Securing VoIP Networks: Threats, Vulnerabilities, and...

• Cover Type: Paperback with 384 pages
• Published by: Addison-Wesley Professional
• Edition: 1st Edition August 11, 2007
• Written in: English
• ISBN 10 Number: 0321437349
• ISBN 13 Number: 978-0321437341
• Book Dimensions: 9.1 x 6.9 x 0.5 inches
• Weighs: 1.2 pounds

In Securing VoIP Networks, two leading experts systematically review the security risks and vulnerabilities associated with VoIP networks and offer proven, detailed recommendations for securing them. Drawing on case studies from their own fieldwork, the authors address VoIP security from the perspective of real-world network implementers, managers, and security specialists. The authors identify key threats to VoIP networks, including eavesdropping, unauthorized access, denial of service, masquerading, and fraud; and review vulnerabilities in protocol design, network architecture, software, and system configuration that place networks at risk. They discuss the advantages and tradeoffs associated with protection mechanisms built into SIP, SRTP, and other VoIP protocols; and review key management solutions such as MIKEY and ZRTP. Next, they present a complete security framework for enterprise VoIP networks, and provide detailed architectural guidance for both service providers and enterprise users.

1       Introduction

2       VoIP Architectures and Protocols

3       Threats and Attacks

4       VoIP Vulnerabilites

5       Signaling Protection Mechanisms

6       Media Protection Mechanisms

7       Key Management Mechanisms

8       VoIP and Network Security Controls

9       A Security Framework for Enterprise VoIP Networks

10     Provider Architectures and Security

11     Enterprise Architectures and Security

About The Author

Peter Thermos is CTO of Palindrome Technologies, which provides information

security consulting services to government and commercial organizations.

Peter started his career at Bellcore (now Telcordia) as a member of the technical

staff and later as a principal technical expert on key information security and

assurance tasks. He is a frequent speaker at conferences and industry forums

including the IEEE, MIS, IEC, ISACA, VON, and others. Peter is also known

for his contributions to the security community for discovering software

vulnerabilities, the release of SiVuS (The First VoIP Vulnerability Scanner)

and the vopsecurity.org Forum. Peter holds a Masters Degree in Computer

Science from Columbia University where he is currently furthering his

graduate studies.

Ari Takanen is founder and CTO of Codenomicon. Since 1998, Ari has

focused on information security issues in next-generation networks and security

critical environments. He began at Oulu University Secure Programming Group

(OUSPG) as a contributing member to PROTOS research that studied information

security and reliability errors in WAP, SNMP, LDAP, and VoIP implementations.

Ari and his company, Codenomicon Ltd. provide and commercialize automated

tools using a systematic approach to test a multitude of interfaces on mission-critical

software, VoIP platforms, Internet-routing infrastructure, and 3G devices.

Codenomicon and the University of Oulu aim to ensure new technologies are

accepted by the general public, by providing means of measuring and ensuring

quality in networked software. Ari has been speaking at numerous security and

testing conferences on four continents and has been invited to speak at leading

universities and international corporations.

Reader Reviews
A quick read of the first 1/3 of the book will cure you of your doubts VoIP can be attacked forever! It was almost painful reading; exploit approach after exploit approach, but I mean that in a good way like the pain you feel in your muscles after exercise. I was excited when this book came out, I have been following some of the author's Thermos and Takanen work and I think they were the perfect team for this book. I feel that Chapter 3 and 4, threats and attacks and VoIP vulnerabilities are by far the strongest chapters and they alone are worth the purchase price of the book. The majority of the rest of the book is focused on mitigating controls and it is solid writing, solid research, but not quite at the level of the pen test side of the book. Chapters ten and 11 are invaluable to anyone considering a VoIP deployment including a deployment where you are depending on a service provider. The charts and diagrams are clear and easy to understand, the whole book team is to be commended for that, this is a complex subject. If you are even thinking about VoIP, you should read this book. Comment | | (Report this)