cp ln cc cng ngh mi c
tc cao hn v c c ch thc hin chc nng QoS (Quality of Service).
Vn bo mt: Mng Internet l mng c tnh rng khp v hn hp,
trong c rt nhiu loi my tnh khc nhau, cc dch v khc nhau cng s
dng chung mt c s h tng. Do vy khng c g m bo rng thng tin
lin quan n c nhn cng nh s lin lc truy nhp s dng dch v ca
ngi dng c gi b mt. V nguy c nghe ln cuc gi VoIP kh cao do
cc gi d liu phi chuyn tip qua nhiu trm trung gian trc khi n
ngi nghe hoc vn truy cp tri php, hacker c th li dng cc l hng
bo mt xm nhp vo h thng mng.
Ngoi ra VoIP c th gp nhng vn nh khng th s dng c
dch v khi cp in, khng th kt ni n cc dch v khn nh: cp cu,
bo chy...
1.3 Xu hng pht trin ca dch v in thoi IP
1.3.1 Nhng yu cu khi pht trin VoIP
Cht lng thoi phi n nh, tr chp nhn c v phi so snh
c vi cht lng thoi ca mng PSTN v cc mng c cht lng phc
v khc nhau.
Mng IP c bn phi p ng c nhng tiu ch hot ng kht khe
Bo mt trong VoIP
bao gm gim thiu vic t chi cuc gi, mt mt gi v mt lin lc. iu
ny i hi ngay c khi mng b nghn hoc khi ngi s dng chung ti
nguyn ca mng cng mt lc.
Tn hiu bo hiu phi c kh nng tng tc c vi bo hiu ca
mng khc (PSTN) khng gy ra s thay i khi chuyn giao gia cc
mng cng nh khng nh hng n hot ng ca mng.
Qun l h thng an ton, a ch ha v thanh ton phi c cung
cp, tt nht l c hp nht vi cc h thng h tr hot ng
1.3.2 Nhng kh khn khi trin khai dch v
Vn tiu chun: Do tiu chun quc t c in thoi IP cn ang
khng ngng pht trin v hon thin v c bit l tiu chun thng tin gia
cc min khc nhau, gia cc mng khc nhau v.vcn ang trong thi gian
tranh lun nh hng trc tip n s tng thch gia cc sn phm in
thoi VoIP ca cc nh cung cp khc nhau. Ngoi ra vn chuyn mch
ca thu bao cc min khc nhau, vn l trnh v vn tng thch dch
v, vn thanh ton cc ph gia cc nh cung cp dch v khc nhau cn
ang ch i.
Vn mng truyn ti: Trong mng Internet l khng th xc nh
trc c v lun thay i, v vy nh hng nghim trng n cht lng
thng thoi. Cn c vo tnh hnh k thut hin nay c th ni Internet i vi
thng tin in thoi thi gian thc yu cu cht lng cao cn tn ti nhiu
khuyt im.
Vn dung lng thit b: Cc nh sn xut thit b tip nhn Internet v
cc nh sn xut thit b cng mng u ang c gng pht trin vi quy m ln,
t vi ca ra E1 cho n hn 100 ca ra E1. Tuy nhin cht lng ca thit b
hin nay cn cch xa so vi sn phm vin thng.
1.3.3 Xu hng pht trin
Hin nay mnh t ha hn cho VoIP l cc mng doanh nghip
Intranet v mng Etranet thng mi. C s h tng da trn IP cho php iu
khin qun l vic s dng cc dch v cho php hay khng cho php truy cp
cc dch v. Cc sn phm in thoi trn mng Internet cha th p ng cc
yu cu cht lng dch v nh in thoi thng thng. Bi vy, pht trin
VoIP trn Intranet, Etranet l hng pht trin trc mt.
Bo mt trong VoIP
Mt xu th pht trin khc ha hn l xy dng cc cng ni gia mng
IP v mng thoi l cc VoIP Gateway. Nhng Gateway ny xy dng t nn
tng PC tr thnh cc h thng mnh c kh nng iu khin hng trm cuc gi
ng thi. Bi vy cc doanh nghip s pht trin lng ln cc Gateway trong
n lc gim chi ph lin quan n lu lng thoi, fax v video hi ngh.
Bo mt trong VoIP
Chng 2:
CNG NGH TRONG VoIP

hiu c cc nguyn tc tn cng cng nh cc gii php bo v
mng khi b tn cng, cn hiu r kin trc cng nh hot ng ca h thng
VoIP. Chng ny s tm hiu r kin trc qu trnh x l tn hiu cng nh
giao thc SIP, H.323 v cc giao thc vn chuyn VoIP.
2.1. Kin trc mng VoIP
2.1.1 M hnh kin trc mng VoIP
Hnh 2.1 M hnh kin trc tng quan ca mng VoIP

Trong m hnh ny l s c mt ca hai thnh phn chnh trong mng
VoIP l:
IP Phone (hay cn gi l SoftPhone): L thit b giao din u cui
pha ngi dng vi mng VoIP. Cu to chnh ca mt IP Phone gm hai
thnh phn chnh:
+ Thnh phn bo hiu mng VoIP: Bo hiu c th l H.323 s dng
giao thc TCP hay SIP s dng UDP hoc TCP lm giao thc truyn
ti ca mnh.
Bo mt trong VoIP
+ Thnh phn truyn ti media: S dng RTP truyn lung media
vi cht lng thi gian thc v c iu khin theo giao thc RTCP.
VoIP Server: Chc nng chnh ca Server trong mng VoIP ty thuc
vo giao thc bo hiu c s dng. Nhng v m hnh chung th VoIP
Server thc hin cc chc nng sau:
+ nh tuyn bn tin bo hiu trong mng VoIP.
+ ng k, xc thc ngi s dng.
+ Dch a ch trong mng.
Ni chung, VoIP Server trong mng nh l u no ch huy mi hot
ng ca mng. Server c th tch hp tt c cc chc nng (SoftSwitch) hoc
nm tch bit trn cc Server chc nng khc nhau (Location Server,
Registrar Server, Proxy Server,).
2.1.2 Phng thc hot ng
VoIP chuyn i tn hiu ging ni thng qua mi trng mng. Do
vy, trc ht ging ni phi c chuyn i thnh cc dy bit k thut s
(digital bits) v c ng gi thnh cc packet sau truyn ti qua mng
IP network v cui cng c chuyn li thnh tn hiu m thanh n ngi
nghe.
Tin trnh hot ng ca VoIP thng qua hai bc:
Call setup: trong qu trnh ny, ngi gi phi xc nh v tr (thng
qua a ch ca ngi nhn) v yu cu mt kt ni lin lc vi ngi
nhn. Khi a ch ngi nhn c xc nh l tn ti trn cc proxy server
gia hai ngi s thit lp mt cuc kt ni cho qu trnh trao i d liu
voice.
Voice data processing: tn hiu ging ni (analog) s c chuyn i
sang tn hiu s (digital) ri c nn li nhm tit kim ng truyn
(bandwidth) sau s c m ha (tnh nng b sung nhm trnh cc b
phn tch mng-sliffer). Cc voice samples sau s c chn vo cc gi
d liu vn chuyn trn mng. Giao thc dng cho cc gi voice ny l
RTP (real-time transport protocol). Mt gi tin RTP c cc field cha d liu
cn thit cho vic bin dch li cc gi tin sang tn hiu voice thit b ngi
nghe. Cc gi tin voice c truyn i bi giao thc UDP. thit b cui,
tin trnh c thc hin ngc li.
10
Bo mt trong VoIP
2.1.3 M hnh phn lp chc nng
V mt chc nng, cng ngh VoIP c th c chia lm ba lp nh
sau:
2.1.3.1 Lp c s h tng mng gi

Thc hin chc nng truyn ti lu lng thoi. Trong VoIP, c s h
tng l cc mng IP. Giao thc truyn ti thi gian thc RTP kt hp vi UDP
v IP gip truyn ti thng tin thoi qua mng IP. RTP chy trn UDP, cn
UDP hot ng trn IP hnh thnh ln c ch truyn RTP/UDP/IP trong VoIP.
Trong cc mng IP, hin tng cc gi IP tht lc hoc n khng theo
th t thng xuyn xy ra. C ch truyn TCP/IP khc phc vic mt gi
bng c ch truyn li khng ph hp vi cc ng dng thi gian thc vn rt
nhy cm vi tr. RTP vi trng tem thi gian (timestamp) c dng
bn thu nhn bit v x l cc vn nh tr, s thay i tr (jitter) v s
mt gi.
2.1.3.2 Lp iu khin cuc gi
Thc hin chc nng bo hiu, nh hng cuc gi trong VoIP. S
phn tch gia mt phng bo hiu v truyn ti c thc hin PSTN
vi bo hiu knh chung SS7, nhng y nhn mnh mt thc t c nhiu
chun bo hiu cho VoIP cng tn ti nh H.323, SIP hay SGCP/MGCP. Cc
giao thc bo hiu ny c th hot ng cng nhau, c ng dng ph
hp vi nhng nhu cu c th ca mng. Ngoi ra, lp ny cn cung cp chc
11
Bo mt trong VoIP
nng truy nhp ti dch v bn trn cng nh cc giao din lp trnh m
pht trin ng dng.
2.1.3.3 Lp ng dng dch v
m nhim chc nng cung cp dch v trong mng vi c dch v c
tng t nh trong PSTN v cc dch v mi thm vo. Cc giao din m cho
php cc nh cung cp phn mm c lp pht trin ra nhiu ng dng mi.
c bit l cc ng dng da trn Web, cc ng dng kt hp gia thoi v
d liu, cc ng dng lin quan ti thng mi in t. S phn tch lp dch
v lm cho cc dch v mi c trin khai nhanh chng. Ngoi ra, cc chc
nng nh qun l, nhn thc cuc gi v chuyn i a ch cng c thc
hin lp ny.
Do cc giao din gia cc lp l m v tun theo chun, to ra nhiu s
la chn khi xy dng thit k mng. V d, ng vi lp c s h tng mng
ta c th dng cc Router v Switch ca hng Cisco, iu khin cuc gi thc
hin bng cc Gatekeeper ca VocalTec v cc dch v c cung cp bi
Server dch v ca Netspeak. Do m hnh trn khng ch c gi tr v mt
l thuyt.
2.1.4 Cc kiu kt ni s dng VoIP
2.1.4.1 Computer to Computer
Hnh 2.3 : M hnh PC-PC

Vi mt knh truyn internet c sn, l mt dch v min ph c s
dng rng khp ni trn th gii. Ch cn ngi gi (caller) v ngi nhn
(receiver) s dng chung mt VoIP service (skype, MSN, yahoo
messenger) 2 headphone + microphone, sound card. Cuc hi thoi l
khng gii hn. V n c p dng trong mt t chc hay mt cng ty
thun tin cho vic lin lc m khng cn np thm tng i ni b.
12
Bo mt trong VoIP
2.1.4.2 Computer to phone
Hnh 2.4: M hnh PC to Phone

Trong m hnh ny mng Internet v mng PSTN c th giao tip vi
nhau nh mt thit b c bit l Gateway
L mt dch v c ph. Bn phi tr tin c mt account + software.
Vi dch v ny mt my PC c kt ni ti mt my in thoi thng thng
bt c u (ty thuc vo phm vi cho php trong danh sch cc quc gia
m nh cung cp cho php. Ngi gi s b tnh ph trn lu lng cuc gi
v khu tr vo ti khon hin c.
u im: i vi cc cuc hi thoi quc t, ngi s dng s tn t
ph hn mt cuc hi thoi thng qua hai my in thoi thng thng, chi
ph r v d np t.
Nhc im: cht lng cuc gi ph thuc vo kt ni internet v
service nh cung cp.
2.1.4.3 Phone to phone
Hnh 2.5: M hnh Phone to Phone

L mt dch v c ph. Bn khng cn mt kt ni internet m ch cn
mt VoIP adapter kt ni vi my in thoi. Lc ny my in thoi tr
thnh mt IP phone.
S dng Internet lm phng tin lin lc gia cc mng PSTN. Tt c
13
Bo mt trong VoIP
cc mng PSTN u kt ni vi mng Internet thng qua cc Gateway. Khi
tin hnh cuc gi, mng PSTN s kt ni n Gateway gn nht, ti y a
ch s c chuyn i t a ch PSTN sang a ch IP c th nh tuyn
cc gi tin n c mng ch. ng thi Gateway ngun c nhim v
chuyn i tn hiu thoi tng t thnh dng s sau m ha, nn, ng
gi li v gi qua mng. Mng ch cng c kt ni vi Gateway v ti
a ch li c chuyn i tr thnh a ch PSTN v tn hiu c gii nn,
gii m, ri chuyn i ngc li thnh tn hiu tng t gi vo mng PSTN
n ch.
2.2 Cc giao thc trong VoIP
2.2.1 Giao Thc H.323
2.2.1.1 Tng quan v giao thc H.323
H.323 l giao thc c pht trin bi ITU-T. H.323 ban u c s
dng cho mc ch truyn cc cuc hi thoi a phng tin trn cc mng
LAN, nhng sau H.323 pht trin thnh 1 giao thc truyn ti VoIP trn
th gii.
H.323 l mt tp giao thc, gm cc giao thc chnh:
+ H.225: l giao thc bo hiu thit lp v gii ta cuc gi.
+ H.245: l giao thc iu khin cho php cc u cui tha hip knh
v trao i kh nng ca chng.
+ H.235: cng c bo mt h tr cho H.323.
2.2.1.2 Cc thnh phn chnh trong mng H.323
Tiu chun H.323 ngh mt cu trc m bao gm 4 thnh phn: u
cui, Gateway, Gatekeeper, v n v iu khin a im MCU (Multipoint
Control Unit). Cu trc ny c m t nh trong hnh sau:
14
Bo mt trong VoIP
ISDN
u cui H.323
Gateway
Gatekeeper
PST
N
MCU
u cui H.323
Hnh 2.6: Cu trc ca H.323
2.2.1.2.1 u cui (terminal)

y l mt im cui khc ca LAN cung cp thng tin thi gian thc,
hai chiu. Tt c cc u cui H.323 u yu cu h tr H.245, H.225, Q.931,
trng thi cng nhn ng k RAS (Registration Admission Status) v cc
giao thc truyn thi gian thc RTP (real-time transport protocol). H.245
c dng iu khin vic s dng knh, trong khi H.225 hoc Q.931
c dng cho bo hiu cuc gi, thit lp v xa cuc gi.
RTP c dng nh l mt giao thc truyn dn mang thng tin lu
thoi. RAS c s dng bi im cui tng tc vi gatekeeper. Mt u
cui H.323 c th truyn thng vi mt u cui H.323 khc, mt gateway
H.323 hoc mt MCU.
2.2.1.2.2 Gateway
L cu ni gia mng H.323 vi cc mng khc nh SIP, PSTN,

Gateway ng vai tr chuyn i cc giao thc trong vic thit lp v kt thc
cc cuc gi, chuyn i cc nh dng d liu gia cc mng khc nhau.
Chc nng phn mm ca gateway c chia lm 4 module nh hnh di:
15
Bo mt trong VoIP
Signaling
Network
Management
Module
Voice
Voice
Packet
Module
Telephony
Signaling
Module
Network
Protocol
Module
DSP
MICROPROCESSOR
Voice &
Signaling
Packet
Hnh 2.7: Kin trc phn mm trong GK

- ng gi thoi(voice packet module): thc hin chc nng nhn ra tn
hiu in ca thoi, loi b ting vng, loi b jitter, nn thoi, ng b ng
h v ng gi thoi.
- Bo hiu in thoi(telephony signaling module): giao tip vi in
thoi, chuyn cc ch th bo hiu thnh cc thay i trng thi m giao thc
mng c th hiu c.
- Giao thc mng(network protocol module): chuyn giao thc bo
hiu trong mng in thoi thnh cc giao thc bo hiu trong mng gi.
- Qun l mng(network management module): qun l mng bng
SNMP (Simple Network Management Protocol).
2.2.1.2.3 Gatekeeper
y l mt thnh phn quan trng trong cu trc ca H.323 v c chc
nng qun l. N l im chung tm cho tt c cc cuc gi trong vng ca n
v cung cp cc dch v ti cc im cui. Mt vng l s tp hp ca
gatekeeper v cc im cui. Nu mng tn ti nhiu GK th s c thit lp
thnh nhiu vng v mi vng s do mt GK qun l. Vic thng tin gia cc
GK s c thc hin thng qua cc bn tin giao tip xc nh v tr u cui
trong qu trnh thit lp cuc gi. Tuy nhin GK l mt thnh phn ty chn
trong cu trc ca H.323.
Cu trc vng c qun l bi gatekeeper c trnh by trong hnh
sau:
16
Bo mt trong VoIP
Gatekeeper
Gateway
Vng
Gateway
Hnh 2.8: Vng gatekeeper
Nu gatekeeper c mt trong h thng H.323 th n thc hin cc

nhim v sau:
Dch a ch: Cho php dch cc quy c, cc k hiu, cc a ch
email thnh a ch IP thit lp lin lc IP.
iu chnh cng nhn (AC): s truy cp ca cc u cui c th c
chp nhn hoc t chi da vo vic xc nhn a ch ngun hoc a ch ch
thi gian hoc bt k bin s no m gatekeeper qun l.
Qun l cuc gi: Gatekeeper hot ng nh mt im lin lc ban u
cho ngi gi, cho hai Gateway hoc cho hai im cui bo hiu trc tip cho
nhau.
Qun l bng thng: Gatekeeper c th yu cu cc u cui v
Gateway thay i cc thng s truyn thng cuc gi qun l s dng bng
thng.
Qun l vng: Gatekeeper c th yu cu khng qu mt s lng cuc
gi no qua kt ni c di tn thp trnh gim st v cht lng.
2.2.1.2.4 n v iu khin a im MCU
MCU l thit b h tr vic hi thoi a im cho ba hoc nhiu hn ba
u cui trong mng H.323. Mt MCU gm 2 phn: MC (Multipoint
Controller) l thnh phn bt buc v MP (Multipoint Processor) l thnh
phn ty chn.
Chc nng ca MC l quyt nh dung lng chung ca cc kt cui,
c th nh v u cui, Gateway hoc Gatekeeper.
17
Bo mt trong VoIP
MP nhn cc lung d liu audio, video v phn phi chng ti cc
im cui tham d vo kt ni a im. MP c th khng cn n nhng s
vng mt ca n l mt gnh nng trn u cui.
2.2.2 H.225
H.225 bao gm cc bn tin RAS v Q.931. Cc bn tin RAS lin quan
n vic qun l user, cn Q.931 mang phn bo hiu cuc gi. C hai giao
thc dng knh kt ni ring l knh RAS v knh bo hiu cuc gi.
2.2.2.1 Bn tin RAS(Registration, Admission, Status)
Chc nng chnh ca cc bn tin RAS:
- EP(endpoint) pht hin ra GK m chng s phi ng k.
- EP ng k vi GK ca n.
- EP phi yu cu s cho php ca GK khi khi to mt cuc gi.
- EP yu cu gii phng cuc gi.
- Trc khi ngt kt ni vi GK, EP phi ngt ng k.
Bn tin RAS c gi i bng giao thc vn chuyn UDP. EP v GK
trao i thng tin trn knh RAS theo dng client-server.
Cc bn tin RAS:
Bn tin RAS
ngha
GRQ
Gatekeeper Request
GCF
Gatekeeper Confirm
GRJ
Gatekeeper Reject
RRQ
Registration Request
RCF
Registration Confirm
RRJ
Registration Reject
ARQ
Admission Request
ACF
Admission Confirm
ARJ
Admission Reject
DRQ
Disengage Request
DCF
Disengage Confirm
DRJ
Disengage Reject
Bng 2- 1: Cc bn tin RAS
18
Bo mt trong VoIP
2.2.2.2 Q.931
Q.931 l khuyn ngh ca ITU-T cho bo hiu cuc gi, lm chc nng
thit lp, duy tr v kt thc cuc gi. Bn tin Q.931 c vn chuyn bng
giao thc TCP. EP s thng lng lng nghe trn port no. Qu trnh tha
thun ny c thc hin bng cc bn tin RAS (trong call Admission), port
1720 thng c chn.
Bn tin Q.931
ngha
Setup
Bn tin u tin trong qu trnh khi to cuc

gi
CallProceeding
Khng c thng tin thit lp cuc gi no na.
Alerting
Ngi b gi rung chung
Connect
Kt thc vic thit lp cuc gi

Kt thc cuc gi
Realease
Complete
Bng 2- 2: Cc loi bn tin Q.931

2.2.3 H.245
H.245 l giao thc iu khin bo hiu cuc gi gia cc EP bao gm
nng lc trao i, xc nh master-slave, qun l knh lun l. Giao thc ny
c vn chuyn bng TCP.
Xc nh Master-slave: trnh xung t khi c hai bn u khi to
cng mt cuc gi. u cui tha thun vai tr ny bng cch p dng theo
mt cch no . Vai tr ny s gi nguyn trong sut cuc gi.
Trao i nng lc: mi u cui phi bit c kh nng ca nhau bao
gm kh nng truyn v nhn, nu khng n c th khng chp nhn cuc
gi.
Qun l knh lun l: m bo cho u cui c kh nng nhn v c
c d liu khi knh lun l m. Bn tin OpenLogicalChannel s m t loi
d liu s truyn.
2.2.4 Cc th tc bo hiu trong mng H.323
Ngi ta chia mt cuc gi lm 5 giai on gm :
Giai on 1: Thit lp cuc gi
Giai on 2: Thit lp knh iu khin
19
Bo mt trong VoIP
Giai on 3: Thit lp knh gi o
Giai on 4: Dch v
Giai oan 5: Kt thc cuc gi
2.2.4.1 Thit lp cuc gi
Vic thit lp cuc gi s dng cc bn tin c nh ngha trong
khuyn ngh H.225.0. Ta s xem xt th tc thit lp cuc gi trong 6 trng
hp sau:
- C hai thit b u cui u khng ng k.
- C hai thu bao u ng k ti mt GK.
- Ch c thu bao ch gi c ng k vi GK.
- Ch c thu bao b gi c ng k vi GK.
- Hai thu bao ng k vi hai GK khc nhau.
- Thit lp cuc gi qua Gateway.
2.2.4.2 Thit lp knh iu khin
Khi kt thc giai on 1 tc l c ch gi ln b gi hon thnh vic
trao i cc bn tin thit lp cuc gi, th cc u cui s thit lp knh iu
khin H.245:
Bn tin u tin c trao i gia cc u cui l terminal
CapabilitySet cc bn thng bo cho nhau kh nng lm vic ca mnh
(ch m ho, truyn, nhn v gii m cc tn hiu a dch v).
Knh iu khin ny c th do thu bao b gi thit lp sau khi n nhn
c bn tin Set-up hoc do thu bao ch gi thit lp khi n nhn c bn
tin Alerting hoc Call Proceeding. Trong trng hp khng nhn c bn
tin Connect hoc mt u cui gi Release Complete, th knh iu khin
H.245 s c gii phng.
2.2.4.3 Thit lp knh truyn thng
Sau khi trao i kh nng (tc nhn ti a, phng thc m ho)
v xc nh quan h master-slave trong giao tip giai on 2, th tc iu
khin knh H.245 s thc hin vic m knh logic truyn d liu. Cc
knh ny l knh H.225.
Sau khi m knh logic truyn tn hiu l m thanh v hnh nh th
mi u cui truyn tn hiu s truyn i mt bn tin h2250 MaximumSkew
Indication xc nh thng s truyn.
20
Bo mt trong VoIP
2.2.4.4 Dch v cuc gi
C mt s dch v cuc gi c thc hin trn mng H.323 nh: thay
i rng bng tn, gim st trng thi hot ng, hi ngh c bit, cc
dch v b sung. Di y l hai loi dch v in hnh: hay i rng bng
tn v gim st trng thi hot ng.
2.2.4.5 Kt thc cuc gi
Mt thit b u cui c th kt thc cuc gi theo cc bc ca th tc
sau:
+ Dng truyn lung tn hiu video khi kt thc truyn hnh nh, sau
gii phng tt c cc knh logic phc v truyn video.
+ Dng truyn d liu v ng tt c cc knh logic dng truyn d
liu.
+ Dng truyn audio sau ng tt c cc knh logic dng truyn
audio.
Truyn bn tin H.245 end Session Command trn knh iu khin
H.245 bo cho thu bo u kia bit n mun kt thc cuc gi. Sau n
dng truyn cc bn tin H.245 v ng knh iu khin H.245. N s ch
nhn bn tin end Session Command t thu bao u kia v s ng knh iu
khin H.245. Nu knh bo hiu cuc gi ang m, th n s truyn i bn tin
ReleaseComplete sau ng knh bo hiu.
N c th kt thc cuc gi theo cc th tc sau y: Mt u cui
nhn bn tin end Session Command m trc n khng truyn i bn tin
ny, th n s ln lt thc hin cc bc t 1 n 6 trn ch b qua bc 5.
Ch : Kt thc mt cuc gi khng c ngha l kt thc mt hi ngh
(cuc gi c nhiu u cui tham gia). Mt hi ngh s chc chn kt thc khi
s dng bn tin H.245 drop Conference. Khi cc u cui s ch MC kt
thc cuc gi theo th tc trn.
21
Bo mt trong VoIP
Gatekeeper 1
u cui 1
u cui 2
Gatekeeper 2
EndSessionCommand (1)
Release Complete (2)

DRQ (3)
DRQ (3)
DCF (4)
DCF (4)
Knh bo hiu RAS

Knh bo hiu cuc gi
Knh iu khin H.245
Ch : Gatekeeper 1 v Gatekeeper 2 c th l mt Gatekeeper
Hnh 2.9: Kt thc cuc gi c s tham gia ca GK

Thit b u cui kt thc cuc gi c s tham gia ca GK.
Trong mt cuc gi khng c s tham gia ca GK th ch cn thc hin
cc bc 1 n 6. Trong cuc gi c s tham gia ca GK th cn c hot ng
gii phng bng tn. V vy, sau khi thc hin cc bc t 1 n 6, mi u
cui s truyn i bn tin DRQ(3) ti GK. Sau , GK s tr li bng bn tin
DCF(4). Sau khi gi DRQ, u cui s khng gi bn tin IRR ti GK na v
khi cuc gi kt thc.
Th tc kt thc cuc gi do GK thc hin.
u tin, GK gi bn tin DRQ ti u cui. Khi nhn c bn tin ny,
u cui s ln lt thc hin cc bc t 1 n 6, sau tr li GK bng bn
tin DCF. Thu bao u kia khi nhn c bn tin endSessionCommand s
thc hin th tc gii phng cuc gi ging trng hp u cui ch ng kt
thc cuc gi. Nu cuc gi l mt hi ngh th GK s gi DRQ ti tt c cc
u cui tham gia hi ngh.
22
Bo mt trong VoIP
Gatekeeper 1
u cui 1
u cui 2
Gatekeeper 2
DRQ (3)
Release Complete (2)

DCF (4)
DRQ (3)
DCF (4)
T1524210-96
Knh bo hiu RAS

Knh bo hiu cuc gi
Knh iu khin H.245
Ch : Gatekeeper 1 v Gatekeeper 2 c th l mt Gatekeeper
Hnh 2.10: Kt thc cuc gi bt u t GK

2.2.5 Giao thc SIP
2.2.5.1 Tng Quan
Giao thc SIP (Session Initiation Protocol) l mt giao thc iu khin
v c tiu chun ha bi IETF. Nhim v ca n l thit lp, hiu chnh v
xa cc phin lm vic gia cc ngi dng. Cc phin lm vic cng c th
l hi ngh a phng tin, cuc gi in thoi im-im SIP c s dng
kt hp vi cc chun giao thc IETF khc nh SAP, SDP v MGCP cung
cp mt lnh vc rng hn cho cc dch v VoIP. Cu trc ca SIP cng
tng t nh cu trc ca HTTP (giao thc client-server). N bao gm cc
yu cu c gi n t ngi s dng SIP client n SIP server. Server s l
cc yu cu v p ng n cc client. Mt thng ip yu cu cng vi thng
ip p ng to nn s thc thi SIP.
SIP l mt cng c h tr hp dn i vi in thoi IP vi cc l do
sau:
+ N c th hot ng v trng thi hoc c trng thi. V vy s hot
ng v trng thi cung cp s m rng tt do cc server khng phi duy tr
thng tin v trng thi cuc gi mt khi s thc hin c x l.
23
Bo mt trong VoIP
+ N c th s dng nhiu dng hoc c php giao thc chuyn siu
vn bn HTTP. V vy, n cung cp mt cch thun li hot ng trn cc
trnh duyt.
+ Bn tin SIP th khng r rng, n c th l bt c c php no. V
vy, n c th c m t theo nhiu cch. Chng hn, n c th c m t
vi s m rng th internet a mc nh MIME (Multipurpose Internet Mail
Extension) hoc ngn ng nh du m rng XML (Extensible Markup
Language).
+ N nhn dng mt ngi dng vi b nh v ti nguyn ng nht
URL(Uniform Resource Locator), v vy n cung cp cho ngi dng kh
nng khi to cuc gi bng cch nhp vo mt lin kt trn trang web.
Ni chung, SIP h tr cc hot ng chnh sau:
- nh v tr ca ngi dng.
- nh media cho phin lm vic.
- nh s sn sng ca ngi dng tham gia vo mt phin lm vic.
- Thit lp cuc gi, chuyn cuc gi v kt thc.
2.2.5.2 Cu trc ca giao thc SIP
Mt kha cch khc bit ca SIP i vi cc giao thc x l cuc gi IP
khc l n khng s dng b iu khin Gateway. N khng dng khi nim
Gatway/b iu khin Gateway nhng n da vo m hnh khch
ch(client/server).
Hnh 2.11: Kin trc bo hiu SIP v th tc bo hiu
24
Bo mt trong VoIP
Server: L mt chng trnh ng dng chp nhn cc bn tin yu cu
phc v cc yu cu ny v gi tr cc p ng cho cc yu cu . Server
l Proxy, Redirect, UA hoc Registrar.
Proxy server: l mt chng trnh trung gian, hot ng nh l mt
server v mt client cho mc nh to cc yu cu thay mt cho cc client
khc. Cc yu cu c phc v bn trong hoc truyn chng n server
khc. Mt proxy c th dch v nu cn thit, c th to li bn tin yu cu
SIP trc khi chuyn chng n server khc hoc mt UA
Redirect server: l mt server chp nhn mt yu cu SIP, nh x a
ch trong yu cu thnh mt a ch mi v tr li a ch ny v client. Khng
ging nh proxy server, n khng khi to mt yu cu SIP v khng chuyn
cc yu cu n cc server khc. Khng ging nh server i din ngi dng
USA, n khng chp nhn cuc gi.
Registrar: l mt server chp nhn yu cu register. Mt Registrar c
xp t vi mt Proxy hoc mt server gi li v c th a ra cc dch v
nh v. Registrar c dng ng k cc i tng SIP trong min SIP v cp
nht v tr hin ti ca chng. Mt min SIP th tng t vi mt vng H.323.
UA (User Agent): l mt ng dng cha c UAC (user agent client) v
UAS (user agent server).
- UAC: l phn ngi s dng c dng khi to mt yu cu SIP
ti Server SIP hoc ti UAS.
- UAS: l mt ng dng server gio tip vi ngi dng khi yu cu SIP
c nhn v tr li mt p ng i din cho ngi dng.
Server SIP c hai loi: Proxy server v Redirect server. Proxy server
nhn mt yu cu t client v quyt nh server k tip m yu cu s i n.
Proxy ny c th gi yu cu n mt server khc mt Redirect hoc UAS.
p ng s c truyn cng ng vi yu cu nhng theo chiu ngc li.
Proxy server hot ng nh l mt client v server. Redirect s khng chuyn
yu cu nhng s ch nh client tip xc trc tip vi server k tip, p ng
gi li client cha ch nh ca server k tip. N khng hot ng c nh
l mt client, n khng chp nhn cuc gi.
25
Bo mt trong VoIP
2.2.5.3 SDP (Session Description Protocol)

L giao thc cho php client chia s thng tin v phin kt ni cho cc
client khc. N ng mt vai tr quan trng trong VoIP.
M t SDP:
SDP khng phi l mt giao thc lp vn chuyn, n khng thc s
vn chuyn d liu gia cc client m n ch thit lp cu trc thng tin v
cc thuc tnh ca lung d liu, d liu thc s c truyn i bi cc giao
thc SIP, RTSP hay HTTP.
Thng tin trong gi SDP dng ASCII gm nhiu dng, mi dng l 1
trng. V d bn tin SDP:
v=0
o=bsmith 2208988800 2208988800 IN IP4 68.33.152.147
s=
e=bsmith@foo.com
c=IN IP4 20.1.25.50
26
Bo mt trong VoIP
t=0 0
a=recvonly
m=audio 0 RTP/AVP 0 1 101
a=rtpmap:0 PCMU/8000
Trng
ngha
Phin bn ca giao thc
Ch ca phin kt ni, nhn dng, phin bn phin

kt ni, Loi mng, Loi a ch, IP ca ch.
Tn phin kt ni
Miu t kt ni
URI
E-mail ca ngi cn lin lc
S in thoi ca ngi cn lin lc
Thng tin kt ni:: IP version and CIDR IP address
Kha m ha nh clear text,base64, uri
Loi mng, port kt

chuyn,danh sch nh dng
ni,phng
Thi im bt u v kt thc kt ni
Thuc tnh.
thc
vn
Bng 2-3: ngha ca cc trng

Hot ng ca SDP:
Client gi SIP request, thit b s to mt gi SDP gi tr li. Gi SDP
ny mang thng tin v phin kt ni. Sau y l mt v d:
v=0
o=alice
2890844526
2890844526
host.atlanta.example.com
s=
c=IN IP4 host.atlanta.example.com
t=0 0
m=audio 49170 RTP/AVP 0 8 97
a=rtpmap:8 PCMA/8000
27
IN
IP4
Bo mt trong VoIP
a=rtpmap:97 iLBC/8000
m=video 51372 RTP/AVP 31 32
a=rtpmap:31 H261/90000
a=rtpmap:32 MPV/90000
Trong v d trn, ngi gi l Alice, lng nghe kt ni t host. atlanta.
Example .com. Gi c gi ti bt k ai mun tham gia phin kt ni. Kt
ni ca Alice h tr ba loi kt ni cho audio l PCMU, PCMIA v iLBC, hai
loi kt ni video H.261 v MPV. Nu Bob mun tham gia kt ni th gi li
bn tin SDP:
v=0
o=bob 2808844564 2808844564 IN IP4 host.biloxi.example.com
s=
c=IN IP4 host.biloxi.example.com
t=0 0
m=audio 49174 RTP/AVP 0
m=video 49170 RTP/AVP 32
a=rtpmap:32 MPV/90000
Bo mt cho SDP:
Bn tin SDP mang thng tin v phin kt ni nh nhn dng phin kt
ni, IP ngi gi, ngi nhn, Nu k tn cng bt c nhng gi SDP
ny n c th thay i gi tr trong cc trng ri gi i. Nhng iu ny
hon ton c th khc phc bng phng php chng thc user ca SIP.
2.2.5.4 Cc bn tin ca SIP
C hai loi bn tin SIP: bn tin yu cu c khi to t client v bn
tin p ng c tr li t server. Mi bn tin cha mt tiu m t chi tit
v s truyn thng.
Mt bn tin c bn gm: dng bt u (start-line), mt hoc nhiu
trng tiu , mt dng trng (CRLF) dng kt thc cc trng tiu v
mt ni dung bn tin ty chn.
28
Bo mt trong VoIP
Bn tin chung =
Dng bt u
Tiu bn tin
CRLF
[Ni dung bn tin]
2.2.5.4.1 Tiu bn tin

Dng ch ra ngi gi, ngi bi gi, ng nh tuyn v loi bn
tin ca cuc gi. C bn nhm bn tin nh sau:
Tiu chung: p dng cho cc yu cu v cc p ng.
Tiu thc th: nh ngha thng tin v loi bn tin v chiu di.
Tiu yu cu: cho php client thm vo cc thng tin yu cu.
Tiu p ng: cho php server thm vo cc thng tin p ng.
Cc tiu ny c lit k trong bng di y:
Tiu chung
Accept
AcceptEncoding
AcceptLanguage
Call-ID
Contact
CSeq
Date
Encryption
Expires
From
Record-Route
Timestamp
To
Via
Tiu
thc th
ContentEncoding
ContentLength
Content-Type
Tiu yu cu
Authorization
Contact
Hide
Max-Forwards
Organization
Priority
ProxyAuthorization
Proxy-Require
Route
Require
Response-Key
Subject
User-Agent
Bng 2-4: Tiu ca SIP
29
Tiu p ng
Allow
Proxy-Authenticate
Retry-After
Server
Unsupported
Warning
www-Authenticate
Bo mt trong VoIP
Gii thch mt s tiu chnh ca SIP theo bng di:
Tiu
Gii thch
Call-ID
So khp cc yu cu vi cc p ng tng ng, nhn

dng duy nht li mi hoc s ng k ca client.
Cseq
Trong mt cuc gi, Cseq tng ln khi mt yu cu mi

c gi i v bt u mt gi tr ngu nhin. Tuy
nhin, i vi yu cu ACK v Cancel th Cseq khng
tng.
To
C mt trong tt c cc yu cu v p ng ch ra ni
nhn yu cu.
From
C mt trong tt c cc yu cu v p ng cha tn v
a ch ca ni khi to yu cu.
Via
Ghi li ng i ca yu cu cho php cc server

SIP trung gian chuyn cc cu tr li tr li cng ng
i.
Encryption
Ch nh ni dung v mt s tiu bn tin c m

ha nh th no.
Content-Length
Ch ra kch thc ca ni dung bn tin (tnh bng octet).
Content-Type
Ch ra loi media ca ni dung bn tin (vn bn/html,

).
Expires
Nhn dng ngy v thi gian khi bn tin ht hn.
Accept
Ch ra loi media no c chp nhn trong bn tin p

ng.
Subject
Cho thng tin v bn cht ca cuc gi.
Bng 2: Gii thch mt s tiu chnh ca SIP.

2.2.5.4.2 Bn tin yu cu.
Cc yu cu cng c th c xem nh cc phng php (method) cho
php User agent v server mng nh v, mi v qun l cc cuc gi. Bn tin
yu cu SIP c dng sau:
Yu cu =
Dng yu cu (Request-line)
Tiu chung/tiu yu cu/tiu thc th.
CRLF
[Ni dung bn tin]
30
Bo mt trong VoIP
Dng yu cu bt u bng m phng php, b nhn dng ti nguyn
ng nht yu cu, phin bn giao thc SIP v kt thc vi CRLF. Cc thnh
phn c phn cc bi k t SP.
C 6 loi bn tin yu cu SIP: INVITE, ACK, OPTIONS, BYE,
CANCEL v REGISTER.
INVITE: Bn tin INVITE ch ra ngi dng hoc dch v ang c
mi tham d mt phin lm vic. Ni dung bn tin cha s m t phin m
ngi b gi c mi. i vi cuc gi hai ngi, ngi gi ch ra loi
media m n c th nhn. Mt p ng thnh cng phi cha trong ni dung
bn tin ca n loi media no m ngi b gi mong mun nhn. Vi bn tin
ny, ngi dng c th nhn bit c kh nng ca ngi dng khc v m
ra mt phin hi thoi vi s bn tin gii hn.
ACK: Bn tin ACK xc nhn client nhn c p ng sau cng i
vi bn tin INVITE (ACK ch c s dng vi bn tin INVITE).
Ni dung bn tin ACK cha s m t phin sau cng c s dng bi
ngi b gi. Nu ni dung bn tin ACK b rng th ngi b gi s dng s
m t phin trong bn tin INVITE.
OPTIONS: Bn tin ny cho php truy vn v thu thp User Agent v
cc kh nng ca Server mng. Tuy nhin, bn tin ny khng c s dng
thit lp phin.
BYE: User Agent Client s dng bn tin BYE bo cho Server bit n
mun gii phng cuc gi. Bn tin BYE c chuyn ging nh l bn tin
INVITE v c th c pht i t ngi gi hoc ngi b gi. Khi mt i
tc nhn bn tin BYE th n phi ngng vic truyn cc lung d liu v
hng i tc pht i bn tin BYE.
CANCEL: Bn tin CANCEL cho php User Agent v server mng hy
b bt c yu cu no ang trong qu trnh x l, n khng nh hng n
cc yu cu hon thnh m cc p ng sau cng nhn c.
RIGISTER: Bn tin ny c s dng bi client ng k thng tin
v tr ca n vi server SIP.
31
Bo mt trong VoIP
2.2.5.4.3 p ng bn tin
Cc bn tin p ng c dng nh sau:
p ng =
Dng trng thi
Tiu chung/tiu p ng/tiu thc th
CRLF
[Ni dung bn tin]
Dng trng thi bao gm phin bn ca giao thc, m trng thi (s), l
do v CRLF. Cc thnh phn c cch nhau bng hai k t SP.
Dng trng thi = SIP-version SP status-code SP Reason-Phrase CRLF
M trng thi c 3 ch s ch ra kt qu ca vic p ng yu cu. L
do l s m t ngn gn v m trng thi.
Ch s u tin ca m trng thi nh ngha lp p ng. SIP phin
bn 2.0 nh ngha 6 gi tr cho lp p ng.
1xx: thng tin-cc yu cu c nhn, x l cc yu cu
2xx: thnh cng-hot ng c nhn thnh cng v c chp nhn.
3xx: i hng (redirection) cn thm mt s hot ng hon thnh
yu cu.
4xx: li client yu cu b sai li c php hoc khng tha mn
server.
5xx: li server server khng tha mn mt yu cu ng.
6xx: li ton cu yu cu khng th tha mn bt k server no.
M s m trng thi c nh ngha trong SIP phin bn 2.0 c nh
ngha trong bng di y:
Lp p ng
Thng tin
Thnh cng
i hng
M trng thi
100
180
181
182
200
300
301
Gii thch
ang c gng
Rung chung
Cuc gi c chuyn
c xp hng i
OK
Nhiu chn la
c di chuyn thng
xuyn
Li client
c di chuyn tm thi
Dch v thay i
Yu cu li
302
380
400
32
Bo mt trong VoIP
Khng nhn thc c
Yu cu tr tin (payment required)
Cm
Khng tm thy
Bn tin khng cho php
Khng chp nhn
Yu cu nhn thc proxy
Yu cu timeout
Xung t
Tip tc (gone)
Yu cu chiu di
Thc th yu cu qu ln
URL yu cu qu ln
Khng h tr loi media
M rng sai
Khng sn c
Cuc gi hoc s trao i khng tn
ti
482
Vng lp c pht hin
483
Qu nhiu hop
484
a ch khng hon thnh
485
M h
486
ang bn
500
Li server bn trong
Li Server
501
Khng thc thi
502
Gateway li
503
Dch v khng c sn
504
Gateway timeout
505
Phin bn SIP khng h tr
600
Bn mi ni
Li ton cu
603
T chi
604
Khng tn ti mi ni
606
Khng chp nhn
Bng 2-5: Cc p ng ca SIP
2.2.6 Cc giao thc vn chuyn trong SIP.
SIP c th s dng UDP v TCP. Khi c gi trn UDP hoc TCP,
nhiu s giao dch SIP c th c mang trn mt kt ni TCP n l hoc
gi d liu UDP. Gi d liu UDP (bao gm tt c cc tiu ) th khng vt
qu n v truyn dn ln nht MTU (Maximum Transmission Unit) nu
401
402
403
404
405
406
407
408
409
410
411
413
414
415
420
480
481
33
Bo mt trong VoIP
MTU c nh ngha hoc khng vt qu 1500 byte nu MTU khng c
nh ngha.
2.2.6.1 UDP
UDP l giao thc tng vn chuyn khng c iu khin tc nghn. N
c dng vn chuyn bn tin SIP v n gin v thch hp vi cc ng
dng thi gian thc. Cc bn tin SIP thng c kch thc nh hn MTU
(Message Transport Unit). Nu bn tin ln th phi dng TCP, v l do ny m
SIP khng c chc nng chia nh gi.
Hnh 2.12 (a): Trao i bn tin SIP bng UDP

2.2.6.2 TCP
TCP l giao thc tng vn chuyn ng tin cy do c iu khin tc
nghn, hn na n c th vn chuyn gi tin c kch thc bt k. Nhc
im ca n l tng tr.
34
Bo mt trong VoIP
Hnh 2.12(b): Vn chuyn bn tin SIP bng TCP

tng cng tnh bo mt th cn c nhng giao thc b sung vn
chuyn bn tin SIP nh TLS, SRTP.
2.2.7 So snh H.323 v SIP
SIP v H.323 c pht trin vi nhng mc ch khc nhau bi cc t
chc khc nhau. H.323 c pht trin bi ITU-T t theo PSTN, dng m ha
nh phn v dng li mt phn bo hiu ISDN. SIP c IETF pht trin da
trn mng Internet, dng mt s giao thc v chc nng ca mng Internet.
H thng m ha: SIP l giao thc text-based (text dng ASCII) ging
nh HTTP trong khi H.323 dng cc bn tin m ha nh phn. M ha nh
phn gip gim kch thc bn tin nhng n phc tp hn dng text bnh
thng. Ngc li cc bn tin text d dng to ra, lu li, kim tra v khng
cn bt c mt tool no bin dch n, iu ny lm cho SIP thn thin vi
mi trng Internet v cc nh pht trin web. Bn tin SIP c cu trc ABNF,
(Augmented Backus-Naur Form) cn bn tin H.323 ASN.1 khng c cu trc.
H.323 ch c chc nng bo hiu, SIP c thm kh nng thng tin v
trng thi ca user (presense and Instant message) v SIP s dng a ch URI.
iu ny l th mnh ca SIP v hu ht cc dch v ngy nay dng SIP nhiu
hn so vi H.323. SIP c h tr bi thit b ca cc nh cung cp dich v
v ang dn thay th H.323. SIP cng c cc hng di ng s dng nh
giao thc bo hiu cuc gi.
35
Bo mt trong VoIP
Tnh cc: SIP mun c thng tin tnh cc phi trong qu trnh bo
hiu cuc gi pht hin ra thi im kt thc cuc gi. Cn vi H.323, ti
thi im khi to v kt thc cuc gi, cc thng tin tnh cc nm trong cc
bn tin ARQ/DRQ. Vi trng hp cuc gi bo hiu trc tip, EP thng bo
cho GK thi im bt u v kt thc cuc gi bng bn tin RAS.
V mc bo mt: SIP c nhiu h tr bo mt m bo m ha,
chng thc dng certificate, ton vn bn tin end-to-end. Bn thn SIP khng
pht trin nhng h tr ny m n tha hng t cc giao thc h tr bo mt
ca Internet nh TLS v S/MIME. Cn H.323 th xy dng H.235 cho chng
thc v m ha.
Cc thit b SIP cn hn ch v vic trao i kh nng. Cn cc thit b
trong mng H.323 c kh nng trao i kh nng v thng lng m knh
no (audio, thoi, video hay d liu).
H.323 v SIP cng tn ti v c chc nng tng t nh nhau. SIP
c h tr DNS v URL ngay t u cn H.323 th khng. Tng t nh
vy H.323 h tr hi ngh truyn hnh vi khi nim MCU ngay t u th vi
SIP tnh nng c pht trin sau gi l focus.
SIP ban u dng UDP, sau dng TCP. Cn vi H.323 th ban u
khng dng UDP nhng by gi c h tr thm UDP.
u im ca tng giao thc:
H.323 dng thay th mt phn trong h thng PSTN v chim lnh th
trng hi ngh truyn hnh. i vi nhng b phn ch dng tnh nng bo
hiu (thit lp v kt thc) cuc gi, khng dng ht nhng u im ni tri
ca SIP th khng cn thay th H.323 bng SIP.
SIP hin ti vn cha h tr hi ngh truyn hnh. im mnh ca n
hin ti vn l mt giao thc n gin, da trn kin trc Internet.
2.2.8 Giao thc vn chuyn trong VoIP
Giao thc thi gian thc Real-time Protocol (RTP) c ra i do t
chc IETF xut, n m bo c ch vn chuyn v gim st phng thc
truyn thng thi gian thc trn mng IP. RTP c hai thnh phn:
- Bn thn RTP mang chc nng vn chuyn, cung cp cc thng tin v
cc gi tin thoi.
36
Bo mt trong VoIP
- Giao thc iu khin thi gian thc RTCP (Real-time Control
Protocol) mang chc nng gim st v nh gi cht lng truyn tin.
2.2.8.1 RTP
Mt cuc thoi thng thng c chia thnh cc phin bo hiu cuc
gi, iu khin cuc gi, tha thun phng thc truyn thng v phin hi
thoi. V tr ca RTP nm trong phin hi thoi.
Cch thc truyn ting ni qua mng IP: Qua phin tho thun phng
thc truyn thng, cc bn tham gia hi thoi tin hnh m hai cng UDP k
nhau, cng chn cho truyn ting ni (RTP), cng l cho truyn cc thng tin
trng thi gim st (RTCP). Thng thng, hai cng c chn mc nh
l 5004 v 5005.
Ti pha pht, ting ni c iu ch thnh dng s ho, qua b
CODEC c nn thnh cc gi tin truyn i. Khi i xung tng UDP/IP,
mi gi tin c gn vi mt header tng ng. Header ny c kch thc 40
byte, cho bit a ch IP ngun, a ch IP ch, cng tng ng, header RTP
v cc thng tin khc:
Hnh 2.13: Gi RTP

Chng hn nh ta s dng G.723.1 th mi payload c kch thc 24
byte, nh vy phn d liu cho mi gi tin ch chim 37,5%.
Header RTP cho bit phng thc m ha c s dng cho gi tin
ny, ch mc gi, nhn thi gian ca n v cc thng tin quan trng khc. T
cc thng tin ny ta c th xc nh rng buc gia gi tin vi thi gian.
Header RTP gm 2 phn :
Phn c nh di 12 byte.
Phn m rng ngi s dng c th a thm cc thng tin khc.
Header RTP cho mi gi tin c dng :
37
Bo mt trong VoIP
0
0
V=2
P X
6
CC
8
M
1
0
PT
2
0
3
0
Sequence number
Timestamp
Synchronization Source (SSRC) identifier
Contributing Source (CSRC) identifiers
T1527560-97
Hnh 2.14: Cu trc header ca RTP

Cc gi c sp xp li theo ng th t thi gian thc bn nhn
ri c gii m v pht li.
RTP h tr hnh thc hi thoi a im mt cch rt linh hot. iu
ny ht sc quan trng, c bit trong trng hp s thnh vin tham gia hi
thoi l nh tit kim ti nguyn mng. a phn hi thoi din ra di hnh
thc pht a im. Nu c yu cu phc p gia hai thnh vin th ta la
chn cch thc hi thoi n pht p.
Hnh 2.15: Hi thoi a im

RTP cho php s dng cc b trn v b chuyn i. B trn l thit b
nhn cc lung thng tin t vi ngun c tc truyn khc nhau, trn chng
li vi nhau v chuyn tip theo mt tc xc nh u ra. B chuyn i
nhn mt lung thng tin u vo, chuyn i n thnh mt khun dng
khc u ra. Cc b chuyn i c ch cho s thu nh bng thng theo yu
cu ca dng s liu trc khi gi vo kt ni bng thng hp hn m khng
cn yu cu ngun pht RTP thu nh tc truyn tin ca n. iu ny cho
php cc bn kt ni theo mt lin kt nhanh m vn m bo truyn thng
38
Bo mt trong VoIP
cht lng cao. Cc b trn cho php gii hn bng thng theo yu cu hi
thoi.
2.2.8.2 RTCP
T cc thng tin cung cp trong RTP cho mi gi tin, ta c th gim st
cht lng truyn ting ni trong qu trnh din ra hi thoi. RTCP phn tch
v x l cc thng tin ny tng hp thnh cc thng tin trng thi ri a
ra cc bn tin phn hi n tt c cc thnh vin. Ta c th iu chnh tc
truyn s liu nu cn, trong khi cc bn nhn khc c th xc nh xem
vn cht lng dch v l cc b hay ton mng. ng thi, nh qun l
mng c th s dng cc thng tin tng hp cho vic nh gi v qun l cht
lng dch v trong mng .
Ngoi ra, cc bn tham gia c th trao i cc mc m t thnh vin
nh tn, e-mail, s in thoi v cc thng tin khc.
Giao thc iu khin thi gian thc Real-time Control Protocol (RTCP)
c nhim v gim st v nh gi qu trnh truyn tin da trn vic truyn
mt cch nh k cc gi tin iu khin ti cc thnh vin tham gia hi thoi
vi cng c ch truyn d liu. RTCP thi hnh 4 chc nng chnh :
Cung cp c ch phn hi cht lng truyn d liu. Bn gi thng k
qu trnh gi d liu qua bn tin ngi gi cho cc thnh vin. Bn nhn cng
tin hnh gi li bn thng k cc thng tin nhn c qua bn tin ngi
nhn. T vic gim st qu trnh gi v nhn gia cc bn, ta c th iu
chnh li cc thng s cn thit tng cht lng cho cuc gi. y l chc
nng quan trng nht ca RTCP.
Mi ngun cung cp gi tin RTP c nh danh bi mt tn CNAME
(Canonical end-point identifer SDES item). RTCP c nhim v cho cc thnh
vin bit tn ny. Khi c thnh vin mi tham gia hi thoi th anh ta phi
c gn vi mt trng CNAME trong gi tin SDES.
Quan st s thnh vin tham gia hi thoi thng qua s thng k cc
bn tin.
Mang cc thng tin thit lp cuc gi, cc thng tin v ngi dng. y
l chc nng ty chn. N c bit hu ch vi vic iu khin cc phin
lng, cho php d dng thm bt s thnh vin tham gia hi thoi m khng
cn c rng buc no.
39
Bo mt trong VoIP
RTCP nh ngha 5 loi gi tin nh bng di:
SR
Sender Report, bn tin ngi gi
RR
Receiver Report, bn tin ngi nhn
SDES
Source Description items, cc mc m t ngun
BYE
Thng bo kt thc hi thoi
APP
Cung cp cc chc nng ring bit ca tng ng dng
Cc thng tin c cung cp gi tin RTCP cho php mi thnh vin

tham gia hi thoi gim st c cht lng truyn tin, s gi tin gi i, s
gi tin nhn c, t l gi tin b mt, tr l bao nhiuV vy, cc thng tin
ny thng c cp nht mt cch nh k v chim khng qu 5% gii
thng cuc gi.
Nh vy khng nhng RTP p ng c yu cu thi gian thc cho
vic truyn ting ni qua mng IP m cn cho php ta gim st v nh gi
cht lng truyn tin cho VoIP. C rt nhiu yu t nh hng ti cht lng
dch v (Quality of ServiceQoS) cho VoIP nhng ch yu l do 3 nguyn nhn tr, t l gi tin
mt v Jitter. Ti mi thi im din ra hi thoi ta u c th quan st v
nh gi cc tham s ny.
Tuy nhin, bn thn RTP hot ng trn tng IP m bn cht mng IP
l chuyn mch gi, do vy RTP khng can thip c ti cc nguyn nhn
trn. Ta khng th iu khin c cht lng dch v qua thoi trn IP m
ch gim st v nh gi qua vic s dng RTP. Bin php khc phc hin
nay l s dng giao thc gi trc ti nguyn Resource Reservation Protocol
(RSVP) cho VoIP.
40
Bo mt trong VoIP
Chng 3:
BO MT TRONG VoIP
3.1 Vn bo mt trong VoIP
Chnh v VoIP da trn kt ni internet nn c th c nhng im yu
i vi bt k mi e do v cc vn g m my tnh ca bn c th i
mt. Cng ngh ny cng l mt cng ngh mi nn cng c nhiu tranh ci
v nhng tn cng c th xy ra, VoIP cng c th b tn cng bi virut v m
nguy him khc, cc k tn cng c th chn vic truyn thng, nghe trm v
thc hin cc tn cng gi mo bng vic thao tng ID v lm hng dch v
ca bn. Cc hnh ng tiu tn lng ln cc ti nguyn mng nh ti file,
chi tr chi trc tuyncng nh hng n dch v VoIP.
VoIP cng chu chung vi cc vn bo mt vn c ca mng data.
Nhng b giao thc mi dnh ring ca VoIP ra i cng mang theo nhiu
vn khc v tnh bo mt.
Nghe nn cuc gi: nghe nn qua cng ngh VoIP cng c nguy c cao
do c nhiu node chung gian trn ng truyn gia hai ngi nghe v ngi
nhn. K tn cng c th nghe nn c cuc gi bng cch tm ly cc gi
IP ang lu thng qua cc node trung gian. C kh nhiu cng c min ph v
c ph kt hp vi cc card mng h tr ch pha tp gip thc hin c
cc iu ny.
Truy cp tri php(unauthorized access attack): k tn cng c th xm
phm cc ti nguyn trn mng do nguyn nhn ch quan ca cc admin. Nu
cc mt khu mc nh ca cc gateway v switch khng c i th k tn
cng c th li dng xm nhp. Cc switch c vn cn dng telnet truy
cp t xa, v clear-text protocol c th b khai thc mt khi k tn cng c th
sniff c cc gi tin. Vi cc gateway hay switch s dng giao din web
server cho vic iu khin t xa th k tn cng c th tm cc dng c k
thut ARP tm ly cc gi tin ang lu chuyn trong mt mng ni b.
Caller ID spoofing: caller ID l mt dch v cho php uer c th bit
c s ca ngi gi n. Caller ID spoofing l k thut mo danh cho php
41
Bo mt trong VoIP
thay i s ID ca ngi gi bng nhng con s do uer t ra. So vi mng
in thoi truyn thng, th vic gi mo s in thoi VoIP d hn nhiu, bi
c kh nhiu cng c v website cho php thc hin iu ny.
c im
c t
Cu trc IP im yu ny lin quan n cc h thng s dng mng

chuyn mch gi, n lm nh hng n cu trc hot ng
ca VoIP
H
iu hnh
Cc thit b VoIP k tha cc im yu ca h iu hnh v cc

firmware m chng chy trn (windows v linux)
Cu hnh
Cu hnh mc nh ca thit b VoIP lun c nhng dch v d

tha. v cc port ca cc dch v d tha ny tr thnh im
yu cho cc tn cng Dos, trn b m hoc trnh s xc thc
Mc
ng dng
Cc cng ngh mi cn non yu c th b tn cng b gy hoc

mt iu khin i vi cc dch v.
Bng 3: M t cc cp m cu trc VoIP c th b tn cng

Ngoi nhng vn trn, VoIP cn k tha nhng vn chnh trong
vic nh tuyn trn kt ni bng thng rng. Khng ging nh cc h thng
in thoi truyn thng bn c th gi c khi mt in. Trong h thng VoIP,
nu mt ngun in th VoIP cng khng th thc hin c cuc gi . y
cng c vi vn lin quan l cc h thng bo mt nh hoc s khn
cp c th khng lm vic theo nh mong mun.
3.2 Nhu cu bo mt
Trc khi i vo chi tit v nhng cng ngh khc nhau bo v cho
mng VoIP. Bn cn phi hiu nhng vn v tp hp nhng nhu cu m
bn c thy. Phn ny s phc tho nhng nhu cu bo mt tiu biu.
Khng phi l mt danh sch ton din. Nhng dch v VoIP c bit c th
cn nhng nhu cu ph:
Tnh ton vn : Ngi nhn nn nhn nhng gi d liu ca ngi khi
to gi vi ni dung khng c s thay i. Mt bn th ba cn phi khng c
kh nng chnh sa gi trong qu trnh vn chuyn. nh ngha ny c p
dng mt cch chnh xc trong trng hp ca tn hiu VoIP. Tuy nhin,
42
Bo mt trong VoIP
trong trng hp ca phng tin truyn thng, s mt mt gi thng thng
c th tha th c.
Tnh b mt: Mt hng th ba khng nn c kh nng c d liu m
c d nh cho ngi nhn.
Tnh xc thc: Bn gi v bn nhn tn hiu VoIP hay thng ip
truyn thng nn chc chn rng chng ang lin lc ngang hng nhau.
Tnh sn sng: S bo v t vic tn cng DoS(t chi dch v) i vi
thit b VoIP nn sn c i vi nhng ngi s dng lin tc. Nhng ngi
s dng/nhng thit b c c tm hoc c c x khng ng n khng c
cp quyn ph v dch v. lm du cc cuc tn cng DoS i hi cch
x l ly nhim bo v ti nguyn VoIP v bo v mng IP bn di.
3.3 Mt s cch tn cng chn cuc gi
3.3.1 Tn cng Replay
Tn cng replay l tn cng ch ng hng v nghi thc. c trng
ca ngi tn cng ny ginh c gi d liu gi hoc nhn n host. Anh ta
sa i chng v s dng li truy cp vo mt s dch v no . Mt v
d tng ng vi loi thoi IP l ngi tn cng t c trong tay cc gi d
liu gi t mt user c quyn thit lp cuc gi v gi li chng sau khi
sa i a ch ngun v IP. N c th b ngn chn bng cch thc thi hai
dch v bo mt nhn thc thc th ngang hng (peer entity authencation) v
tnh ton vn d liu (data intergrity).
3.3.2 Tn cng trn b m
y l phng thc tn cng ph bin. y l kt qu chnh ca vic
pht trin phn mm khng ng lc. K thut ny li dng trn thc t l c
mt vi lnh khng kim tra u vo d liu. Chng c ng dng c bit
xu chui x l cc lnh. Qu trnh gia nhp vi nhiu u vo, cc lnh
hay l cc chng trnh c kh nng lm cho b nh h thng b vit ln.
Ni dung ca b nh ny c th bt u hoc quay tr li a ch ca cc
chng trnh subroutine. Trng hp xu nht ngi tn cng c th thm
vo on code him cung cp cho anh ta cc quyn qun l ca h thng.
Bin php i ph l hu tt c cc code yu, chnh cc l hng nhn thc
c cha trong cc h thng hot ng v cc chng trnh ngn ng.
43
Bo mt trong VoIP
3.3.3 Tn cng man in the middle
Trong tn cng man in the middle ngi tn cng qun l ct t kt
ni gia hai bn gi. C hai bn tham gia kt ni ny u ngh rng chng
truyn thng vi nhau. Thc t, tt c cc d liu c nh tuyn qua ngi
tn cng. Hacker hon thnh vic truy cp thay th cc d liu bn
trong. Hacker c th c chng, thay i chng hoc v gi chng nh l d
liu ca anh ta. Thc t hacker c xc nh v tr gia ca hai bn
truyn thng mang li cho ngi tn cng tn ca hai bn truyn thng. Mt
v d cho tn cng ny l thit lp ca vic bo m kt ni c s dng bi
bo mt lp d liu. im yu ca TLS l nguyn nhn ca vic thit lp
phin ny. y hai bn truyn thng c th trao i hai kha. Kha ny
c i c kh nng lm cho ngi tn cng c th gia hai bn truyn
thng.
3.3.4 Chn v nh cp cuc gi
Nghe trm v nh chn cuc gi l vn lin quan n mng VoIP,
nh ngha nghe ln c ngha l mt ngi tn cng c th gim st ton b
bo hiu hoc dng d liu gia hai hoc nhiu u cui VoIP, nhng khng
th bin i d liu. nh cp cuc gi thnh cng tng t nh vic nghe
trm trn dy ni, cuc gi ca hai bn c th b nh cp, ghi li, v nghe li
m hai bn khng h bit. R rng ngi tn cng m c th nh chn v
cha d liu ny c th s dng d liu ny cho mc ch khc phc v cho
mc ch ca anh ta.
3.3.5 u c DNS
Mt h s DNS (Domain Name System) A c s dng cho vic cha
cc domain hay hostname nh x thnh a ch IP. SIP to ra vic s dng
rng ri h s SRV xc nh cc dch v SIP nh l SIP u quyn v ng
nhp. Cc h s SRV thng bt u vi gch di
(_sip.tcpserver.udp.domain.com) v cha thng tin v miu t dch v, vn
chuyn, host, v thng tin khc. Cc h s SRV cho php ngi qun l s
dng mt vi user cho mt domain, di chuyn dch v t host n host vi
mt t quan trng ho, v b nhim mt vi host nh l cc server chnh
cho cc dch v.
44
Bo mt trong VoIP
Mt ngi c mc ch tn cng, s c gng u c DNS hay tn cng
gi mo, s thay th gi tr lu tr h s DNS A, SSRV, hay NS vi cc bn
tin m ch n cc server ca ngi tn cng. iu ny c th c hon
thnh bng cch bt u bng cch di vng t DNS server ca ngi tn
cng n DNS server nn nhn, bng cch yu cu server DNS nn nhn phn
tch thit b mng trong domain ca ngi tn cng. Server DNS nn nhn
khng nhng chp nhn yu cu h s m cn chp nhn v cha cc h s
m server tn cng c.
V vy vic thm vo h s A cho www.Attacker.com, server DNS nn
nhn c th nhn c h s gi l www.yourbank.com. Nn nhn v ti s b
hng n chuyn hng li n attacker.com. Trang web m bt m bt k
thi im no mun truy cp l yourbank.com. Trang web m h s gi c
lu tr. SIP URL thay th cho a ch website, v vn tng t cng gp
phi trong mi trng VoIP.
Cc loi e do ny da vo s vng mt ca bo m nhn thc ca
ngi to ra yu cu. Cc tn cng trong loi ny c gng tm kim ph
hoi tnh ton vn ca d liu m thoi.Cc thm ho ny ch ra rng vic
cn thit phi bo mt dch v c kh nng nhn thc th to ra yu cu v
kim tra ni dung ca thng ip v iu khin cc lung khng b bin
i khi pht.
3.3.6 nh la (ARP Spoofing)
ARP l giao thc c s Ethernet. C l do nguyn nhn ny, thao tc
vo cc gi ARP l k thut tn cng thng thy trong mng VoIP. Mt vi
k thut hay cng c hin ti cho php bt k user no c th tm ra lu lng
mng trn mng bi v ARP khng c iu khon cho cu hi nhn thc v
cu hi tr li. Thm vo , bi v ARP l mt giao thc stateless, hu ht
cc h thng hot ng cp nht cache ca n khi m nhn mt li p ARP,
bt chp n c gi i t mt yu cu thc t hay khng.
Trong s nhng tn cng ny, chuyn hng ARP, nh la ARP, nh
cp ARP v u c cache ARP l cc phng php ph hoi qu trnh
ARP bnh thng. Cc dng ny thng xuyn c xen k hoc xo trn
nhau. Dnh cho mc ch ca chng ny, c th xem u c cache ARP v
nh la ARP nh l cng mt qu trnh. S dng cc cng c tu thch c
45
Bo mt trong VoIP
th nh l ettercap, Cain, v dsnif, v cc thit b IP c hi c th nh la
thit b IP thng thng bng cch gi mt p ng ARP khng yu cu n
host mc tiu. Mt p ng ARP gi cha a ch phn cng ca thit b bnh
thng v a ch IP ca thit b c xu. Ned l my tnh tn cng. Khi
SAM broadcast mt cu hi ARP cho a ch IP ca Sally, NED, ngi tn
cng, p ng cu hi ch ra rng a ch IP (10.1.1.2) lin quan n a
ch MAC ca Ned, BA:AD:BA:AD. Cc gi gi s gi t SAM n Sally s
c thay th gi n Ned. Sam s hiu lm rng a ch MAC ca Ned tng
ng vi a ch IP ca Sally. Thc t, Ned c th u c cache ARP ca Sam
m khng cn i mt yu cu ARP t h thng Windows (9x/NT/2k), cc
mc ARP tnh c vit ln khi mt tr li cu hi c nhn bt chp c
hay khng cu hi c pht. Mc ny s c gi cho n khi chng ht hn
hoc mc mi thay th.
Chuyn hng ARP c th hot ng hai chiu v thit b nh la c
th a vo gia ca cuc m thoi gia hai thit b IP trn mng chuyn
mch. Bng cch nh tuyn cc gi trn cc thit b c nhn cc gi, vic
gi vo ny (c bit nh l Man/Monkey/Moron trong vic tn cng gia
) c th vn khng c nhn ra cho mt vi ln. Ngi tn cng c th nh
tuyn cc gi nh mong mun, dn n nh tn cng DoS.
V tt c lu lng IP gia ngi gi thc v ngi nhn thc by gi
u i qua thit b ca ngi tn cng, tht bnh thng cho ngi tn
cng tm ra lu lng s dng cc cng c tu thch nh l Ethereal hay
tcpdump. Bt k thng tin no khng c m ho (bao gm email, username
v password, v lu lng web) c th b chn ng v b xem.
S chn ng ny c kh nng tc ng mnh n lu lng VoIP. Cc
cng c min ph nh l vomit hay rtpsnif, cng nh l cc cng c cng cng
nh l VoIPCrack, cho php chn ng v m ho lu lng VoIP. Cc ni
dng chim c c th bao gm thoi, bo hiu v thng tin tnh cc, a
phng tin, s PIN. m thoi qua ni mng IP c th b chn v ghi m li
s dng k thut ny.
y cng c mt s bin th ca k thut k trn. Thay cho vic
phng theo cc host, ngi tn cng c th phng theo gateway. iu ny lm
cho ngi tn cng c th chn ng nhiu lung gi. Tuy nhin, hu ht k
46
Bo mt trong VoIP
thut chuyn hng da vo vic ln lt. Ngi tn cng trong cc trng
hp ny u hy vng vic khng nhn ra ca cc user m chng mo nhn.
Mo nhn gateway c th c kt qu trong cc user phng s c mt ca
ngi tn cng xm phm bt ng trong mng.
Trong cc th tc gii hn li do thao tc ARP, ngi qun l phi thc
thi cc cng c phn mm gim st vic nh x a ch IP thnh a ch
MAC. lp mng, nh x a ch MAC/IP c th c mt m tnh trn
switch, tuy nhin n thng xuyn khng c qun l tt.
Cc ri ro ca vic m ho lu lng VoIP c th c gii hn bi
thc thi mt m. S dng vic mt m ho media, cc cuc m thoi gia hai
u cui IP phi c s dng cng mt dng mt m ho. Trong mi trng
bo mt cao th cc t chc cn phi m bo cng mt phng thc mt m
trong b codec IP.
Tip theo l mt vi v d thm vo ca cc nh chn hay n cp cuc
gi hay tn hiu. Cc e do ca lp ny kh thc hin hon thnh hn l
DoS, kt qu ca n c th l d liu b mt hay b thay i. Cc tn cng
DoS, l do nguyn nhn ca cc phng php hot ng hay s xut, n lm
nh hng n cht lng dch v v thng gy s khng hi lng i vi
user v ngi qun tr mng. Cc tn cng nh chn v n cp, thng l cc
tn cng ch ng vi vic nh cp dch v, thng tin, hoc tin nh l mc
tiu tn cng. Cn ch rng danh sch ny khng khi qut ht kha cnh
nhng cng bao gm mt vi tn cng ct li.
3.3.7 Tn cng nh la u cui VoIP (Roque VoIP Endpoint Attack)
Gi mo u cui EP giao tip vi cc dch v VoIP bng cch da trn
cc nh cp hay c on cc nhn dng, cc u nhim hoc cc truy cp
mng. V d, mt nh la u cui EP c th s dng cc jack khng c
bo v hay t ng ng k thoi VoIP c th vo mng. c chng mt
m c th c s dng gi dng nh l mt u cui hp php. Vic qun
l cc ti khon khng cht ch c th gia tng nguy c ca vic li dng ny
3.3.8 Cp ng k (Registration Hijacking)
Cp ng k xy ra khi mt ngi tn cng mo nhn l mt UA c
gi tr gi v thay th ng k vi a ch ca mnh. Cc tn cng ny l
nguyn nhn ca vic tt c cc cuc gi n c gi n ngi tn cng.
47
Bo mt trong VoIP
3.3.9 Gi mo y nhim
Gi mo u nhim xy ra khi mt ngi tn cng nh la mt u
nhim (proxy) trong vic truyn thng vi mt proxy gi.. Nu mt ngi tn
cng thnh cng trong vic gi mo u nhim, anh ta c th truy cp vo tt
c cc thng ip SIP.
3.3.10 La tnh ph
Gi mo u cui VoIP s dng server VoIP t vic tnh ph bt
hp php ca cuc gi qua PSTN. V d, cc iu khin truy cp khng y
c th cho php cc thit b gi t ph ca cc cuc gi bng cch gi yu
cu VoIP n cc ng dng tin hnh cuc gi. Cc server VoIP c th b
hack trong cc th tc tin hnh cuc gi min ph n ch bn ngoi.
3.3.11 Xo trn thng ip
Bt gi, sa i, v sp t khng xc thc cc gi VoIP n u
cui. Cc tn cng ny c th xy ra qua vic nh cp ng nhp, gi mo u
nhim, hay tn cng trn bt k mt thnh phn VoIP thc no m tin hnh
cc thng ip SIP hay H.323, nh l server proxy, registration, media
gateway, hay cc bc tng la.
3.4 Cc cng ngh bo mt
Khi a ra nhng nhu cu bo mt cho nhng thit b VoIP, phn ny
m t mt vi cng ngh c sn m bo tnh ton vn,tnh b mt, v tnh
chng thc. Cc cng ngh ny khng phi l nhng gii php ti u nhng
n gp phn gii quyt nhng vn trong mng VoIP:
3.4.1 VLAN
S tch hp thoi, d liu v video trn cng mt mng lm cho s bo
mt ca h thng VoIP cng b nh hng bi cc dch v khc. c th
gii quyt c vn ny ta tch bit v lun l gia cc dch v bng
VLAN
48
Bo mt trong VoIP
Hnh 3- 1: VLAN
Li ch ca VLAN:
- Gim lu lng broadcast v multicast v ch c cc my trong cng
mt VLAN mi c th thng tin c vi nhau. VLAN c cu hnh trn
switch.
- VLAN d dng qun l, gip qun l thit b mt cch tp trung.
VLAN c th sp xp v qun l cc PC hay softphone da vo chc nng,
lp dch v, tc kt ni hoc nhng tiu chun khc.
- Gim delay v jitter, do ci thin QoS.
H thng VoIP c th b nh hng bi s thiu bo mt ca cc dch
v khc ca mng d liu.
49
Bo mt trong VoIP
Hnh 3- 2: VLAN phn theo chc nng

VLAN gp phn trong bo mt h thng VoIP. Lu lng gia cc
VLAN c m bo (tr khi s dng router). N lm gim cc broadcast lu
lng trn mng m in thoi phi nhn.
Qun l lu lng bng VLAN gip cho lu lng SNMP v syslog
khng b nhiu vi d liu, d dng hn trong vic qun l mng.
VLAN cn lm gim nguy c DoS. Do mun lin lc gia cc VLAN
th phi i qua lp mng, cc lu lng ny s b lc bi cc ACL trn lp
mng.
bo m an ton cho lu lng ti lp 2 th cn hn ch quyn truy
cp bng cng console ca Switch bng cch s dng nhng phng php
chng thc mng nh RADIUS hay AAA.
3.4.2 VPN
Cng ngh VPN cung cp mt phong thc giao tip an ton gia cc
mng ring da trn h tng mng cng cng (Internet). VPN thng c
dng kt ni cc vn phng, chi nhnh vi nhau, cc ngi dng t xa v
vn phng chnh. Cng ngh ny c th trin khai dng cc gii php sau:
Frame Relay, ATM hay Leased line.
Cc giao thc v thut ton c dng trong VPN bao gm DES (Data
Encryption Standard), Triple Des (3DES), IP Security (IPSec) v Internet key
Exchange (IKE).
50
Bo mt trong VoIP
C hai loi kt nit VPN:
+ Client to LAN
+ LAN to LAN
Hnh 3- 3: Client-to-LAN VPN

Cng ngh VPN da trn k thut ng hm (tunneling). K thut ny
bao gm ng gi, truyn i, gii m, nh tuyn. VPN c ba loi: Point to
Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), IPsec.
3.4.2.1 Point to Point Tunneling Protocol
y l mt giao thc pht trin bi Microsoft, lm vic lp 2 trong
m hnh OSI. PPTP ng gi frame PPP vo gi IP bng cch s dng GRE
(General Routing Encapsulation).Cc hnh thc m bo s bo mt gm:
chng thc, m ha d liu, lc gi PPTP.
PPTP dng cc giao thc chng thc PPP gm: EAP, MS-CHAP (ver 1
v ver 2), PAP, trong MS-CHAP ver2 v EAP-TLS c xem l bo mt
nht v c VPN server v VPN client u chng thc ln nhau. Ti trong PPP
frame c m ha bng RSA (Rivest, Shamir and Adleman), RC4 (Rivest
Cipher 4).
Trong MS-CHAP ver1 gi tr bm ca LAN v ca Windows NT c
sinh ra da trn cng mt password v c gi song song t client n
server. V gi tr LAN manager hash c bo mt km nn cc chng trnh
b password c th tn cng c, khi bit c gi tr bm ca LAN, c
th dng n tm ra gi tr ca Windows NT. MS-CHAP ver 2 khc phc
c li trn nh dng c ch m ha.
RSA v RC4 cng c cc im yu do kha m ha da trn password
ca user v c client v server u dng chung kha m ha.
51
Bo mt trong VoIP
3.4.2.2 Layer 2 Tunneling Protocol
L2TP l giao thc chun ca IETF (RFC 2661). Khc vi PPTP, L2TP
c th chy trn nhiu chuyn mch khc nhau nh X.25, Frame Relay, ATM,
nhng thng th L2TP ng gi PPP frame trong L2TP frame v dng UDP
truyn i (khng dng GRE). Dng UDP tt hn cho cc dch v thi gian
thc.
Bn thn L2TP khng m bo bo mt, n cn cc giao thc vn
chuyn bn di lm iu ny. iu ny c thc hin qua vic bo mt
trong PPP hoc dng IPsec.
Hnh 3- 4: Cu trc L2PT

3.4.2.3 IP Security
Vi c im l d b bt gi trong mng IP nn yu cu m ha l cn
thit cho h thng VoIP. IPsec c th bo mt thng tin ca EP v lung d
liu. IPsec l tp giao thc pht trin bi IETF, bo mt lp IP.
IPSec bao gm 4 thnh phn: thnh phn m ha (Encryption), trao i
kha (Security Association), m bo ton vn d liu (Data Integrity) v
kim tra ngun gc d liu (Origin Authentication).
IPsec gm hai giao thc: Authenticaion Header (AH) v Encapsulating
Security Payload (ESP).
- AH: chng thc data v chng replay, dng giao thc IP s 51
- ESP: dng giao thc IP s 50
ESP ch m ha v chng thc trn gi ban u (khng c header), cn
AH th chng thc ton b gi (c header) v khng m ha.
52
Bo mt trong VoIP
Hnh 3- 5: Chng thc v m ha ca AH v ASP

- IPsec gm 2 mode:
+ Tunnel mode: to thm mt IP header mi gm mt a ch ngun v
mt a ch ch (c th khc vi a ch ngun v a ch ch trong gi IP).
ESP chng thc v m ha trn gi IP, cn AH chng thc thm mt phn
ca header mi.
+ Transport mode: ESP m ha v chng thc gi IP (khng c phn
header), AH th c chng thc thm mt phn header mi.
Hnh 3- 6: Cu trc gi IPsec transport mode
Hnh 3- 7: Cu trc gi IPsec tunnel mode

Trong qu trnh thit lp kt ni, VPN client v VPN server s thng
lng thut ton m ha c s dng trong s cc thut ton sau: DES,
MD5, SHA, DH
53
Bo mt trong VoIP
Security Association (SA) thng c qun l bi IKE. SA thng c
th dng pre-shared key, m ha RSA hoc ch k s. IPsec chng thc bng
shared secret v certificate, bo mt hn so vi PPTP chng thc bng
password ca user.
3.4.3 Firewalls
ng vai tr rt quan trng trong vic bo mt mng d liu khi
nhng tn cng t bn ngoi. Mt s loi firewall c bn sau c th bo v d
liu cc lp khc nhau trong m hnh OSI:
Packet filtering firewall
Circiut level gateway firewall
Personal firewall
Chc nng c bn ca firewall c thit k khng phi dnh cho cc
ng dng thi gian thc nh VoIP nn vic thit lp firewall cho h thng
VoIP s lm cho h thng phc tp hn mt s qu trnh: port ng
trunking, th tc thit lp cuc gi.
Ngoi ra, firewall cn c nhim v iu khin lung thoi v d liu.
Nu khng ci t firewall th tt c cc lu lng n v i t IP phone u
phi c cho php v RTP dng port UDP ng, v nh vy th tt c cc
port UDP u phi m, thiu bo mt. V vy, IP phone thng t sau
firewall tt c cc lu lng u c kim sot m khng cn phi m tt
c cc port UDP firewall c s dng cch ly v mt lun l gia thoi
v d liu.
3.4.4 NAT (Network Address Translation).
L k thut m a ch ngun hay a ch ch thay i khi i qua thit
b c chc nng NAT, cho php nhiu host trong mng ni b dng chung
mt a ch IP i ra mng bn ngoi.
Ngoi one-to-one mapping th cn c many-to-one mapping hay cn
gi l NAPT (Network Address Port Translation).
54
Bo mt trong VoIP
Hnh 3- 8: Qu trnh thay i a ch trong NAT

NAT c 4 chnh sch:
- Full: tt c cc yu cu t cng cc host bn trong (a ch IP v port)
c nh x ti cng mt IP hay port i din bn ngoi, v vy bt k mt
host bn ngoi c th gi gi ti 1 host bn trong nu bit a ch c nh x
.
- Restricted: ch cho php 1 host bn ngoi vi IP X gi gi cho host
mng bn trong nu host ca mng bn trong gi ti IP X mt gi trc
.
- Port restricted: Ging Restricted one nhng c thm port. Chnh sch
ny c s dng c th dng chung mt a ch IP i din bn ngoi.
- Symmetric: tt c cc request t cng 1 IP hay port n 1 ch no
c nh x i bng 1 IP i din, nu i ti 1 ch khc th n s i bng IP
i din khc Ch c nhng host bn ngoi nhn c gi th mi gi gi
ngc tr li cc host bn trong c.
Li ch ca NAT:
Gim bt s IP cn dng bng cch s dng chung 1 IP i din i
ra bn ngoi. Vi vic s dng chung 1 IP i din i ra bn ngoi nh vy
th mi lu lng mun truy nhp vo mng bn trong th phi qua NAT, bo
mt hn.
3.4.5 Mt s ch khi s dng NAT v firewall trong h thng VoIP.
nh hng n QoS:
Vic thit lp firewall v NAT gy ra trv jitter, lm gim QoS. V
bn cht, mun ci thin QoS th qu trnh x l gi khi qua firewall phi
nhanh, m kh nng x l gi ca firewall li ph thuc vo nng lc ca
55
Bo mt trong VoIP
CPU. CPU x l gi chm l do: header ca gi thoi phc tp hn gi IP
bnh thng nn thi gian x l lu hn; s lng gi RTP qu ln c th lm
firewall CPU b qua ti.
Cuc gi ti:
Khi mt c mt cuc gi ti th cc lu lng bo hiu ti i qua
firewall, cn phi m mt s port, iu ny c th gy nguy him.
Vi NAT iu ny cng kh khn v NAT dng port ng, m mt host
bn ngoi ch c th gi cho 1 host nm sau NAT nu bit chnh xc a ch
IP v port ca n.
Voice Stream:
RTP dng port ng (1024-65534), cn RTPC qun l lung thoi
bng mt port ngu nhin, kh m ng b port ca RTP v RTPC. Nu c
hai host u nm sau NAT th cng kh khn.
NAT ch nh x a ch bn trong v a ch i din i ra bn ngoi
trong 1 khong thi gian t(s). Nu kt ni b t hay khng c lu lng i
qua NAT trong t(s) th nh x ny s bin mt.
Nu dng TCP th khi kt ni TCP kt thc th cuc gi cng kt thc.
Nu dng UDP th khng nhn bit c v UDP l phi kt ni. Nu s dng
VAD th c kh nng thng tin kt ni b xa trc khi cuc gi tht s kt
thc.
M ha:
Vic m ha gip m bo tnh ton vn d liu nhng ta cng gp mt
s vn vi n khi s dng NAT v firewall:
+ Firewall s chn cc gi c header c m ha.
+ NAT du i IP bn trong vi mng bn ngoi nn phng php
chng thc ESP v AH ca Ipsec l khng hp l.
3.4.6 Share-key (kho dng chung)
Nhng cch tip cn Cha kha- Dng chung:
Mt cch tip cn ti s chng thc l mt h thng m trong ngi
gi v ngi nhn chia s mt mt khu b mt ( i khi tham chiu ti nh
mt cha kha- dng chung) m khng c bit i vi mt bn th ba.
Ngi gi tnh ton mt hash ni dung thng ip v ni vo gi tr
hash vi mt thng ip. Bn pha nhn c thng ip, ngi nhn cng
56
Bo mt trong VoIP
tnh ton hash thng ip vi mt mt khu dng chung. Sau n so snh
hash c tnh ton vi gi tr hash m c b sung vo thng ip. Nu
chng ph hp, s ton vn ca thng ip c bo m nh l tnh xc thc
ca ngi gi.
Bn c th s dng mt khu dng chung m ha ni dung thng
ip v truyn d liu m ha ti ngi nhn. Trong trng hp ny, yu
cu ring t c cp khng v bn th ba c th nh hi d liu ang
vn chuyn v c th nhn ni dung thng bo ca vn bn gc. Ngi nhn
chy gii thut gii m (s m kha) vi mt khu dng chung nh mt trong
nhng u vo v to ra li thng bo vn bn gc.
Mt h thng m c nhiu ngun d liu c th gp phi yu cu xc
thc bng vic bo m rng mi ngi gi s dng mt cha kha duy nht
cho d liu c gi.
Trong mt cch tip cn cha kha- dng chung, ngi qun tr phi c
s chun b i vi mt khu b mt dng chung. Trong mt h thng m c
nhiu cp ngi gi/ nhn, vic ng u vi s chun b c th rt cao.
Ngoi ra, nu mt cha kha- dng chung c tha hip ( stolen/ lost),
Mi thit b s dng cha kha dng chung cn c chun b vi cha kha
dng chung mi.
3.4.7 Public-Key Cryptography (Mt m cha kho-cng cng):
lm gim bt s au u cho ngi qun tr vi nhng cch tip cn
cha kha- dng chung, bn c th s dng mt m cha kha- cng cng.
Nhng khi nim c bn trong mt m cha kha chung l nhng cha kha v
nhng ch k s ha khng cn i, c m t trong nhng mc sau y:
Nhng cha kha khng cn i:
Nhng cp cha kha khng cn i tng cp l nhng cha kha
(thng thng ca di c nh) c tham chiu ti nh cha kha cng
cng v cha kha ring t m c lin quan ton hc n ln nhau. Chng
thng thng c i din trong h mi su v c nhng c trng sau y:
- Ch c cha kho cng cng tng ng mi c th gii m gi liu m
c m ho vi mt cha kho ring t.
- Ch c cp cha kho ring t tng ng mi c th gii m d liu
m c m ho vi mt cha kho cng cng.
57
Bo mt trong VoIP
- C mi quan h mt-mt gia nhng cha kho.
- Cha kho ring t c gi b mt, cn cha kho cng cng th c
chia s vi mi ngi.
i vi s chng thc, mt ngi gi c th s dng cha kha ring t
ca ring mnh m ha thng ip. Thng ip ch c th c gii m vi
cha kha cng cng tng ng. Ngi nhn c th gii m thng ip min
l anh ta c s truy nhp ti cha kha cng cng ca ngi gi. V ch c
ngi gi mi bit cha kha ring t nn anh ta buc phi m ha thng
ip.
i vi truyn thng an ton, mt ngi gi c th m ha ni dung
thng bo bng cch s dng k thut mt m cha kha- cng cng. Anh ta
lm iu ny bng cch s dng cha kha cng cng ca ngi nhn. Ngi
nhn sau c th gii m thng ip vi cha kha ring t tng ng. Bi
v ngi nhn d nh c cha kha ring t nn anh ta c th gii m hng
ip. Khng c bn th ba no khc c th gii m thng bo ny, bi v
khng ai khc bit cha kha ring t ca ngi nhn.
Ch rng ngi gi phi s dng cha kha ring t m ha thng
ip cho nhng mc ch chng thc, trong khi m ngi nhn phi s dng
cha kha cng cng m ha thng ip cho s truyn thng an ton.
Trong th gii thc, pha chng thc n u tin. Sau khi ngi gi v
ngi nhn xc nhn ln nhau th h chuyn ti pha truyn thng an ton.
S m ha s dng nhng cha kha khng cn i l mt tin trnh
cng cao ca CPU. Bi vy, khi m bao gm rt nhiu d liu, nhng
ngi qun l ni chung s dng mt m cha kha cng cng m phn
mt b mt dng chung duy nht trn phin hp. H dng nhng k s cha
kha cn i bng cch s dng b mt dng chung ny cho phn cn li ca
phin hp.
3.4.8 IDS (Intrusion Detection)
IDS l h thng gim st tt c cc lu lng trong mng. IDS l thit
b th ng, lu lng khng i qua n, m n ch ly tt c cc gi trn mng
phn tch. Nu c lu lng khng bnh thng bn thn n s pht cnh
bo cho ngi qun tr mng bit.
58
Bo mt trong VoIP
Hnh 3- 9: V tr ca IDS trong h thng

Hot ng ca IDS:
- IDS theo di tt c nhng trng thi bnh thng ca h thng v do
pht hin ra nhng tn cng bt thng vo h thng. Kin trc ca n
gm Call State Fact Base, cha cc trng thi iu khin v cc bin trng
thi, cho php theo di tin trnh ca cuc gi. Thng tin trng thi c cp
nht t Event Distributor. Attack Scenarino cha nhng kiu tn cng bit.
- IDS qun l s thay i trng thi ca cc gi c phn tch bng
chc nng Call basis. Tt c gi ca mt cuc gi c phn thnh mt
nhm, ri li chia thnh cc nhm nh da trn loi giao thc, ri a vo cc
b my phn tch khc nhau, cc b my ny c ng b bng cc tham s
chung v cc s kin ni b. Event Destributor cng phn loi cc gi nhn
c cho Attack Scenarino.
Cc gi t Event Destributor v thng tin trng thi t Attack
Scenarino/ Call State Fact Base c a n Analysis Engine. Khi c s bt
thng no v giao thc hay trng vi mt kiu tn cng bit trc th IDS s
bt c cnh bo cho ngi qun tr phn tch thm.
59
Bo mt trong VoIP
Hnh 3- 10: Cu trc bn trong ca thit b IDS

3.5 Bo v cc thit b VoIP
c c tnh sn sng ca thit b VoIP, bn cn phi bo v nhng
thit b m lu lng m thanh ngun hay thit b u cui ca thit b
phi c kh nng chng li cc cuc tn cng, nh c m t chi tit phn
di y:
V hiu ho nhng cng v nhng dch v khng thng s dng:
in hnh l nhng cng hoc nhng dch v khng thng s dng
m c m trn cc thit b thoi lm cho chng c th cng kch c ti
s khai thc ca hacker. Luyn tp c khuyn co l v hiu ho nhng
cng hoc thit b ca VoIP hoc thit b h tng IP (v d nh b switch,
routers,) sau y l mt vi iu m bn nn lm:
V hiu ho Telnet,TFTP, v nhng thit b tng t nu chng khng
c s dng.
Nu bn ch ang s dng qun l mng n gin (SNMP) trn mt
thit b thu nht d liu, th nn t SNMP ch ch c (read-only).
Nu bn ang s dng s qun tr trn nn mng, th lun lun s dng
s truy nhp an ton vi nhng giao thc nh SSL.
60
Bo mt trong VoIP
V hiu ho bt k ca no khng thng s dng trn Layer 2
switches.
+ S dng h thng bo v s xm nhp da vo Host (HIPS):
Bn c th s dng HIPS bo mt cho nhng thit b thoi nh l
nhng nhn t x l cuc gi. HIPS l phn mm in hnh m tp hp thng
tin v nhng cch dng a dng rng ri ca ti nguyn thit b nh CPU,
login attemp, s lng ngn,Thng tin ny c so snh chng li mt tp
hp cc quy tc xc nh phi chng mt s xm phm bo mt xy ra.
Bng vic ph thuc vo cch nh hnh nhng tham s, nhng h thng ny
c th ly nhng hot ng phng nga, v d nh kt thc ng dng offending, nhp d liu gii hn t nhng ngi s dng a ch IP
61
Bo mt trong VoIP
THUT NG VIT TT
K hiu
vit tt
Vit y
ngha
ADPM
Adaptive Differential Pulse

iu ch xung m vi sai thch nghi
Code Modulation
CPU
Central Processing Unit
n v x l trung tm
DNS
Domain Name System
H thng phn gii tn min
DSP
Digita Signalling Proccessor
B x l tn hiu s
GSM
HTTP
IETF
IP
Global System for Mobie
H thng ton cu cho in thoi di

ng
Hypertext Tranfer Protocol
Giao thc chuyn siu vn bn

T chc vin thng quc t Lc lng chuyn ph trch
k thut kt ni mng
Internet Engineering Task

Force
Giao thc Internet
Internet Protocol
IPv4
IP version 4
Giao thc Internet phin bn 4
IPv6
IP version 6
Giao thc Internet phin bn 6
ISDN
Integrated Service Digital

Network
ISUP
Mng dch v tch hp s

Phn ngi dng ISDN
ISDN User Part
ITU-T
International
Hip hi vin thng quc t - T
Telecommunication Union chc chun ha cc k thut vin
Telecommunication
thng
Standardization Sector
IUA
ISDN User Adapter
B chuyn i ngi dng ISDN
LAN
Local Area Network
Mng vng cc b
LLC
Logic Link Control
iu khin lin kt logic
MAC
Media Access Control
iu khin truy nhp mi trng
MC
Multipoint Controller
B phn iu khin a im
MCU
Multipoint Control Unit
MGCP
Media Gateway
n v iu khin a im
Giao thc iu khin Media Getway
62
Bo mt trong VoIP
Control Protocol
MIPS
Millions of Instruction per

second
n v thi gian (triu/giy)
MP
Multipoint Processor
B x l a im
MTP
Message Tranfer Part
Phn truyn bn tin
M2UA
MTP2 User Adapter
B chuyn i ngi dng MTP2
M2PA
MTP L2
Peer-to-Peer Adapter
B chuyn i bn tin lp 2 ngang

hng
B chuyn i ngi dng MTP3
M3UA
MTP3 User Adapter
OSI
Open System Interference
M hnh tham chiu mng
PAM
Pulse Amplitude Modulation
iu bin dng xung
PBX
Private Branche Xchange
Tng i chi nhnh ring
PC
Personnal Computer
My tnh c nhn
PCM
Pulse-Code Modulation
B m ha m xung
PSTN
Public Switch
Telephone Network
Mng in thoi cng cng
QoS
Cht lng dch v
Quality of Service
RAS
Register Admission Status
Bo hiu ng k, cp php, thng tin

trng thi
RSVP
Reservation Protocol
Giao thc nh trc ngun ti

nguyn
RTP
Real-Time Transport
Protocol
Giao thc truyn thi gian thc
RTCP
Real-Time Transport Control Giao thc iu khin truyn thi gian

Protocol
thc
SAP
Session Announcement
Protocol
Giao thc thng bo phin
SCN
Switching Network
Mng chuyn mch knh
SCP
Signal Control Point
im iu khin bo hiu
SCCP
Signaling Connection
Control Part
Phn iu khin kt ni bo hiu
SCTP
Stream Control
Giao thc truyn iu khin lung
63
Bo mt trong VoIP
Transmission Protocol
SDP
Session Description Protocol
Giao thc m t phin
SIP
Session Initiation Protocol
Giao thc thit lp phin
SS7
Signaling System No.7
H thng bo hiu s 7
SSP
Switch Service Point
im dch v chuyn mch
Sigtran
Signalling Transport
Giao thc truyn bo hiu SS7 trn

mng IP
STP
Signal Tranfer Point
im truyn bo hiu
SUA
SCCP User Adapter
B chuyn i ngi dng SCCP
TCAP
Transaction
Phn ng dng cung cp giao dch
Capabilities Application Part
TCP
Transmission Control
Giao thc iu khin truyn thng tin
Protocol
TUP
Telephone User Part
Phn ngi dng in thoi
UA
User Agent
i din ngi s dng
UAC
User Agent Client
i din ngi s dng khch hng
UAS
User Agent Server
i din ngi s dng my ch
UDP
User Datagram Protocol
Giao thc Datagram ngi dng
VoIP
Voice over Internet Protocol Cng ngh truyn thoi trn mng IP
VPN
Virtual Private Network
WAN
Mng ring o
Mng bng rng
Wide Area Network
64

VoIP - Secure PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VoIP - Secure PDF

Uploaded by

Copyright:

Available Formats

Bo mt trong VoIP

TNG QUAN TRONG MNG VoIP

Hnh 1.1: M hnh truyn thoi qua IP

Hnh 1.2: M hnh chung ca mt k ni VoIP

CNG NGH TRONG VoIP

Hnh 2.1 M hnh kin trc tng quan ca mng VoIP

2.1.3.1 Lp c s h tng mng gi

Hnh 2.3 : M hnh PC-PC

Hnh 2.4: M hnh PC to Phone

Hnh 2.5: M hnh Phone to Phone

Hnh 2.6: Cu trc ca H.323

2.2.1.2.1 u cui (terminal)

L cu ni gia mng H.323 vi cc mng khc nh SIP, PSTN,

Hnh 2.7: Kin trc phn mm trong GK

Hnh 2.8: Vng gatekeeper

Nu gatekeeper c mt trong h thng H.323 th n thc hin cc

Bn tin u tin trong qu trnh khi to cuc

Khng c thng tin thit lp cuc gi no na.

Ngi b gi rung chung

Kt thc vic thit lp cuc gi

Bng 2- 2: Cc loi bn tin Q.931

Release Complete (2)

Knh bo hiu RAS

Hnh 2.9: Kt thc cuc gi c s tham gia ca GK

Release Complete (2)

Knh bo hiu RAS

Hnh 2.10: Kt thc cuc gi bt u t GK

Hnh 2.11: Kin trc bo hiu SIP v th tc bo hiu

2.2.5.3 SDP (Session Description Protocol)

Phin bn ca giao thc

Ch ca phin kt ni, nhn dng, phin bn phin

E-mail ca ngi cn lin lc

S in thoi ca ngi cn lin lc

Thng tin kt ni:: IP version and CIDR IP address

Kha m ha nh clear text,base64, uri

Loi mng, port kt

Bng 2-3: ngha ca cc trng

2.2.5.4.1 Tiu bn tin

Bng 2-4: Tiu ca SIP

So khp cc yu cu vi cc p ng tng ng, nhn

Trong mt cuc gi, Cseq tng ln khi mt yu cu mi

Ghi li ng i ca yu cu cho php cc server

Ch nh ni dung v mt s tiu bn tin c m

Ch ra kch thc ca ni dung bn tin (tnh bng octet).

Ch ra loi media ca ni dung bn tin (vn bn/html,

Nhn dng ngy v thi gian khi bn tin ht hn.

Ch ra loi media no c chp nhn trong bn tin p

Cho thng tin v bn cht ca cuc gi.

Bng 2: Gii thch mt s tiu chnh ca SIP.

Hnh 2.12 (a): Trao i bn tin SIP bng UDP

Hnh 2.12(b): Vn chuyn bn tin SIP bng TCP

Hnh 2.13: Gi RTP

Synchronization Source (SSRC) identifier

Contributing Source (CSRC) identifiers

Hnh 2.14: Cu trc header ca RTP

Hnh 2.15: Hi thoi a im

Sender Report, bn tin ngi gi

Receiver Report, bn tin ngi nhn

Source Description items, cc mc m t ngun

Thng bo kt thc hi thoi

Cung cp cc chc nng ring bit ca tng ng dng

Cc thng tin c cung cp gi tin RTCP cho php mi thnh vin

Cu trc IP im yu ny lin quan n cc h thng s dng mng