ClueCon2009: The Security Saga of SysAdmin Steve
Upcoming SlideShare
Loading in...5
×
 

ClueCon2009: The Security Saga of SysAdmin Steve

on

  • 1,520 views

This is a story of VoIP security, a disgruntled employee and the trouble that can be caused in an unsecured environment. The presentation is done in a minimalist style popularized by Professor ...

This is a story of VoIP security, a disgruntled employee and the trouble that can be caused in an unsecured environment. The presentation is done in a minimalist style popularized by Professor Lawrence Lessig. The 248 slides were presented in about 15 minutes at ClueCon 2009 in Chicago on August 5, 2009. A video recording will be made available and an update will be posted here.

Do note that I did give an older version of this talk at ETel 2007 as "The Black Bag Security Review".

Statistics

Views

Total Views
1,520
Views on SlideShare
1,518
Embed Views
2

Actions

Likes
2
Downloads
12
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

ClueCon2009: The Security Saga of SysAdmin Steve ClueCon2009: The Security Saga of SysAdmin Steve Presentation Transcript

  • The Security Saga of SysAdmin Steve Dan York, CISSP ClueCon 2009 ClueCon 2009 – Dan York
  • Once upon a time... ClueCon 2009 – Dan York
  • big company ClueCon 2009 – Dan York
  • smaller company ClueCon 2009 – Dan York
  • SysAdmin Steve ClueCon 2009 – Dan York
  • promotion ClueCon 2009 – Dan York
  • IT ClueCon 2009 – Dan York
  • phones, too! ClueCon 2009 – Dan York
  • new VoIP system ClueCon 2009 – Dan York
  • net head ClueCon 2009 – Dan York
  • V ClueCon 2009 – Dan York
  • Voice ClueCon 2009 – Dan York
  • SIP ClueCon 2009 – Dan York
  • open standard ClueCon 2009 – Dan York
  • Security Isn’t Possible ClueCon 2009 – Dan York
  • education ClueCon 2009 – Dan York
  • PSTN SIP Service Provider Internet IP-PBX LAN ClueCon 2009 – Dan York
  • cheap ClueCon 2009 – Dan York
  • merged ClueCon 2009 – Dan York
  • quit ClueCon 2009 – Dan York
  • ? ClueCon 2009 – Dan York
  • new IT staff ClueCon 2009 – Dan York
  • Juvenile Joe ClueCon 2009 – Dan York
  • BOFH ClueCon 2009 – Dan York
  • read e-mail ClueCon 2009 – Dan York
  • monitor ClueCon 2009 – Dan York
  • comment ClueCon 2009 – Dan York
  • playground ClueCon 2009 – Dan York
  • exploit chaos ClueCon 2009 – Dan York
  • fun ClueCon 2009 – Dan York
  • ultimate truism ClueCon 2009 – Dan York
  • voice = packets ClueCon 2009 – Dan York
  • packets = bits ClueCon 2009 – Dan York
  • bits can be manipulated ClueCon 2009 – Dan York
  • “VoIP security tools” ClueCon 2009 – Dan York
  • tools, tools, tools ClueCon 2009 – Dan York
  • voipsa.org ClueCon 2009 – Dan York
  • hackingvoip.com ClueCon 2009 – Dan York
  • sectools.org ClueCon 2009 – Dan York
  • tools, tools, tools ClueCon 2009 – Dan York
  • good ClueCon 2009 – Dan York
  • evil ClueCon 2009 – Dan York
  • test/defend ClueCon 2009 – Dan York
  • attack ClueCon 2009 – Dan York
  • perspective ClueCon 2009 – Dan York
  • white hat ClueCon 2009 – Dan York
  • black hat ClueCon 2009 – Dan York
  • wireshark ClueCon 2009 – Dan York
  • ClueCon 2009 – Dan York
  • cain & abel ClueCon 2009 – Dan York
  • RTP ClueCon 2009 – Dan York
  • WAV ClueCon 2009 – Dan York
  • MP3s ClueCon 2009 – Dan York
  • iPod ClueCon 2009 – Dan York
  • 2-hour commute ClueCon 2009 – Dan York
  • corporate conversations ClueCon 2009 – Dan York
  • personal iPod ClueCon 2009 – Dan York
  • corporate conversations ClueCon 2009 – Dan York
  • personal iPod ClueCon 2009 – Dan York
  • (scared yet?) ClueCon 2009 – Dan York
  • conversations ClueCon 2009 – Dan York
  • PIN ClueCon 2009 – Dan York
  • voicemail PINs ClueCon 2009 – Dan York
  • banking PINs ClueCon 2009 – Dan York
  • DTMF decoder ClueCon 2009 – Dan York
  • (fun stuff, eh?) ClueCon 2009 – Dan York
  • Teleworker Ted ClueCon 2009 – Dan York
  • envy ClueCon 2009 – Dan York
  • grudge ClueCon 2009 – Dan York
  • hang up Ted ClueCon 2009 – Dan York
  • cell phone ClueCon 2009 – Dan York
  • devious ClueCon 2009 – Dan York
  • mix in new background ClueCon 2009 – Dan York
  • amusement park ClueCon 2009 – Dan York
  • screaming kids ClueCon 2009 – Dan York
  • dog ClueCon 2009 – Dan York
  • Ted’s dog ClueCon 2009 – Dan York
  • endless barking ClueCon 2009 – Dan York
  • no clue ClueCon 2009 – Dan York
  • Process Paul ClueCon 2009 – Dan York
  • new rules ClueCon 2009 – Dan York
  • worked late ClueCon 2009 – Dan York
  • wife ClueCon 2009 – Dan York
  • female ClueCon 2009 – Dan York
  • ??? ClueCon 2009 – Dan York
  • no clue ClueCon 2009 – Dan York
  • insecure firewall ClueCon 2009 – Dan York
  • family ClueCon 2009 – Dan York
  • SIP softphone ClueCon 2009 – Dan York
  • free long distance ClueCon 2009 – Dan York
  • (toll fraud) ClueCon 2009 – Dan York
  • Board conf calls ClueCon 2009 – Dan York
  • revenues in the tank ClueCon 2009 – Dan York
  • only hope ClueCon 2009 – Dan York
  • acquisition ClueCon 2009 – Dan York
  • IT outsourced ClueCon 2009 – Dan York
  • job ClueCon 2009 – Dan York
  • (Uh-oh) ClueCon 2009 – Dan York
  • war ClueCon 2009 – Dan York
  • SIP trunk ClueCon 2009 – Dan York
  • unencrypted ClueCon 2009 – Dan York
  • sniff CID ClueCon 2009 – Dan York
  • lawyers ClueCon 2009 – Dan York
  • CFO ClueCon 2009 – Dan York
  • SIP Redirect ClueCon 2009 – Dan York
  • random extension ClueCon 2009 – Dan York
  • shipping ClueCon 2009 – Dan York
  • HR ClueCon 2009 – Dan York
  • labs ClueCon 2009 – Dan York
  • kitchen ClueCon 2009 – Dan York
  • ? ClueCon 2009 – Dan York
  • acquire? ClueCon 2009 – Dan York
  • @#$@?%$! ClueCon 2009 – Dan York
  • SysAdmin Steve ClueCon 2009 – Dan York
  • fix it ClueCon 2009 – Dan York
  • DoS ClueCon 2009 – Dan York
  • BYE ClueCon 2009 – Dan York
  • hang up CEO ClueCon 2009 – Dan York
  • set reload ClueCon 2009 – Dan York
  • erase SIP registration ClueCon 2009 – Dan York
  • no clue ClueCon 2009 – Dan York
  • packet flood ClueCon 2009 – Dan York
  • degrade ClueCon 2009 – Dan York
  • cell phones ClueCon 2009 – Dan York
  • acquire? ClueCon 2009 – Dan York
  • @#$@?%$! ClueCon 2009 – Dan York
  • SysAdmin Steve ClueCon 2009 – Dan York
  • fix it ClueCon 2009 – Dan York
  • 3 strikes ClueCon 2009 – Dan York
  • investigation ClueCon 2009 – Dan York
  • truth ClueCon 2009 – Dan York
  • discovered ClueCon 2009 – Dan York
  • heart attack ClueCon 2009 – Dan York
  • corporate conversations ClueCon 2009 – Dan York
  • SIP trunk ClueCon 2009 – Dan York
  • unencrypted ClueCon 2009 – Dan York
  • public Internet ClueCon 2009 – Dan York
  • clear ClueCon 2009 – Dan York
  • call records ClueCon 2009 – Dan York
  • public Internet ClueCon 2009 – Dan York
  • cleartext ClueCon 2009 – Dan York
  • (not good) ClueCon 2009 – Dan York
  • plan ClueCon 2009 – Dan York
  • Fire Joe! ClueCon 2009 – Dan York
  • defense in depth ClueCon 2009 – Dan York
  • layers ClueCon 2009 – Dan York
  • encryption ClueCon 2009 – Dan York
  • SRTP ClueCon 2009 – Dan York
  • TLS / DTLS ClueCon 2009 – Dan York
  • ZRTP ClueCon 2009 – Dan York
  • voice ClueCon 2009 – Dan York
  • call control ClueCon 2009 – Dan York
  • LAN ClueCon 2009 – Dan York
  • SIP trunk ClueCon 2009 – Dan York
  • clueless ClueCon 2009 – Dan York
  • new provider ClueCon 2009 – Dan York
  • call accounting ClueCon 2009 – Dan York
  • IP network ClueCon 2009 – Dan York
  • VLANs ClueCon 2009 – Dan York
  • IDS/IPS ClueCon 2009 – Dan York
  • monitoring ClueCon 2009 – Dan York
  • rate throttling ClueCon 2009 – Dan York
  • secure perimeter ClueCon 2009 – Dan York
  • firewall traversal ClueCon 2009 – Dan York
  • firmware ClueCon 2009 – Dan York
  • o/s patches ClueCon 2009 – Dan York
  • disable services ClueCon 2009 – Dan York
  • die, default passwords, die, die, die ClueCon 2009 – Dan York
  • layers ClueCon 2009 – Dan York
  • secure VoIP ClueCon 2009 – Dan York
  • caveat ClueCon 2009 – Dan York
  • internal ClueCon 2009 – Dan York
  • disgruntled ClueCon 2009 – Dan York
  • x%? ClueCon 2009 – Dan York
  • compromised servers ClueCon 2009 – Dan York
  • spyware ClueCon 2009 – Dan York
  • unsecured WiFi ClueCon 2009 – Dan York
  • (checked your parking lot lately?) ClueCon 2009 – Dan York
  • offline analysis ClueCon 2009 – Dan York
  • SIP trunk ClueCon 2009 – Dan York
  • $$$ ClueCon 2009 – Dan York
  • security ClueCon 2009 – Dan York
  • Botnet Bob ClueCon 2009 – Dan York
  • zombies ClueCon 2009 – Dan York
  • fun ClueCon 2009 – Dan York
  • profit ClueCon 2009 – Dan York
  • Criminal Chris ClueCon 2009 – Dan York
  • espionage ClueCon 2009 – Dan York
  • identity theft ClueCon 2009 – Dan York
  • human replay attack ClueCon 2009 – Dan York
  • Spammer Sue ClueCon 2009 – Dan York
  • SPIT ClueCon 2009 – Dan York
  • 1,000s of calls ClueCon 2009 – Dan York
  • “significant event” ClueCon 2009 – Dan York
  • Congressman ClueCon 2009 – Dan York
  • mistress ClueCon 2009 – Dan York
  • public official ClueCon 2009 – Dan York
  • porn line ClueCon 2009 – Dan York
  • identity theft ClueCon 2009 – Dan York
  • 13-yr-old ClueCon 2009 – Dan York
  • Wall St. Journal ClueCon 2009 – Dan York
  • “VOIP IS INSECURE” ClueCon 2009 – Dan York
  • “(stupid) VOIP IS INSECURE” ClueCon 2009 – Dan York
  • “VOIP IS INSECURE” ClueCon 2009 – Dan York
  • moral ClueCon 2009 – Dan York
  • VoIP *can* be secure ClueCon 2009 – Dan York
  • VoIP can be MORE secure than PSTN ClueCon 2009 – Dan York
  • (red button, anyone?) ClueCon 2009 – Dan York
  • work ClueCon 2009 – Dan York
  • plan ClueCon 2009 – Dan York
  • questions ClueCon 2009 – Dan York
  • education ClueCon 2009 – Dan York
  • voipsa.org ClueCon 2009 – Dan York
  • VOIPSA Threat Taxonomy ClueCon 2009 – Dan York
  • VOIPSA Best Practices ClueCon 2009 – Dan York
  • VOIPSEC mailing list ClueCon 2009 – Dan York
  • blueboxpodcast.com ClueCon 2009 – Dan York
  • ClueCon 2009 – Dan York
  • (If you aren’t reading them, be aware the attackers *are*) ClueCon 2009 – Dan York
  • defense in depth ClueCon 2009 – Dan York
  • layers and layers ClueCon 2009 – Dan York
  • voice ClueCon 2009 – Dan York
  • call control ClueCon 2009 – Dan York
  • SIP trunks ClueCon 2009 – Dan York
  • management interfaces / APIs ClueCon 2009 – Dan York
  • PSTN interfaces ClueCon 2009 – Dan York
  • PSTN ClueCon 2009 – Dan York
  • VoIP = IP + PSTN ClueCon 2009 – Dan York
  • it’s the network, stupid ClueCon 2009 – Dan York
  • cloud ClueCon 2009 – Dan York
  • IP network ClueCon 2009 – Dan York
  • voice = packets ClueCon 2009 – Dan York
  • packets = bits ClueCon 2009 – Dan York
  • bits can be manipulated ClueCon 2009 – Dan York
  • VoIP *can* be secure ClueCon 2009 – Dan York
  • work ClueCon 2009 – Dan York
  • plan ClueCon 2009 – Dan York
  • SysAdmin Steve? ClueCon 2009 – Dan York
  • happily ever after? ClueCon 2009 – Dan York
  • acquisition? ClueCon 2009 – Dan York
  • job? ClueCon 2009 – Dan York
  • CIO? ClueCon 2009 – Dan York
  • another story ClueCon 2009 – Dan York
  • To be continued... ClueCon 2009 – Dan York
  • The End (or is it the beginning?) ClueCon 2009 – Dan York
  • Please practice safe VoIP! ClueCon 2009 – Dan York
  • Q&A www.voipsa.org www.voipsa.org/blog www.blueboxpodcast.com blogs.voxeo.com ClueCon 2009 – Dan York
  • Thank you (Please practice safe VoIP!) ClueCon 2009 – Dan York