Có ai quan tâm đến NGN ko ạ? Xin mời vào đây!

NGN Control
The intelligence to control voice and voice-data (multimedia) services/features resides in the Call Feature Server/Signaling & Media Gateway Controller. The hundreds of valuable and existing voice services/features including IN are made available to any user (IP-clients, multi-service access, mobile users, tra***ional voice subscribers) in the Next Generation Network. Even more, to provide new end-user applications the voice control services need to be accessed via open programming interfaces. In its role as Signaling Gateway it acts as the logical interface to the signaling of today''''s voice world, using the signaling system SS7 as a standardized
signaling protocol. As a Media Gateway Controller it provides the necessary intelligence to the media gateways via the standardized open "Media Gateway Control Protocol" (MGCP/MEGACO).
NGN Core:
The Media Gateways are the mediation devices to connect existing circuit switched networks to the IP backbone. They provide direct interfaces to the bearer trunks of the circuit-switched fixed and mobile voice world, and convert the TDM media streams into IP packets. These gateways simply work as plain mediation devices, unable to handle the network intelligence and thus to control voice-data (multimedia)
services. Media gateways, deployed in a big number at the edge of the NGN, purposely do not have the intelligence of the Media Gateway Controller. Intelligent gateways would require a permanent update of user, service and network information, which would ultimately lead to an almost unmanageable network and would prevent rapid introduction of new value added services.
NGN Access:
The future of access technology is customer premises equipment on the basis of IPclients. Typical types are IP-based PBXs, IP-phones as well as Voice Online PCs using standardized, interfaces, like H.323 and SIP. The Multi-service Access provides the complete portfolio of access services, e.g. xDSL broadband, VoDSL and tra***ional voice subscriber services (POTS/ISDN). It consolidates all traffic onto IP
backbones and is controlled by the Media Gateway Controller via MGCP/MEGACO.
NGN Management:
Management of the NGN is done by a Service and Network Management System S & NMS, which provides for end-to-end management across all NGN building blocks. Domain management with open northbound interfaces, as well as cross-domain functions efficiently perform service provisioning for mass deployment and network/service fault and performance supervision.
(to be continued ...)
Được alibaba00 sửa chữa / chuyển vào 08:59 ngày 21/09/2005

Thêm câu hỏi nữa cho Alibaba research đây nè ...


Subcriber gateway ,,, ! Subcriber sẽ không chỉ có nhu cầu về voice (dạng TDM) mà còn có luôn nhu cầu về data (dạng packets) . Tất nhiên rồi, NGN là để giúp cho subcriber có thể dùng voice & data mà .
Vậy tại sao , cái đường xanh xanh input vô trong subcriber gateway đó lại chỉ có TDM (carrying voice) thôi vậy ?
What are the things missing here ?
Nếu chỉ có simple như vậy thì NGN chẳng qua chỉ là một cái solution Voice-Over-IP thôi sao ? Where are the data path carrying internet data ?
Được thuyenxaxu sửa chữa / chuyển vào 22:47 ngày 22/09/2005

Để ý cái topic này lâu lắm rồi mà đến bi giờ mới có thời gian vào đọc / học . Cám ơn mấy bạn đã post nhiều bài hay lắm, .... tuy là mommy cũng chưa có hiểu hết, nhiều từ ngữ mới quá vừa đọc vừa tra từ điển GOOGLE quá xá.
Cho hỏi, trước giờ mommy cứ nghĩ 3G là next generation mà sao trong cái topo bạn Alibaba post ở trang đầu (quoted below) thấy 3G chỉ là 1 phần trong NGN, vậy thực ra 3G là gì vậy ? Thanks.

Picture này có thể answer cho anh Thuyền về câu hỏi trên:

Pic này so sánh về mô hình các mạng truyền thống và NGN:

Còn chị mommy hỏi về 3G? chị trêu alibaba đấy à? chạy thôi

3G là ... 3 Girls !!! (kidding, chọc Mommy 1 tí) 3G chỉ là 1 phần nhỏ của NGN mà thôi . Nếu Mommy để ý, giờ trong sở làm của Mommy đang nói nhiều về wiMax lắm đó . wiMax cũng là 1 phần của NGN . Nói tóm lại, mạng nào mà có thể ra IP được đều sẽ là 1 phần của NGN cả !
Quý vị bên VN , sống ở SG, có để ý dạo này thien hạ hay sách labtops ra các quán cafe sành điệu sang trọng lớn ở SG để dùng labtop chăng ? Đó là họ đang dùng mạng Wi-Fi (wireless fidelity) của quán cafe đó . Wi-Fi là tên thông dụng bình dân của standard 802.11 hệ thống Wireless Lan . IEEE sáng lập ra nó .
wiMax là next generation của Wi-FI .
Cái phần WLAN trong diagram NGN có thể mở rộng ra chi tiết hơn của Wi-FI, wiMax, etc .... á !
Thuyền mà có thời gian, về VN, mở quán cafe có WiFi á . Làm quán cafe đó thành rạp chiếu phim ... cho từng người 1 luôn ! Bảo đảm hốt bạc vì dân SG nếu có tiền (hình như dân SG ai cũng giàu hết đó) thì họ khoái show off ra quán ngồi dùng labtop lắm !
Được thuyenxaxu sửa chữa / chuyển vào 23:30 ngày 04/10/2005

So sánh các mạng hiện nay và NGN theo mô hình 7 layers của OSI:

Cám ơn Thuyền nha, tìm thêm trên google hoá ra 3G là next generation mobile network, ... đúng là '' mommy ngồi đáy giếng '' nên mới hổng biết đó là cái giếng
Ừ Thuyền nhắc WiMax, mommy liếc qua bên cạnh đúng là thấy WiMax, Wi-Fi liền ... Đọc một hồi mà hổng hiểu được bao nhiêu, buồn ngủ quá .
@ Alibaba: Hỏi nghiêm túc mà ... lần sau đừng có bỏ chạy nữa nhe.

Mommy khiêm tốn quá nha ! Thuyền nhớ là có lần Mommy reply với stuffs từ www.3gpp.org mà ! Sạo thiệt đó ! (chọc Mommy 1 tí)
3G là 3rd generation mobile networks . Cách đây 6 năm thì còn mới mẻ khi mà release 99 mới ra . Còn bây giờ thì khá ư là matured rồi .
Alibaba , bạn post tiếp đi ... How about security aspect của NGN ? QoS ? Law Intercept ? How IP evolved along with NGN ?
Security aspect là một vấn đề đau đầu nhất hiện nay . Thật ra, muốn hack vô các networks trong 3G khá ư là dễ dàng . Bao gồm cả các hình thức Idenitiy clonning giống như ăn cắp ID in real life vậy đó .

Để alibaba post tiếp nhé? Đây là Security của VoIP nè!
IP Telephony Security: Deploying Secure IP Telephony in the Enterprise Network
Introduction
As voice over IP (VoIP) installations increasingly evolve from PBX trunking over private data networks to IP telephony (IPT)-based solutions ?" and, in some cases, incorporating public networks ?" it becomes increasingly important to recognize and
address associated security issues. The risk and threat to enterprises deploying IP telephony are very real, and although few incidents have been reported in public, these are expected to increase in number as IP telephony deployments increase in
number and size. Unless protective security measures are taken, the enterprise will be left open to privacy violation, fraud, and malicious attacks.
To mitigate these threats appropriately, the actual risks must be identified and mapped to a security framework. This framework can then be used to establish security requirements for the products used to obtain an appropriate level of security for the IPT solution. However, since IP telephony is a service that enables direct communication between end-user IP phones throughout an enterprise, it is critical that security measures allow this type of peer-to-peer traffic flow while protecting the telephony service. The telephony service is a convergence of the
enterprise voice and data infrastructure, so it is critical that a security strategy be implemented on an enterprisewide level within the enterprisewide security framework. These measures must be taken as VoIP projects are planned and executed, and if properly implemented, most risks can be adequately itigated.
Identifying and Understanding the Risks IP telephony is still a young technology with rapidly evolving products, and the initial focus typically is on issues other than security, such as telephony-grade reliability, voice quality, and telephony features. As a result, various solutions have been implemented in enterprise networks with only a limited degree of focus on
security issues. Therefore, a significant number of existing telephony deployments have been left unsecured, leaving both the telephony service and the enterprise IP network open to attack. This is often due to lack of understanding of the actual risk level, and even lack of recognition that security is a potential issue.
The first step toward securing an IP telephony solution is to gain understanding of the risks involved. General security risks can be grouped into the following four areas:
1. Interception and impersonation of IPT sessions invading privacy or tampering with information
2. Intrusion of other network services facilitated by the IPT implementation
3. Non-authorized or fraudulent use of IPT equipment
4. Malicious degradation of voice service (denial-of-service [DOS], virus, and hacker attacks)
An IPT application typically consists of proprietary software hosted on open or commercially available hardware and operating systems (e.g., Windows, Linux, Unix). The number of servers depends on vendor implementation as well as the
actual deployment. A telephony solution will typically consist of IP phones or softphones, call control servers performing telephony call routing as well as other control functions, and other devices such as voice gateways, mail servers, and
conference servers. These components will typically communicate via IP over Ethernet and may be interconnected via switches or routers.

Được alibaba00 sửa chữa / chuyển vào 15:34 ngày 06/10/2005

Therefore, the main areas of risk can be associated with IP-based attacks on vulnerabilities in the following areas:
õ? Vendor-specific software
õ? The hardware or OS platform hosting the software
õ? Communication between the components in the solution
õ? Other network-based devices and applications being enabled or facilitated by vulnerabilities in the design or implementation of the IP telephony solution
Evaluating Risks
The following are some of the risks that may exist in an IPT deployment.
Degraded Data Network Security
Due to Degraded Firewall Security An IPT session will have numerous protocols and port numbers associated with it. H.323 uses numerous protocols for signaling, and both H.323 and SIP use the real-time transport protocol (RTP) for media. The result is that an H.323 session may use seven to 11 port numbers õ?" only two are static; SIP uses at least three, with only one being static. An IPT session uses both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), and these may be initiated from both inside and outside the firewall. The standard firewall configuration is to open all potential application ports that may be used. For the IPT application, this can mean a large number of ports, creating unacceptable vulnerabilities.
Increased Capital Expen***ures Due to Degraded Firewall Performance
Often, an enterprise network will use a private IP address space partly for address conservation and partly to hide the internal network structure from a security point of view. Thus, the firewall will implement a network address translation (NAT) function. In the case of IPT, the application protocol (H.323 or SIP) will have an IP address embedded as well as the IP address used in the IP header. The NAT function must translate both IP addresses. The resulting increased processing load may lead to reduced firewall throughput.
Loss of Revenue Due to Loss of Communication
As a distributed system, IPT has many individual components that must be protected.
Attacks at any point can render the system unusable for one or more users:
õ? Endpoints and servers (including voice gateways, IP phones, and call control servers) may be targets of DOS attacks initiated from the IP network.
õ? Endpoints and servers may be infected with viruses that can degrade the IPT service or even propagate themselves to servers in the data network, leading to damaged data storage.
õ? Malicious attacks may lead to significant changes in routing protocols and other configuration information.
Excessive Operational Costs Due to Fraudulent Usage
Hackers in the IP network may gain unauthorized access to the IPT service via spoofing, replay attacks, or connection hijacking õ?" or simply due to lack of proper access control. Once hackers have gained access, the system can be hijacked for unauthorized uses, and very high usage bills can ensue.
The Compromising of Business or Personnel Information Stored on Servers in the Data Network
õ? A compromised IP telephony server may serve as a launching point for malicious attacks on other servers in the network. Other networks can also be compromised, which can potentially lead to legal retribution.
õ? Hackers in the IP network may gain access to call log files or voice messages and thereby obtain information about call and business activities (e.g., who the CEO is calling or who marketing and salespeople are calling, deducing business-critical insight).
Violation of Confidentiality by Interception of Communication
Because voice is transported over a shared IP network, an attack such as man-in the- middle is possible within the enterprise network by employees and others within a facility as well as in a public shared network. Although this risk is present
in tra***ional systems, it may be slightly elevated due to the shared nature of IP and Ethernet.
These risks may not all be applicable in all different types of IP telephony implementations, and it is important to establish an overall security policy in which all assets, potential risks, rules, mitigation methods, and products are listed. It is advisable to perform a risk assessment on existing IP telephony implementation, especially if these are older implementations based on older and less-advanced products. For new implementations, it is equally important to perform an initial crossdisciplined risk assessment, including a review of the impact on the data network.
Designing Secure IP Telephony Solutions
The objective is to integrate IP telephony and tra***ional data services onto a shared network infrastructure without compromising the security of either the voice or the IP network. A layered defense is essential: The IP telephony system by itself should not be assumed to mitigate all security risks. Neither should tra***ional network security measures be assumed to be enough on their own. Instead, a comprehensive risk mitigation strategy must be implemented in combination with IP telephony native features and standard network security measures.
These protective mechanisms must be applied in a holistic manner throughout the enterprise LAN as well as any potential WAN connections. IT organizations should create and implement an IP telephony security framework, using it to mitigate risks as well as to define security requirements for vendors. Failure to implement an IP telephony security framework is likely to expose company security breaches and
service disruptions, leading to expensive reactive measures.
Defining a Security Framework.
Two main principles of a security framework are the simplification of design and configuration, and the limitation of exposure. A useful strategy is to divide the actual solution into domains and to limit access rights to each domain depending on functions and associated trust levels within each domain.
This will assist in containing potential sources of risks and thereby facilitate simple and cost-effective risk mitigation.
The IPT domain model defines four domains based on the different types of generic functions involved in an IP telephony solution and the generic types of risk mitigation measures needed within each domain: 1) end-user devices; 2) IPT
media-related servers; 3) IPT call control-related servers; and 4) IPT operational and management access.
The model is focused not only on enhancing security by simplifying design, but also on the need to be practical and avoid unnecessary inconvenience. For this reason, the model differentiates between all user-dedicated devices (IP phones, PCs, and PC-based IPT client software) and IPT servers (call control server, conferencing server, voice mail server) and is divided into two trust levels, depending on user access needs and level of critical information.
End-User Devices
The domain where end-user PCs is placed is generally considered a high risk domain due to the potential for virus infection, and the risks of end users themselves engaging in undesirable activities. Therefore, this level should be described as the lowest trust level from an IPT service point of view, and only IPT assets without influence on the overall IPT service (e.g., IP phones, IPT PC clients) should be placed in this level. Devices associated with call control or systems administration should not be placed at this layer.
IPT Media-Related Servers
All IPT media-related servers such as gateways and message and conference servers are placed in a medium trust level. Access is voice traffic from voice devices (IP phones), except for operations and maintenance (O&M). No usersensitive or service-critical data should be accessible at this layer, but the layer must be widely accessible for all telephony traffic.
IPT Call Control-Related Servers
All IPT call handling-related servers (e.g., call control server, routing server, user database) are placed in a high trust level. These contain service-critical or potentially sensitive data and are the most critical element to protect against DOS attacks.
IPT Operational and Management Access
All IPT operational and management access must be restricted and accessed only via strong authentication control.
NgoỏÊnh nhơn lỏĂi cuỏằTc 'ỏằi nhặ giỏƠc mỏằTng
ĐặỏằÊc mỏƠt bỏĂi thành bỏằ-ng chỏằ'c hoĂ hặ  không ....
Được alibaba00 sửa chữa / chuyển vào 08:08 ngày 07/10/2005