Overview
Main description
Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way
"This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies." --Ron Gula, CTO of Tenable Network Security
Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.
- Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardware
- Fortify Cisco, Avaya, and Asterisk systems
- Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
- Thwart number harvesting, call pattern tracking, and conversation eavesdropping
- Measure and maintain VoIP network quality of service and VoIP conversation quality
- Stop DoS and packet flood-based attacks from disrupting SIP proxies and phones
- Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
- Avoid insertion/mixing of malicious audio
- Learn about voice SPAM/SPIT and how to prevent it
- Defend against voice phishing and identity theft scams
Table of contents
Part I: Casing the EstablishmentChapter 1: Footprinting a VoIP NetworkChapter 2: Scanning a VoIP NetworkChapter 3: Enumerating a VoIP NetworkPart II: Exploiting the VoIP Underlying PlatformsChapter 4: VoIP Network Infrastructure Denial of Service (DoS)Chapter 5: VoIP Network EavesdroppingChapter 6: VoIP Interception and ModificationPart III: Exploiting Specific VoIP PlatformsChapter 7: Cisco Unified CallManagerChapter 8: Avaya Communication ManagerChapter 9: AsteriskChapter 10: Emerging Softphone TechnologiesPart IV : VoIP Session and Application HackingChapter 11: VoIP FuzzingChapter 12: Flood-based Disruption of ServiceChapter 13: Signaling and Media ManipulationPart V: Social ThreatsChapter 14: SPAM over Internet Technology (SPIT)Chapter 15: Voice PhishingIndex
Author comments
David Endler is the Director of Security Research for TippingPoint, a division of 3Com. Previously, he performed security research for Xerox Corporation, the NSA, and MIT. Endler is also the chairman and founder of the Voice over IP Security Alliance.
Mark Collier is CTO for SecureLogix Corporation. He is an expert author and frequent presenter on the topic of VoIP security. Collier is also a founding member of the Voice over IP Security Alliance.
