Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions: Voice Over IP Security Secrets and Solutions Paperback – 1 Jan 2007
There is a newer edition of this item:
Customers also shopped for
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?
The internationally bestselling "Hacking Exposed" series now covers VoIP New in the tried-and-true. "Hacking Exposed" series is this comprehensive guide to security for Voice over IP. VoIP is a powerful new communications technology that is prone to attacks such as SPIT, Voicemail Brute forcing, Caller ID Spoofing, Registration Hijacking, active directory number harvesting, and more. "Hacking Exposed VoIP" shows you how to proactively fuzz VoIP components for potential vulnerabilities using freely and commercially available tools. You will gain access to the companion website, which contains links to the latest tools, downloadable code samples, book updates, and more.
From the Back Cover
Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way
"This book illuminates how remote users can probe, sniff, and modify your
phones, phone switches, and networks that offer VoIP services. Most
importantly, the authors offer solutions to mitigate the risk of deploying
VoIP technologies." --Ron Gula, CTO of Tenable Network Security
Block debilitating VoIP attacks by learning how to look at your network and
devices through the eyes of the malicious intruder. Hacking Exposed VoIP
shows you, step-by-step, how online criminals perform reconnaissance, gain
access, steal data, and penetrate vulnerable systems. All hardware-specific
and network-centered security issues are covered alongside detailed
countermeasures, in-depth examples, and hands-on implementation techniques.
Inside, you'll learn how to defend against the latest DoS,
man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling
and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.
Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks
Fortify Cisco, Avaya, and Asterisk systems
Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
Thwart number harvesting, call pattern tracking, and conversation
Measure and maintain VoIP network quality of service and VoIP conversation
Stop DoS and packet flood-based attacks from disrupting SIP proxies and
Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
Avoid insertion/mixing of malicious audio
Learn about voice SPAM/SPIT and how to prevent it
Defend against voice phishing and identity theft scams
There was a problem filtering reviews right now. Please try again later.
Chapter 1 talks about Google hacking, or in other words, using the Internet to find out things about a target network. They show that Google can be a crucial tool in finding out what type of hardware and software you use in your VoIP networks, and in some cases will give vital clues even about how to login to the management systems of your network from the Internet. If this doesn't scare the bejesus out of you, then proceed on to further chapters about more VoIP-specific issues.
Chapters 2 and 3 detail the kind of tools a hacker might use to scan your network and enumerate all the devices, i.e. build their own map of how your network is laid out, right down to the telephone numbers and MAC addresses of desktop phones. Chapter 4 talks about Denial-of-Service, and the kind of attack resources that hackers might use to cripple a telephony network.
Chapter 5 is on VoIP eavesdropping, talking about some existing tools that can be used for this (Oreka, Wireshark and the unpleasantly named vomit), and as in the earlier chapters, some suggestions on how to defend against such a type of threat. Chapter 6 goes further to explain how a VoIP man-in-the-middle attack might be mounted, giving the possibility not just to listen, but to modify, replace or remix the audio stream.
Chapters 7, 8, 9 talk about specific platform threats, namely to Cisco Unified CallManager, Avaya Communication Manager and the Asterisk PBX. The vendors have added their own comment to these chapters, at the request of the authors. Chapter 10 takes in Softphones, including Google Talk, Gizmo, Yahoo and of course the ever popular Skype.
Chapter 11 describes VoIP fuzzing, or in other words, testing protocol stacks for flaws, so this is useful for those developing VoIP systems and applications. Chapter 12 talks about disruption of networks using flooding techniques and chapter 13 talks about Signaling and Media Manipulation.
The final section of the book is entitled Social Threats, and talks about SPAM over Internet Telephony (SPIT) in Chapter 14, followed by Voice Phishing in Chapter 15. Neither of these threats are in frequent use yet, but their use is certain to increase in the future, so this is a good moment to get to grips with what this means.
This is a highly technical book, but for managers responsible for IT security but not immersed in the details I would say this: buy the book, and read the case studies. There are five sections to the book, and each starts with a short case study. Invest 20 minutes in reading these, and you will start to get an appreciation for how important VoIP Security will be in the future. Then pass the book on to your hands-on security guy and tell him to read it from cover to cover.
Most helpful customer reviews on Amazon.com
It's definitely focused on SIP and RTP, and focused on Enterprise VoIP deployments. The authors appear to be unaware of hosted / carrier VoIP, such as used by Verizon. The authors don't mention anything about BroadSoft BroadWorks, MetaSwitch, Acme Packet, Sylantro, or others, though their general technology coverage certainly relates to these systems. I also wish they had considered some of the very popular SIP phones -- e.g., Linksys and Polycom.
They give examples of using numerous VoIP security-scanning / exploit tools. The theoretical attacker in the book likely has physical access to the target network, or at least layer-2 (Ethernet) access. Many of the attacks are much more difficult or impossible if you're attacking across the Internet.
Still, coverage of the tools is very useful to a Carrier VoIP researcher.
They are Great Books!! ---That is my opinion!