About the Book
Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way
"This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies." --Ron Gula, CTO of Tenable Network Security
Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.
Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardware
Fortify Cisco, Avaya, and Asterisk systems
Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
Thwart number harvesting, call pattern tracking, and conversation eavesdropping
Measure and maintain VoIP network quality of service and VoIP conversation quality
Stop DoS and packet flood-based attacks from disrupting SIP proxies and phones
Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
Avoid insertion/mixing of malicious audio
Learn about voice SPAM/SPIT and how to prevent it
Defend against voice phishing and identity theft scams
Table of Contents:
Part I: Casing the EstablishmentChapter 1: Footprinting a VoIP NetworkChapter 2: Scanning a VoIP NetworkChapter 3: Enumerating a VoIP NetworkPart II: Exploiting the VoIP Underlying PlatformsChapter 4: VoIP Network Infrastructure Denial of Service (DoS)Chapter 5: VoIP Network EavesdroppingChapter 6: VoIP Interception and ModificationPart III: Exploiting Specific VoIP PlatformsChapter 7: Cisco Unified CallManagerChapter 8: Avaya Communication ManagerChapter 9: AsteriskChapter 10: Emerging Softphone TechnologiesPart IV : VoIP Session and Application HackingChapter 11: VoIP FuzzingChapter 12: Flood-based Disruption of ServiceChapter 13: Signaling and Media ManipulationPart V: Social ThreatsChapter 14: SPAM over Internet Technology (SPIT)Chapter 15: Voice PhishingIndex
About the Author :
David Endler is the director of security research for 3Com's security division, TippingPoint, where he oversees product security testing, the VoIP security research center, and their vulnerability research team. While at TippingPoint, David founded an industry-wide group called the Voice over IP Security Alliance (VOIPSA) in 2005. VOIPSAs mission is to help VoIP adoption by promoting the current state of VoIP security research, testing methodologies, best practices, and tools. David is currently the chairman of VOIPSA which boasts over 100 members from the VoIP vendor, carrier, and security space (http://www.voipsa.org). Prior to TippingPoint, David was the technical director at security services startup, iDefense, Inc. which was acquired by VeriSign. iDefense specializes in cyber security intelligence, tracking the activities of cyber-criminals and hackers, in addition to researching the latest vulnerabilities, worms, and viruses. Prior to iDefense, David spent many years in cutting edge security research roles with Xerox Corporation, the National Security Agency, and Massachusetts Institute of Technology. As an internationally recognized security expert, David is a frequent speaker at major industry conferences and has been quoted and featured in many top publications and media programs including the Wall Street Journal, USA Today, BusinessWeek, Wired Magazine, the Washington Post, CNET, Tech TV, and CNN. David has authored numerous articles and papers on computer security, and was named one of the Top 100 voices in IP Communications by IP Telephony Magazine. David is a Summa Cum Laude graduate from Tulane University where he earned a Bachelors degree and Masters degree in Computer Science.
Mark Collier is the Chief Technology Officer at SecureLogix corporation, where he directs the companies Voice Over IP (VoIP) security research and development. Mark also defines and conducts VoIP security assessments for SecureLogixs enterprise customers. Mark is actively performing research for the US Department of Defense, with a focus on developing SIP vulnerability assessment tools. Prior to SecureLogix, Mark was with Southwest Research Institute (SwRI), where he directed a group performing research and development in the areas of computer security and information warfare. Mark is a frequent speaker at major voice and security conferences. Mark has authored numerous articles and papers on VoIP security. Mark is also a founding member of the Voice Over IP Security Alliance (VoIPSA). Mark is a Magna Cum Laude graduate from St. Marys University, where he earned a Bachelors degree in Computer Science.
