Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions

Front Cover
McGraw Hill Professional, 2007 - Computers - 539 pages

Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way

"This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies." --Ron Gula, CTO of Tenable Network Security

Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.

  • Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardware
  • Fortify Cisco, Avaya, and Asterisk systems
  • Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
  • Thwart number harvesting, call pattern tracking, and conversation eavesdropping
  • Measure and maintain VoIP network quality of service and VoIP conversation quality
  • Stop DoS and packet flood-based attacks from disrupting SIP proxies and phones
  • Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
  • Avoid insertion/mixing of malicious audio
  • Learn about voice SPAM/SPIT and how to prevent it
  • Defend against voice phishing and identity theft scams

From inside the book

 

Contents

Scanning a VoIP Network
2
SIP Responses
4
RTP 101
10
Copyright

30 other sections not shown

Common terms and phrases

ARP poisoning Asterisk audio authentication Avaya Avaya Communication Manager Call-ID Chapter Cisco CallManager Cisco Unified CallManager configuration connection Content-Length Counter32 Countermeasures CSeq default Denial of Service deployment DHCP DHCP server eavesdropping encryption endpoint Enumerating a VoIP eth0 Ethernet filtered unknown firewall Flooding Attacks Google hacker Hacking Exposed VoIP header host ICMP Impact infrastructure INTEGER Interesting ports interface Internet INVITE IP address IP PBX IP Security Secrets Linux MAC Address Media Gateway Message Station Nmap open|filtered OPTIONS packet password Popularity PORT STATE SERVICE ports scanned Protocol REGISTER requests Risk Rating rogue SIP Secrets & Solutions Simplicity SIP phone SIP proxy SIP response sip_rogue application SIPSCAN Skype SNMP Snom softphone spoofing switch TCP port telnet TFTP TFTP server tool traffic UDP port udpflood username vendors Version VLAN Voice over IP voicemail VoIP applications VoIP Network VoIP phones vulnerabilities Wireshark

About the author (2007)

David Endler is the director of security research for 3Com's security division, TippingPoint, where he oversees product security testing, the VoIP security research center, and their vulnerability research team. While at TippingPoint, David founded an industry-wide group called the Voice over IP Security Alliance (VOIPSA) in 2005. VOIPSA's mission is to help VoIP adoption by promoting the current state of VoIP security research, testing methodologies, best practices, and tools. David is currently the chairman of VOIPSA which boasts over 100 members from the VoIP vendor, carrier, and security space (http://www.voipsa.org).Prior to TippingPoint, David was the technical director at security services startup, iDefense, Inc. which was acquired by VeriSign. iDefense specializes in cyber security intelligence, tracking the activities of cyber-criminals and hackers, in addition to researching the latest vulnerabilities, worms, and viruses. Prior to iDefense, David spent many years in cutting edge security research roles with Xerox Corporation, the National Security Agency, and Massachusetts Institute of Technology. As an internationally recognized security expert, David is a frequent speaker at major industry conferences and has been quoted and featured in many top publications and media programs including the Wall Street Journal, USA Today, BusinessWeek, Wired Magazine, the Washington Post, CNET, Tech TV, and CNN. David has authored numerous articles and papers on computer security, and was named one of the Top 100 voices in IP Communications by IP Telephony Magazine.David is a Summa Cum Laude graduate from Tulane University where he earned a Bachelors degree and Masters degree in Computer Science. Mark Collier is the Chief Technology Officer at SecureLogix corporation, where he directs the companies Voice Over IP (VoIP) security research and development. Mark also defines and conducts VoIP security assessments for SecureLogix's enterprise customers. Mark is actively performing research for the US Department of Defense, with a focus on developing SIP vulnerability assessment tools. Prior to SecureLogix, Mark was with Southwest Research Institute (SwRI), where he directed a group performing research and development in the areas of computer security and information warfare. Mark is a frequent speaker at major voice and security conferences. Mark has authored numerous articles and papers on VoIP security. Mark is also a founding member of the Voice Over IP Security Alliance (VoIPSA). Mark is a Magna Cum Laude graduate from St. Mary's University, where he earned a Bachelors degree in Computer Science.

Bibliographic information

TitleHacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
Hacking Exposed
AuthorsDavid Endler, Mark Collier
Editionillustrated
PublisherMcGraw Hill Professional, 2007
ISBN0072263644, 9780072263640
Length539 pages
Subjects ›  › 

Computers / Networking / General
Computers / Networking / Network Protocols
Computers / Security / General
Computers / Security / Network Security
Technology & Engineering / Telecommunications
  
Export CitationBiBTeX EndNote RefMan