Seven Deadliest Unified Communications Attacks provides a comprehensive view of the seven deadliest attacks against a unified communications (UC) infrastructure. It looks at the intersection of the various communication technologies that make up UC, including Voice over IP (VoIP), instant message (IM), and other collaboration technologies.
The book consists of seven chapters that cover the following: attacks against the UC ecosystem and UC endpoints; eavesdropping and modification attacks; control channel attacks; attacks on Session Initiation Protocol (SIP) trunks and public switched telephone network (PSTN) interconnection; attacks on identity; and attacks against distributed systems. Each chapter begins with an introduction to the threat along with some examples of the problem. This is followed by discussions of the anatomy, dangers, and future outlook of the threat as well as specific strategies on how to defend systems against the threat. The discussions of each threat are also organized around the themes of confidentiality, integrity, and availability.
- Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
- Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
- Institute countermeasures, don’t be caught defenseless again, and learn techniques to make your computer and network impenetrable
Information security professionals of all levels; recreational hackers
Acknowledgments About the Author Introduction Chapter 1 The Unified Communications Ecosystem Anatomy of Attacks against the UC Ecosystem Dangers Associated with the UC Ecosystem DoS/Availability Toll Fraud Exposure of Information Future of Attacks against the UC Ecosystem Social Software and Services Public Versus Private Information Federation Mashups and APIs It’s All about the Cloud Bright Shiny Objects How to Defend Your UC Ecosystem Strategy #1: Identify All Ecosystem Components Strategy #2: Develop Security Plans for All Components Strategy #3: Engage in Holistic Ecosystem Testing Summary Chapter 2 Insecure Endpoints Anatomy of Attacks against UC Endpoints General DoS Attacks Finding Endpoints to Attack Default Passwords Hidden Accounts Undocumented Services Web Exploits Protocol Fuzzing Local Files Dangers of Attacks on Endpoints Denial of Service or Availability Toll Fraud Eavesdropping or Exposure of Information Annoyance The Future of Attacks against UC Endpoints More Powerful Endpoints Migration into Software Commodity Operating Systems Heterogeneous Deployments Mobility Massively Distributed Endpoints How to Defend Your Endpoints Strategy #1: Identify All Connected Endpoints Strategy #2: Change Default Passwords! Strategy #3: Turn off Unnecessary Services Strategy #4: Develop Patch Plans for All Endpoints Strategy #5: Understand How to Update and Secure Remote Endpoints Summary Chapter 3 Eavesdropping and Modification Anatomy of Eavesdropping and Modification Attacks Getting between the Endpoints Using Wireshark to Capture Voice
- No. of pages:
- © Syngress 2010
- 22nd April 2010
- eBook ISBN:
- Paperback ISBN:
Dan York (CISSP) is the Best Practices Chair for the VOIP Security Alliance (VOIPSA) as well as the producer of "Blue Box: The VoIP Security Podcast" where since October 2005 he and co-host Jonathan Zar have discussed VOIP security news and interviewed people involved in the field. Dan is employed as the Director of Conversations at Voxeo Corporation heading up the company's communication through both traditional and new/social media. Previously, Dan served in Voxeo's Office of the CTO focused on analyzing/evaluating emerging technology, participating in industry standards bodies and addressing VoIP security issues. Since the mid-1980s Dan has been working with online communication technologies and helping businesses and organizations understand how to use and participate in those new media. Dan frequently presents at conferences, has authored multiple books on Linux and networking and writes extensively online at sites such as www.voipsa.org/blog and www.disruptivetelephony.com.
York’s The Seven Deadliest Unified Communications Attacks mentioned in article on UnifiedCommunicationsEdge.com