Description

Seven Deadliest Unified Communications Attacks provides a comprehensive view of the seven deadliest attacks against a unified communications (UC) infrastructure. It looks at the intersection of the various communication technologies that make up UC, including Voice over IP (VoIP), instant message (IM), and other collaboration technologies. The book consists of seven chapters that cover the following: attacks against the UC ecosystem and UC endpoints; eavesdropping and modification attacks; control channel attacks; attacks on Session Initiation Protocol (SIP) trunks and public switched telephone network (PSTN) interconnection; attacks on identity; and attacks against distributed systems. Each chapter begins with an introduction to the threat along with some examples of the problem. This is followed by discussions of the anatomy, dangers, and future outlook of the threat as well as specific strategies on how to defend systems against the threat. The discussions of each threat are also organized around the themes of confidentiality, integrity, and availability.

Key Features

  • Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
  • Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
  • Institute countermeasures, don’t be caught defenseless again, and learn techniques to make your computer and network impenetrable

Readership

Information security professionals of all levels; recreational hackers

Table of Contents

Acknowledgments About the Author Introduction Chapter 1 The Unified Communications Ecosystem     Anatomy of Attacks against the UC Ecosystem     Dangers Associated with the UC Ecosystem          DoS/Availability          Toll Fraud          Exposure of Information     Future of Attacks against the UC Ecosystem          Social Software and Services          Public Versus Private Information          Federation          Mashups and APIs          It’s All about the Cloud          Bright Shiny Objects     How to Defend Your UC Ecosystem          Strategy #1: Identify All Ecosystem Components          Strategy #2: Develop Security Plans for All Components          Strategy #3: Engage in Holistic Ecosystem Testing     Summary Chapter 2 Insecure Endpoints     Anatomy of Attacks against UC Endpoints          General DoS Attacks          Finding Endpoints to Attack          Default Passwords          Hidden Accounts          Undocumented Services          Web Exploits          Protocol Fuzzing          Local Files     Dangers of Attacks on Endpoints          Denial of Service or Availability          Toll Fraud          Eavesdropping or Exposure of Information          Annoyance     The Future of Attacks against UC Endpoints          More Powerful Endpoints          Migration into Software          Commodity Operating Systems          Heterogeneous Deployments          Mobility          Massively Distributed Endpoints     How to Defend Your Endpoints          Strategy #1: Identify All Connected Endpoints          Strategy #2: Change Default Passwords!          Strategy #3: Turn off Unnecessary Services          Strategy #4: Develop Patch Plans for All Endpoints          Strategy #5: Understand How to Update and Secure Remote Endpoints     Summary Chapter 3 Eavesdropping and Modification     Anatomy of Eavesdropping and Modification Attacks          Getting between the Endpoints          Using Wireshark to Capture Voice   

Details

No. of pages:
224
Language:
English
Copyright:
© 2010
Published:
Imprint:
Syngress
Print ISBN:
9781597495479
Electronic ISBN:
9781597495486

About the author

Dan York

Dan York (CISSP) is the Best Practices Chair for the VOIP Security Alliance (VOIPSA) as well as the producer of "Blue Box: The VoIP Security Podcast" where since October 2005 he and co-host Jonathan Zar have discussed VOIP security news and interviewed people involved in the field. Dan is employed as the Director of Conversations at Voxeo Corporation heading up the company's communication through both traditional and new/social media. Previously, Dan served in Voxeo's Office of the CTO focused on analyzing/evaluating emerging technology, participating in industry standards bodies and addressing VoIP security issues. Since the mid-1980s Dan has been working with online communication technologies and helping businesses and organizations understand how to use and participate in those new media. Dan frequently presents at conferences, has authored multiple books on Linux and networking and writes extensively online at sites such as www.voipsa.org/blog and www.disruptivetelephony.com.

Affiliations and Expertise

(CISSP)

Reviews

York’s The Seven Deadliest Unified Communications Attacks mentioned in article on UnifiedCommunicationsEdge.com