Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, Second Edition

Front Cover
McGraw Hill Professional, Dec 20, 2013 - Computers - 560 pages
The latest techniques for averting UC disaster

Establish a holistic security stance by learning to view your unified communications infrastructure through the eyes of the nefarious cyber-criminal. Hacking Exposed Unified Communications & VoIP, Second Edition offers thoroughly expanded coverage of today’s rampant threats alongside ready-to deploy countermeasures. Find out how to block TDoS, toll fraud, voice SPAM, voice social engineering and phishing, eavesdropping, and man-in-the-middle exploits. This comprehensive guide features all-new chapters, case studies, and examples.

  • See how hackers target vulnerable UC devices and entire networks
  • Defend against TDoS, toll fraud, and service abuse
  • Block calling number hacks and calling number spoofing
  • Thwart voice social engineering and phishing exploits
  • Employ voice spam mitigation products and filters
  • Fortify Cisco Unified Communications Manager
  • Use encryption to prevent eavesdropping and MITM attacks
  • Avoid injection of malicious audio, video, and media files
  • Use fuzzers to test and buttress your VoIP applications
  • Learn about emerging technologies such as Microsoft Lync, OTT UC, other forms of UC, and cloud and WebRTC
 

Contents

Application Attacks
107
Exploiting the UC Network
233
UC Session and Application Hacking
357
Index
507
Copyright

Common terms and phrases

About the author (2013)

Mark Collier is the Chief Technology Officer at SecureLogix corporation, where he directs the companies Voice Over IP (VoIP) security research and development. Mark also defines and conducts VoIP security assessments for SecureLogix's enterprise customers. Mark is actively performing research for the US Department of Defense, with a focus on developing SIP vulnerability assessment tools. Prior to SecureLogix, Mark was with Southwest Research Institute (SwRI), where he directed a group performing research and development in the areas of computer security and information warfare. Mark is a frequent speaker at major voice and security conferences. Mark has authored numerous articles and papers on VoIP security. Mark is also a founding member of the Voice Over IP Security Alliance (VoIPSA). Mark is a Magna Cum Laude graduate from St. Mary's University, where he earned a Bachelors degree in Computer Science. David Endler is the director of security research for 3Com's security division, TippingPoint, where he oversees product security testing, the VoIP security research center, and their vulnerability research team. While at TippingPoint, David founded an industry-wide group called the Voice over IP Security Alliance (VOIPSA) in 2005. VOIPSA’s mission is to help VoIP adoption by promoting the current state of VoIP security research, testing methodologies, best practices, and tools. David is currently the chairman of VOIPSA which boasts over 100 members from the VoIP vendor, carrier, and security space (http://www.voipsa.org). Prior to TippingPoint, David was the technical director at security services startup, iDefense, Inc. which was acquired by VeriSign. iDefense specializes in cyber security intelligence, tracking the activities of cyber-criminals and hackers, in addition to researching the latest vulnerabilities, worms, and viruses. Prior to iDefense, David spent many years in cutting edge security research roles with Xerox Corporation, the National Security Agency, and Massachusetts Institute of Technology. As an internationally recognized security expert, David is a frequent speaker at major industry conferences and has been quoted and featured in many top publications and media programs including the Wall Street Journal, USA Today, BusinessWeek, Wired Magazine, the Washington Post, CNET, Tech TV, and CNN. David has authored numerous articles and papers on computer security, and was named one of the Top 100 voices in IP Communications by IP Telephony Magazine. David is a Summa Cum Laude graduate from Tulane University where he earned a Bachelors degree and Masters degree in Computer Science.

Bibliographic information