How to Cheat at VoIP SecurityBy
- Thomas Porter, CISSP, CCNP, CCDA, CCS, Director of IT Security, FIFA 2006 World Cup
- Michael Gough, Computer security consultant, host and webmaster, www.SkypeTips.com and www.VideoCallTips.com
The Perfect Reference for the Multitasked SysAdminThis is the perfect guide if VoIP engineering is not your specialty. It is the perfect introduction to VoIP security, covering exploit tools and how they can be used against VoIP (Voice over IP) systems. It gives the basics of attack methodologies used against the SIP and H.323 protocols as well as VoIP network infrastructure. * VoIP Isnt Just Another Data ProtocolIP telephony uses the Internet architecture, similar to any other data application. However, from a security administrators point of view, VoIP is different. Understand why. * What Functionality Is Gained, Degraded, or Enhanced on a VoIP Network?Find out the issues associated with quality of service, emergency 911 service, and the major benefits of VoIP.* The Security Considerations of Voice MessagingLearn about the types of security attacks you need to protect against within your voice messaging system.* Understand the VoIP Communication ArchitecturesUnderstand what PSTN is and what it does as well as the H.323 protocol specification, and SIP Functions and features.* The Support Protocols of VoIP EnvironmentsLearn the services, features, and security implications of DNS, TFTP, HTTP, SNMP, DHCP, RSVP, SDP, and SKINNY.* Securing the Whole VoIP InfrastructureLearn about Denial-of-Service attacks, VoIP service disruption, call hijacking and interception, H.323-specific attacks, and SIP-specific attacks.* Authorized Access Begins with AuthenticationLearn the methods of verifying both the user identity and the device identity in order to secure a VoIP network.* Understand Skype SecuritySkype does not log a history like other VoIP solutions; understand the implications of conducting business over a Skype connection.* Get the Basics of a VoIP Security PolicyUse a sample VoIP Security Policy to understand the components of a complete policy.
System Administrators; Security Professionals
Paperback, 432 Pages
Published: June 2007
- Chapter 1: Introduction to VoIP SecurityChapter 2: The Hardware InfrastructureChapter 3: ArchitecturesChapter 4: Support ProtocolsChapter 5: VoIP ThreatsChapter 6: Confirming User IdentityChapter 7: Security MonitoringChapter 8: Segregating Network TrafficChapter 9: VoIP IETF Encryption SolutionsChapter 10: Skype SecurityChapter 11: Skype Firewall SetupAppendix A: Sample VoIP Security Policy