Hacking VoIP: Protocols, Attacks, and Countermeasures
and over one million other books are available for Amazon Kindle .
Learn more
| |||||||||||||||
 Trade In this Item for up to £9.85
Get an extra £5 when you trade in books worth £10 or more until June 30, 2012. Trade in Hacking VoIP: Protocols, Attacks, and Countermeasures for an Amazon.co.uk gift card of up to £9.85, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Find more products eligible for trade-in.
|
Frequently Bought Together
Product details
|
More About the Author
Product Description
Product Description
Voice Over Internet Protocol (VoIP) networks, the technology used to place phone calls through the Internet, suffer from the same security holes as standard IP networks, as well as new threats specific to telephony. In addition to attacks on network availability and authentication, administrators must contend with eavesdropping, audio injection, Caller ID spoofing, VoIP phishing, and other unique exploits. All of these security holes can result in the leakage of information and in unreliable phone calls. Hacking VoIP reviews the many possible VoIP attacks, and discusses the best defenses against them for both enterprise and home VoIP solutions. Author Himanshu Dwivedi introduces popular security assessment tools, describes the inherent vulnerabilities of common hardware and software packages, and provides the first ever VoIP security audit program. The book covers common enterprise VoIP protocols such as SIP and RTP as well as unique protocols like H.323 and IAX.
About the Author
Himanshu Dwivedi is a leading security expert and researcher. He has published four books, Hacking Exposed: Web 2.0 (McGraw-Hill), Securing Storage (Addison Wesley), Hacker's Challenge 3 (McGraw-Hill), and Implementing SSH (Wiley). A founder of iSEC Partners, Himanshu manages iSEC's product development and engineering, specialized security solutions, and the creation of security testing tools for customers.
Inside This Book
(Learn More)
Tags Customers Associate with This Product(What's this?)Click on a tag to find related items, discussions, and people.
|
What Other Items Do Customers Buy After Viewing This Item?
Customer Reviews
Most Helpful Customer Reviews
0 of 1 people found the following review helpful
Format:Paperback
This is a very short book, so I will try to keep the review short too.
I have tried to stay clear of VoIP networks, phones, software, hacking - while keeping an eye out for major problems. The monster called VoIP includes just to many protocols and I have a lot of work doing internet security as it is.
During the last few years though, people are moving even more into VoIP phones and thus I have read a few resources about VoIP, attended a few conference presentations about VoIP security - but not really gotten dirty with hacker tools for VoIP. I asked for a review copy of this book and one was provided by the nice people of No Starch.
This has changed and this book is the reason, because Hacking VoIP is a very practical book that will get you started hacking VoIP networks.
The book is very short, which is great, I like books that you can actually read from cover to cover. The content is also presented clearly with excellent wording and just enough detail to get me started. The book also list precise tools, programs and even allows you to download configurations and special tools.
The problems described are very real and the scenarios are precisely what is found in real life. The target audience for this book is specified as VoIP administrators, but being a security consultant myself I think the actual target audience is a bit wider. The level needed to do the lab exercises is consistent with a VoIP administrator, which have had some experience using Asterisk/BackTrack.
This book also present a VoIP Security Audit Program (VSAP) which I think is a great idea and resource for people to audit their own systems.
To summarize the Good stuff:
Short - this book is short, so you can actually finish it
Practical - using the tools described you will be able to get a VoIP network running quickly
Contents - Specific VoIP stuff, not generic hacker stuff
Writing style - excellent
The Bad stuff about this book:
Repeated content - chapter 8 contains some sniffing and injection which is repeated from chapter 4, including half page screen shoots :-( This might be more of an editorial problem, but having a 200 page book which repeats itself?!
More content would be interesting, for example fuzzing is introduced but more could have been described. Clearly the author has a lot of knowledge about hacking VoIP, so I think he could have easily added another 50-100 pages more.
Conclusion
The book does whet my appetite and lets me get started Hacking VoIP immediately which is the goal. Having obtained that goal I will be able to continue working with VoIP security and understand the new attacks being published. I recommend it for people getting into this area.
I have tried to stay clear of VoIP networks, phones, software, hacking - while keeping an eye out for major problems. The monster called VoIP includes just to many protocols and I have a lot of work doing internet security as it is.
During the last few years though, people are moving even more into VoIP phones and thus I have read a few resources about VoIP, attended a few conference presentations about VoIP security - but not really gotten dirty with hacker tools for VoIP. I asked for a review copy of this book and one was provided by the nice people of No Starch.
This has changed and this book is the reason, because Hacking VoIP is a very practical book that will get you started hacking VoIP networks.
The book is very short, which is great, I like books that you can actually read from cover to cover. The content is also presented clearly with excellent wording and just enough detail to get me started. The book also list precise tools, programs and even allows you to download configurations and special tools.
The problems described are very real and the scenarios are precisely what is found in real life. The target audience for this book is specified as VoIP administrators, but being a security consultant myself I think the actual target audience is a bit wider. The level needed to do the lab exercises is consistent with a VoIP administrator, which have had some experience using Asterisk/BackTrack.
This book also present a VoIP Security Audit Program (VSAP) which I think is a great idea and resource for people to audit their own systems.
To summarize the Good stuff:
Short - this book is short, so you can actually finish it
Practical - using the tools described you will be able to get a VoIP network running quickly
Contents - Specific VoIP stuff, not generic hacker stuff
Writing style - excellent
The Bad stuff about this book:
Repeated content - chapter 8 contains some sniffing and injection which is repeated from chapter 4, including half page screen shoots :-( This might be more of an editorial problem, but having a 200 page book which repeats itself?!
More content would be interesting, for example fuzzing is introduced but more could have been described. Clearly the author has a lot of knowledge about hacking VoIP, so I think he could have easily added another 50-100 pages more.
Conclusion
The book does whet my appetite and lets me get started Hacking VoIP immediately which is the goal. Having obtained that goal I will be able to continue working with VoIP security and understand the new attacks being published. I recommend it for people getting into this area.
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
4 reviews
1 of 1 people found the following review helpful
For System Administrators
26 Jan 2011
Format:Paperback|Amazon Verified Purchase
The opening of this book clearly explains that this book is for people who are system administrators. I would like to add that this book seems to be for system administrators who are just too busy with everything else to care about technicalities of the security and don't know much about security in general.
However, when I saw No Starch Press released this book, I was not expecting the contents to be so tame. The bulk of the book is how man in the middle attacks effect the different protocols and the multitudes of denial of service attacks using legitimate VoIP commands. However, the details are mostly just glossed over and a very general overview is given for the attack and then a tool is provided. How to use tools and the exact switches are perhaps half of the explanations in the book. For those who understand man in the middle, how there is no trust in UDP, and how to read RFC's, you will find little in this book that is interesting. This is the reason why I gave the book a 3 despite it being exactly what the title says.
Not all of the book was bad. Chapter 7 is on unconventional VoIP attacks and gives the reader some interesting ideas on how VoIP attacks can be used. The first half of Chapter 6 shows client configuration abuses and is the type of material I was expecting from this book.
If you are a system administrator who doesn't know much about security and would like to read some quick overview of VoIP insecurities without technicalities, this is the perfect book for you. If you were looking for a technical guide on VoIP security, then look elsewhere.
However, when I saw No Starch Press released this book, I was not expecting the contents to be so tame. The bulk of the book is how man in the middle attacks effect the different protocols and the multitudes of denial of service attacks using legitimate VoIP commands. However, the details are mostly just glossed over and a very general overview is given for the attack and then a tool is provided. How to use tools and the exact switches are perhaps half of the explanations in the book. For those who understand man in the middle, how there is no trust in UDP, and how to read RFC's, you will find little in this book that is interesting. This is the reason why I gave the book a 3 despite it being exactly what the title says.
Not all of the book was bad. Chapter 7 is on unconventional VoIP attacks and gives the reader some interesting ideas on how VoIP attacks can be used. The first half of Chapter 6 shows client configuration abuses and is the type of material I was expecting from this book.
If you are a system administrator who doesn't know much about security and would like to read some quick overview of VoIP insecurities without technicalities, this is the perfect book for you. If you were looking for a technical guide on VoIP security, then look elsewhere.
3 of 4 people found the following review helpful
An Excellent VoIP Security manual
22 July 2009
Format:Paperback
Eureka! What a pleasant surprise. This is the best Hacking book I have ever read. as matter of fact the book scared me so much that if asked I would classify it as "non-fictional horror".
According to Himanshu Dwivedi "Hacking VoIP is a security book written primarily for VoIP administrators"; This statement is in the introduction of the book, that is the only thing I did not find to be true, I like to change that statement to read something like " .....a security book written primarily for Information Security and Auditors it can also be used by VoIP administrators.....".
I accidentally started reading this book, and I just got hooked. The book is devided into 4 sections;
1-Introduction VoIP Security
2-VoIP Protocols
3-Security treats
4-Securing and Auditing VoIP
The 4 sections are contained in very well organized 10 Chapters. Each chapter, no each line of each chapter is a list of ingredients needed to break in to a VoIP phone, switch or a server.
The author goes at great lengths creating a VoIP lab, following his step by step recommendations and downloading the programs listed, I actually created the exact same lab, I have no idea why. Than downloaded the hacking tools, which should go in the blacklisted application database of every business, once again following the steps outlined in the book I could actually break into conversations, change caller ID (you can really play sick tricks with this feature), and realize that the 6 character password I have for my voice mail is actually crackable in less than 10 minutes.
OK!, Where is the beef? You may ask, how can I use this book? Well! Up to Chapter 9 you learn what a malicious person is or may try to do. Chapter 10 you learn to identify weaknesses and block the attempts, integrating this with a well planned Information Security Management System such as ISO 27001, and creating an audit plan based on recommendations, you can rest assured that your VoIP is secured, you probable need to read about implementing 802.1x, this is also a recommendation in the book.
Best Fishes and thanks for reading.
According to Himanshu Dwivedi "Hacking VoIP is a security book written primarily for VoIP administrators"; This statement is in the introduction of the book, that is the only thing I did not find to be true, I like to change that statement to read something like " .....a security book written primarily for Information Security and Auditors it can also be used by VoIP administrators.....".
I accidentally started reading this book, and I just got hooked. The book is devided into 4 sections;
1-Introduction VoIP Security
2-VoIP Protocols
3-Security treats
4-Securing and Auditing VoIP
The 4 sections are contained in very well organized 10 Chapters. Each chapter, no each line of each chapter is a list of ingredients needed to break in to a VoIP phone, switch or a server.
The author goes at great lengths creating a VoIP lab, following his step by step recommendations and downloading the programs listed, I actually created the exact same lab, I have no idea why. Than downloaded the hacking tools, which should go in the blacklisted application database of every business, once again following the steps outlined in the book I could actually break into conversations, change caller ID (you can really play sick tricks with this feature), and realize that the 6 character password I have for my voice mail is actually crackable in less than 10 minutes.
OK!, Where is the beef? You may ask, how can I use this book? Well! Up to Chapter 9 you learn what a malicious person is or may try to do. Chapter 10 you learn to identify weaknesses and block the attempts, integrating this with a well planned Information Security Management System such as ISO 27001, and creating an audit plan based on recommendations, you can rest assured that your VoIP is secured, you probable need to read about implementing 802.1x, this is also a recommendation in the book.
Best Fishes and thanks for reading.
2 of 3 people found the following review helpful
Great resource to understand VoIP security
7 April 2009
Format:Paperback
Voice over IP (VoIP) communications are a core component of the next wave of communications. Consumers and enterprises both are beginning to grasp the benefits of VoIP communications and making the switch from traditional voice communications to VoIP.
VoIP can be a double-edged sword as well though. It provides cost savings. It adds flexibility and extensibility that isn't possible with traditional telephone communications. It enables a whole new scope of applications to interact with and leverage voice communications in whole new ways.
However, with all of those benefits, it also merges voice data onto the standard data network and exposes what was a relatively secure system to a wide variety of attacks and exploits. Traditional voice attacks like eavesdropping or wiretapping are still issues, but on a grander scale. And now voice communications can also be subjected to denial-of-service (DoS) and man-in-the-middle (MiTM) and other attacks that have traditionally been reserved for data networks.
With Hacking VoIP: Protocols, Attacks, and Countermeasures from No Starch Press, Himanshu Dwivedi explores the security issues inherent with VoIP communications and how to protect your VoIP system against them.
Dwivedi opens the book by walking through how to build a VoIP lab environment to use as you read through the book to get first-hand experience and understanding of the VoIP attacks and exploits and the countermeasures to use against them. This hands-on experience helps the reader to see the attacks in action rather than just reading about them.
The book provides a good background on the VoIP protocols themselves, and Dwivedi does an excellent job of explaining the weaknesses and exploits. VoIP admins should read this book and follow Dwivedi's advice to protect their VoIP environments.
VoIP can be a double-edged sword as well though. It provides cost savings. It adds flexibility and extensibility that isn't possible with traditional telephone communications. It enables a whole new scope of applications to interact with and leverage voice communications in whole new ways.
However, with all of those benefits, it also merges voice data onto the standard data network and exposes what was a relatively secure system to a wide variety of attacks and exploits. Traditional voice attacks like eavesdropping or wiretapping are still issues, but on a grander scale. And now voice communications can also be subjected to denial-of-service (DoS) and man-in-the-middle (MiTM) and other attacks that have traditionally been reserved for data networks.
With Hacking VoIP: Protocols, Attacks, and Countermeasures from No Starch Press, Himanshu Dwivedi explores the security issues inherent with VoIP communications and how to protect your VoIP system against them.
Dwivedi opens the book by walking through how to build a VoIP lab environment to use as you read through the book to get first-hand experience and understanding of the VoIP attacks and exploits and the countermeasures to use against them. This hands-on experience helps the reader to see the attacks in action rather than just reading about them.
The book provides a good background on the VoIP protocols themselves, and Dwivedi does an excellent job of explaining the weaknesses and exploits. VoIP admins should read this book and follow Dwivedi's advice to protect their VoIP environments.
Were these reviews helpful?
Let us know
Listmania!
Look for similar items by category
- Books > Computing & Internet > Digital Lifestyle > Online Shopping > Amazon
- Books > Computing & Internet > Hardware > Peripherals
- Books > Computing & Internet > Networking & Security > Security > Network Security
- Books > Science & Nature > Engineering & Technology > Electronics & Communications Engineering > Telephone & Wireless Technology
- Books > Scientific, Technical & Medical
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
|
