COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Seven Deadliest Unified Communications Attacks - 1st Edition - ISBN: 9781597495479, 9781597495486

Seven Deadliest Unified Communications Attacks

1st Edition

Author: Dan York
Paperback ISBN: 9781597495479
eBook ISBN: 9781597495486
Imprint: Syngress
Published Date: 22nd April 2010
Page Count: 224
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Seven Deadliest Unified Communications Attacks provides a comprehensive coverage of the seven most dangerous hacks and exploits specific to Unified Communications (UC) and lays out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.

The book describes the intersection of the various communication technologies that make up UC, including Voice over IP (VoIP), instant message (IM), and other collaboration technologies. There are seven chapters that focus on the following: attacks against the UC ecosystem and UC endpoints; eavesdropping and modification attacks; control channel attacks; attacks on Session Initiation Protocol (SIP) trunks and public switched telephone network (PSTN) interconnection; attacks on identity; and attacks against distributed systems. Each chapter begins with an introduction to the threat along with some examples of the problem. This is followed by discussions of the anatomy, dangers, and future outlook of the threat as well as specific strategies on how to defend systems against the threat. The discussions of each threat are also organized around the themes of confidentiality, integrity, and availability.

This book will be of interest to information security professionals of all levels as well as recreational hackers.

Key Features

  • Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
  • Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
  • Institute countermeasures, don’t be caught defenseless again, and learn techniques to make your computer and network impenetrable


Information security professionals of all levels; recreational hackers

Table of Contents


About the Author


Chapter 1 The Unified Communications Ecosystem

Anatomy of Attacks against the UC Ecosystem

Dangers Associated with the UC Ecosystem


Toll Fraud

Exposure of Information

Future of Attacks against the UC Ecosystem

Social Software and Services

Public Versus Private Information


Mashups and APIs

It’s All about the Cloud

Bright Shiny Objects

How to Defend Your UC Ecosystem

Strategy #1: Identify All Ecosystem Components

Strategy #2: Develop Security Plans for All Components

Strategy #3: Engage in Holistic Ecosystem Testing


Chapter 2 Insecure Endpoints

Anatomy of Attacks against UC Endpoints

General DoS Attacks

Finding Endpoints to Attack

Default Passwords

Hidden Accounts

Undocumented Services

Web Exploits

Protocol Fuzzing

Local Files

Dangers of Attacks on Endpoints

Denial of Service or Availability

Toll Fraud

Eavesdropping or Exposure of Information


The Future of Attacks against UC Endpoints

More Powerful Endpoints

Migration into Software

Commodity Operating Systems

Heterogeneous Deployments


Massively Distributed Endpoints

How to Defend Your Endpoints

Strategy #1: Identify All Connected Endpoints

Strategy #2: Change Default Passwords!

Strategy #3: Turn off Unnecessary Services

Strategy #4: Develop Patch Plans for All Endpoints

Strategy #5: Understand How to Update and Secure Remote Endpoints


Chapter 3 Eavesdropping and Modification

Anatomy of Eavesdropping and Modification Attacks

Getting between the Endpoints

Using Wireshark to Capture Voice

Using Wireshark to Capture IM Traffic

Capturing Audio, Video, and IM using Other Tools

Modification Attacks


Dangers of Eavesdropping and Modification Attacks

Exposure of Confidential Information

Business Disruption


Loss of Trust

The Future of Eavesdropping and Modification Attacks

Increasing Market Size

All-IP Enterprise Networks

Cloud and Hosted Systems

Federation between UC Systems

Continued Endpoint Distribution

How to Defend against Eavesdropping and Modification Attacks

Strategy #1: Encryption of Voice and Video

Strategy #2: Encryption of IM


Chapter 4 Control Channel Attacks: Fuzzing, DoS, SPIT, and Toll Fraud

Anatomy of Control Channel Attacks

Eavesdropping Attacks

Modification Attacks

Denial-of-Service Attacks

Elevation of Authority or Password Cracking


Spam for Internet Telephony

Dangers of Control Channel Attacks

Toll Fraud

Denial of Service

Exposure of Confidential Information

Patterns in Aggregation


Loss of Trust

Future of Control Channel Attacks

Integration with Social Networks and Services

PSTN Bypass

How to Defend against Control Channel Attacks

Strategy #1: Encrypting the Control Channel

Strategy #2: Limit and Secure Interconnection Points

Strategy #3: Use Strong Authentication

Strategy #4: Deploy SBCs or SIP-Aware Firewalls

Strategy #5: Auditing or Monitoring


Chapter 5 SIP Trunking and PSTN Interconnection

Anatomy of Attacks on SIP Trunks and PSTN Interconnection

Understanding SIP Trunking

Attacks against SIP Trunking

Dangers of Attacks on SIP Trunks and PSTN Interconnection

Toll Fraud


Corporate Espionage/Exposure of Confidential Information


Spam for Internet Telephony

The Future of Attacks on SIP Trunks and PSTN Interconnection

Reasons for Growth

Increased Market Size

More ITSP Entrants with Few Cares about Security

Expansion of the PSTN Trust Boundary

How to Defend against Attacks on SIP Trunks and PSTN Interconnection

Strategy #1: Understand Your ITSP

Strategy #2: Establish a Secure Transport Layer

Strategy #3: Ensure Strong Authentication Is in Place

Strategy #4: Consider the Same Service Provider as Your Data/Internet Provider

Strategy #5: Establish a Business Continuity/DR Plan


Chapter 6 Identity, Spoofing, and Vishing

Anatomy of Attacks on Identity

Caller ID Spoofing on the PSTN

Identity Modification at the Originating Endpoint

Identity Modification at Source System

Identity Modification in Transit


Dangers of Attacks on Identity


Identity Theft

Social Engineering

Reputation Damage


Erosion of Trust

Deceiving Automated Systems

The Future of Attacks on Identity

Interconnection and Federation

RFC 4474 SIP Identity and Whatever Comes Next

Social Identity Systems

How to Defend against Attacks on Identity

Strategy #1: Educate Your Users about Potential Threats and What Not to Trust

Strategy #2: Understand and Lock Down Holes that Allow Spoofing

Strategy #3: Evaluate Strong Identity Solutions

Strategy #4: Monitor and Participate in Ongoing Identity Discussions


Chapter 7 The End of Geography

Anatomy of Attacks against Distributed Systems

Attacks against Remote Workers

Attacks against Branch Offices

Attacks against Distributed Systems

Attacks against Cloud-based Services

Attacks against Federation

Dangers of Attacks against Distributed Systems





The Future of Attacks against Distributed Systems


Social Networks

New Collaboration Technologies

Movement into the Cloud

Geography Does Matter

How to Defend against Attacks against Distributed Systems

Strategy #1: Deploy Secure Firewall Traversal Mechanisms

Strategy #2: Ensure Understanding of Security at Fixed Locations

Strategy #3: Understand Security Ramifications of Federation

Strategy #4: Ensure Secure Authentication

Strategy #5: Secure Your Connections to Services in the Cloud




No. of pages:
© Syngress 2010
22nd April 2010
Paperback ISBN:
eBook ISBN:

About the Author

Dan York

Dan York (CISSP) is the Best Practices Chair for the VOIP Security Alliance (VOIPSA) as well as the producer of "Blue Box: The VoIP Security Podcast" where since October 2005 he and co-host Jonathan Zar have discussed VOIP security news and interviewed people involved in the field. Dan is employed as the Director of Conversations at Voxeo Corporation heading up the company's communication through both traditional and new/social media. Previously, Dan served in Voxeo's Office of the CTO focused on analyzing/evaluating emerging technology, participating in industry standards bodies and addressing VoIP security issues. Since the mid-1980s Dan has been working with online communication technologies and helping businesses and organizations understand how to use and participate in those new media. Dan frequently presents at conferences, has authored multiple books on Linux and networking and writes extensively online at sites such as and

Affiliations and Expertise



York’s The Seven Deadliest Unified Communications Attacks mentioned in article on

Ratings and Reviews