Hacking Exposed VoIP: Voice Over IP Security Secrets and...

Features

• Cover Type: Paperback with 539 pages
• Published by: McGraw-Hill Osborne Media
• Edition: 1st Edition November 28, 2006
• Written in: English
• ISBN 10 Number: 0072263644
• ISBN 13 Number: 978-0072263640
• Book Dimensions: 9.1 x 7.3 x 1.2 inches
• Weighs: 2.1 pounds

Product Description


Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way

"This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies." --Ron Gula, CTO of Tenable Network Security

Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.

• Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardware
• Fortify Cisco, Avaya, and Asterisk systems
• Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
• Thwart number harvesting, call pattern tracking, and conversation eavesdropping
• Measure and maintain VoIP network quality of service and VoIP conversation quality
• Stop DoS and packet flood-based attacks from disrupting SIP proxies and phones
• Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
• Avoid insertion/mixing of malicious audio
• Learn about voice SPAM/SPIT and how to prevent it
• Defend against voice phishing and identity theft scams

About The Author


David Endler is the Director of Security Research for TippingPoint, a division of 3Com. Previously, he performed security research for Xerox Corporation, the NSA, and MIT.  Endler is also the chairman and founder of the Voice over IP Security Alliance.

Mark Collier is CTO for SecureLogix Corporation.  He is an expert author and frequent presenter on the topic of VoIP security. Collier is also a founding member of the Voice over IP Security Alliance.

Reader Reviews
Hacking Exposed: VoIP (HE:V) is the sort of HE book I like. It's fashionable to think HE books are only suitable for script kiddies who run tools they don't understand against vulnerable services they don't recognize. I like HE books because the good ones explain a technology from a security standpoint, how to exploit it, and how to defend it. I thought HE:V did well in all three areas, even featuring original research and experiments to document and validate the authors' claims. HE:V is a real eye-opener for those of us who don't perform VoIP pen testing or assessments. It's important to remember that the original HE books were written by Foundstone consultants who put their work experience in book form. HE books that continue this tradition tend to be successful, and HE:V is no exception. Good HE books also introduce a wide variety of tools and techniques to exploit weaknesses in targets, and HE:V also delivers in this respect. HE:V also extends attacks beyond what most people recognize. For example, everyone probably knows about low-level exploitation of VoIP traffic for call interception and manipulation. However, chapter 6 discusses application-level interception. HE:V goes the extra mile by introducing tools written by the authors specifically to implement attacks. In at least one case the authors also provide a packet capture (for the Skinny protocol) which I particularly appreciate. HE:V also looks ahead to attacks that are appearing but not yet prevalent, like telephony spam and voice phishing. Taken together, all of these features result in a great book. You should already be familiar with the common enumeration and exploitation methods found in HE 5th Ed, because the HE:V authors wisely avoid repeating material in other books (thank you). If you want to understand VoIP, how to attack it, and how to defend it, I highly recommend reading HE:V. The book is clear, thorough, and written by experts.