Hacking Exposed VoIP: Voice Over IP
Security Secrets & Solutions by Mark
Collier
Invaluable Voip Security Handbook
Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way
"This book illuminates how remote users can probe, sniff, and modify
your phones, phone switches, and networks that offer VoIP services. Most
importantly, the authors offer solutions to mitigate the risk of deploying
VoIP technologies." --Ron Gula, CTO of Tenable Network Security
Block debilitating VoIP attacks by learning how to look at your network and
devices through the eyes of the malicious intruder. Hacking Exposed VoIP
shows you, step-by-step, how online criminals perform reconnaissance,
gain access, steal data, and penetrate vulnerable systems. All hardware-
specific and network-centered security issues are covered alongside
detailed countermeasures, in-depth examples, and hands-on

implementation techniques. Inside, you'll learn how to defend against
the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP
fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice
phishing attacks.
Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks
and hardwareFortify Cisco, Avaya, and Asterisk systemsPrevent DNS
poisoning, DHCP exhaustion, and ARP table manipulationThwart number
harvesting, call pattern tracking, and conversation eavesdroppingMeasure
and maintain VoIP network quality of service and VoIP conversation
qualityStop DoS and packet flood-based attacks from disrupting SIP
proxies and phones Counter REGISTER hijacking, INVITE flooding, and
BYE call teardown attacksAvoid insertion/mixing of malicious audioLearn
about voice SPAM/SPIT and how to prevent itDefend against voice
phishing and identity theft scams
Personal Review: Hacking Exposed VoIP: Voice Over IP
Security Secrets & Solutions by Mark Collier
In this book David Endler and Mark Collier have pulled together a vast
wealth of material about hacking VoIP networks at every possible level.
More than this, they have also created new value in the form of software
test tools, which they have published on an accompanying website. It
really is a must-have reference book for anyone working in VoIP.
Chapter 1 talks about Google hacking, or in other words, using the Internet
to find out things about a target network. They show that Google can be a
crucial tool in finding out what type of hardware and software you use in
your VoIP networks, and in some cases will give vital clues even about
how to login to the management systems of your network from the Internet.
If this doesn't scare the bejesus out of you, then proceed on to further
chapters about more VoIP-specific issues.
Chapters 2 and 3 detail the kind of tools a hacker might use to scan your
network and enumerate all the devices, i.e. build their own map of how
your network is laid out, right down to the telephone numbers and MAC
addresses of desktop phones. Chapter 4 talks about Denial-of-Service,
and the kind of attack resources that hackers might use to cripple a
telephony network.
Chapter 5 is on VoIP eavesdropping, talking about some existing tools that
can be used for this (Oreka, Wireshark and the unpleasantly named
vomit), and as in the earlier chapters, some suggestions on how to defend
against such a type of threat. Chapter 6 goes further to explain how a VoIP
man-in-the-middle attack might be mounted, giving the possibility not just
to listen, but to modify, replace or remix the audio stream.
Chapters 7, 8, 9 talk about specific platform threats, namely to Cisco
Unified CallManager, Avaya Communication Manager and the Asterisk
PBX. The vendors have added their own comment to these chapters, at

the request of the authors. Chapter 10 takes in Softphones, including
Google Talk, Gizmo, Yahoo and of course the ever popular Skype.
Chapter 11 describes VoIP fuzzing, or in other words, testing protocol
stacks for flaws, so this is useful for those developing VoIP systems and
applications. Chapter 12 talks about disruption of networks using flooding
techniques and chapter 13 talks about Signaling and Media Manipulation.
The final section of the book is entitled Social Threats, and talks about
SPAM over Internet Telephony (SPIT) in Chapter 14, followed by Voice
Phishing in Chapter 15. Neither of these threats are in frequent use yet,
but their use is certain to increase in the future, so this is a good moment
to get to grips with what this means.
This is a highly technical book, but for managers responsible for IT security
but not immersed in the details I would say this: buy the book, and read the
case studies. There are five sections to the book, and each starts with a
short case study. Invest 20 minutes in reading these, and you will start to
get an appreciation for how important VoIP Security will be in the future.
Then pass the book on to your hands-on security guy and tell him to read it
from cover to cover.
For More 5 Star Customer Reviews and Lowest Price:
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions by Mark Collier 5
Star Customer Reviews and Lowest Price!