Search

ClueCon2009: The Security Saga of SysAdmin Steve

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    1 Favorite

    ClueCon2009: The Security Saga of SysAdmin Steve - Presentation Transcript

    1. The Security Saga of SysAdmin Steve Dan York, CISSP ClueCon 2009 ClueCon 2009 – Dan York
    2. Once upon a time... ClueCon 2009 – Dan York
    3. big company ClueCon 2009 – Dan York
    4. smaller company ClueCon 2009 – Dan York
    5. SysAdmin Steve ClueCon 2009 – Dan York
    6. promotion ClueCon 2009 – Dan York
    7. IT ClueCon 2009 – Dan York
    8. phones, too! ClueCon 2009 – Dan York
    9. new VoIP system ClueCon 2009 – Dan York
    10. net head ClueCon 2009 – Dan York
    11. V ClueCon 2009 – Dan York
    12. Voice ClueCon 2009 – Dan York
    13. SIP ClueCon 2009 – Dan York
    14. open standard ClueCon 2009 – Dan York
    15. Security Isn’t Possible ClueCon 2009 – Dan York
    16. education ClueCon 2009 – Dan York
    17. PSTN SIP Service Provider Internet IP-PBX LAN ClueCon 2009 – Dan York
    18. cheap ClueCon 2009 – Dan York
    19. merged ClueCon 2009 – Dan York
    20. quit ClueCon 2009 – Dan York
    21. ? ClueCon 2009 – Dan York
    22. new IT staff ClueCon 2009 – Dan York
    23. Juvenile Joe ClueCon 2009 – Dan York
    24. BOFH ClueCon 2009 – Dan York
    25. read e-mail ClueCon 2009 – Dan York
    26. monitor ClueCon 2009 – Dan York
    27. comment ClueCon 2009 – Dan York
    28. playground ClueCon 2009 – Dan York
    29. exploit chaos ClueCon 2009 – Dan York
    30. fun ClueCon 2009 – Dan York
    31. ultimate truism ClueCon 2009 – Dan York
    32. voice = packets ClueCon 2009 – Dan York
    33. packets = bits ClueCon 2009 – Dan York
    34. bits can be manipulated ClueCon 2009 – Dan York
    35. “VoIP security tools” ClueCon 2009 – Dan York
    36. tools, tools, tools ClueCon 2009 – Dan York
    37. voipsa.org ClueCon 2009 – Dan York
    38. hackingvoip.com ClueCon 2009 – Dan York
    39. sectools.org ClueCon 2009 – Dan York
    40. tools, tools, tools ClueCon 2009 – Dan York
    41. good ClueCon 2009 – Dan York
    42. evil ClueCon 2009 – Dan York
    43. test/defend ClueCon 2009 – Dan York
    44. attack ClueCon 2009 – Dan York
    45. perspective ClueCon 2009 – Dan York
    46. white hat ClueCon 2009 – Dan York
    47. black hat ClueCon 2009 – Dan York
    48. wireshark ClueCon 2009 – Dan York
    49. ClueCon 2009 – Dan York
    50. cain & abel ClueCon 2009 – Dan York
    51. RTP ClueCon 2009 – Dan York
    52. WAV ClueCon 2009 – Dan York
    53. MP3s ClueCon 2009 – Dan York
    54. iPod ClueCon 2009 – Dan York
    55. 2-hour commute ClueCon 2009 – Dan York
    56. corporate conversations ClueCon 2009 – Dan York
    57. personal iPod ClueCon 2009 – Dan York
    58. corporate conversations ClueCon 2009 – Dan York
    59. personal iPod ClueCon 2009 – Dan York
    60. (scared yet?) ClueCon 2009 – Dan York
    61. conversations ClueCon 2009 – Dan York
    62. PIN ClueCon 2009 – Dan York
    63. voicemail PINs ClueCon 2009 – Dan York
    64. banking PINs ClueCon 2009 – Dan York
    65. DTMF decoder ClueCon 2009 – Dan York
    66. (fun stuff, eh?) ClueCon 2009 – Dan York
    67. Teleworker Ted ClueCon 2009 – Dan York
    68. envy ClueCon 2009 – Dan York
    69. grudge ClueCon 2009 – Dan York
    70. hang up Ted ClueCon 2009 – Dan York
    71. cell phone ClueCon 2009 – Dan York
    72. devious ClueCon 2009 – Dan York
    73. mix in new background ClueCon 2009 – Dan York
    74. amusement park ClueCon 2009 – Dan York
    75. screaming kids ClueCon 2009 – Dan York
    76. dog ClueCon 2009 – Dan York
    77. Ted’s dog ClueCon 2009 – Dan York
    78. endless barking ClueCon 2009 – Dan York
    79. no clue ClueCon 2009 – Dan York
    80. Process Paul ClueCon 2009 – Dan York
    81. new rules ClueCon 2009 – Dan York
    82. worked late ClueCon 2009 – Dan York
    83. wife ClueCon 2009 – Dan York
    84. female ClueCon 2009 – Dan York
    85. ??? ClueCon 2009 – Dan York
    86. no clue ClueCon 2009 – Dan York
    87. insecure firewall ClueCon 2009 – Dan York
    88. family ClueCon 2009 – Dan York
    89. SIP softphone ClueCon 2009 – Dan York
    90. free long distance ClueCon 2009 – Dan York
    91. (toll fraud) ClueCon 2009 – Dan York
    92. Board conf calls ClueCon 2009 – Dan York
    93. revenues in the tank ClueCon 2009 – Dan York
    94. only hope ClueCon 2009 – Dan York
    95. acquisition ClueCon 2009 – Dan York
    96. IT outsourced ClueCon 2009 – Dan York
    97. job ClueCon 2009 – Dan York
    98. (Uh-oh) ClueCon 2009 – Dan York
    99. war ClueCon 2009 – Dan York
    100. SIP trunk ClueCon 2009 – Dan York
    101. unencrypted ClueCon 2009 – Dan York
    102. sniff CID ClueCon 2009 – Dan York
    103. lawyers ClueCon 2009 – Dan York
    104. CFO ClueCon 2009 – Dan York
    105. SIP Redirect ClueCon 2009 – Dan York
    106. random extension ClueCon 2009 – Dan York
    107. shipping ClueCon 2009 – Dan York
    108. HR ClueCon 2009 – Dan York
    109. labs ClueCon 2009 – Dan York
    110. kitchen ClueCon 2009 – Dan York
    111. ? ClueCon 2009 – Dan York
    112. acquire? ClueCon 2009 – Dan York
    113. @#$@?%$! ClueCon 2009 – Dan York
    114. SysAdmin Steve ClueCon 2009 – Dan York
    115. fix it ClueCon 2009 – Dan York
    116. DoS ClueCon 2009 – Dan York
    117. BYE ClueCon 2009 – Dan York
    118. hang up CEO ClueCon 2009 – Dan York
    119. set reload ClueCon 2009 – Dan York
    120. erase SIP registration ClueCon 2009 – Dan York
    121. no clue ClueCon 2009 – Dan York
    122. packet flood ClueCon 2009 – Dan York
    123. degrade ClueCon 2009 – Dan York
    124. cell phones ClueCon 2009 – Dan York
    125. acquire? ClueCon 2009 – Dan York
    126. @#$@?%$! ClueCon 2009 – Dan York
    127. SysAdmin Steve ClueCon 2009 – Dan York
    128. fix it ClueCon 2009 – Dan York
    129. 3 strikes ClueCon 2009 – Dan York
    130. investigation ClueCon 2009 – Dan York
    131. truth ClueCon 2009 – Dan York
    132. discovered ClueCon 2009 – Dan York
    133. heart attack ClueCon 2009 – Dan York
    134. corporate conversations ClueCon 2009 – Dan York
    135. SIP trunk ClueCon 2009 – Dan York
    136. unencrypted ClueCon 2009 – Dan York
    137. public Internet ClueCon 2009 – Dan York
    138. clear ClueCon 2009 – Dan York
    139. call records ClueCon 2009 – Dan York
    140. public Internet ClueCon 2009 – Dan York
    141. cleartext ClueCon 2009 – Dan York
    142. (not good) ClueCon 2009 – Dan York
    143. plan ClueCon 2009 – Dan York
    144. Fire Joe! ClueCon 2009 – Dan York
    145. defense in depth ClueCon 2009 – Dan York
    146. layers ClueCon 2009 – Dan York
    147. encryption ClueCon 2009 – Dan York
    148. SRTP ClueCon 2009 – Dan York
    149. TLS / DTLS ClueCon 2009 – Dan York
    150. ZRTP ClueCon 2009 – Dan York
    151. voice ClueCon 2009 – Dan York
    152. call control ClueCon 2009 – Dan York
    153. LAN ClueCon 2009 – Dan York
    154. SIP trunk ClueCon 2009 – Dan York
    155. clueless ClueCon 2009 – Dan York
    156. new provider ClueCon 2009 – Dan York
    157. call accounting ClueCon 2009 – Dan York
    158. IP network ClueCon 2009 – Dan York
    159. VLANs ClueCon 2009 – Dan York
    160. IDS/IPS ClueCon 2009 – Dan York
    161. monitoring ClueCon 2009 – Dan York
    162. rate throttling ClueCon 2009 – Dan York
    163. secure perimeter ClueCon 2009 – Dan York
    164. firewall traversal ClueCon 2009 – Dan York
    165. firmware ClueCon 2009 – Dan York
    166. o/s patches ClueCon 2009 – Dan York
    167. disable services ClueCon 2009 – Dan York
    168. die, default passwords, die, die, die ClueCon 2009 – Dan York
    169. layers ClueCon 2009 – Dan York
    170. secure VoIP ClueCon 2009 – Dan York
    171. caveat ClueCon 2009 – Dan York
    172. internal ClueCon 2009 – Dan York
    173. disgruntled ClueCon 2009 – Dan York
    174. x%? ClueCon 2009 – Dan York
    175. compromised servers ClueCon 2009 – Dan York
    176. spyware ClueCon 2009 – Dan York
    177. unsecured WiFi ClueCon 2009 – Dan York
    178. (checked your parking lot lately?) ClueCon 2009 – Dan York
    179. offline analysis ClueCon 2009 – Dan York
    180. SIP trunk ClueCon 2009 – Dan York
    181. $$$ ClueCon 2009 – Dan York
    182. security ClueCon 2009 – Dan York
    183. Botnet Bob ClueCon 2009 – Dan York
    184. zombies ClueCon 2009 – Dan York
    185. fun ClueCon 2009 – Dan York
    186. profit ClueCon 2009 – Dan York
    187. Criminal Chris ClueCon 2009 – Dan York
    188. espionage ClueCon 2009 – Dan York
    189. identity theft ClueCon 2009 – Dan York
    190. human replay attack ClueCon 2009 – Dan York
    191. Spammer Sue ClueCon 2009 – Dan York
    192. SPIT ClueCon 2009 – Dan York
    193. 1,000s of calls ClueCon 2009 – Dan York
    194. “significant event” ClueCon 2009 – Dan York
    195. Congressman ClueCon 2009 – Dan York
    196. mistress ClueCon 2009 – Dan York
    197. public official ClueCon 2009 – Dan York
    198. porn line ClueCon 2009 – Dan York
    199. identity theft ClueCon 2009 – Dan York
    200. 13-yr-old ClueCon 2009 – Dan York
    201. Wall St. Journal ClueCon 2009 – Dan York
    202. “VOIP IS INSECURE” ClueCon 2009 – Dan York
    203. “(stupid) VOIP IS INSECURE” ClueCon 2009 – Dan York
    204. “VOIP IS INSECURE” ClueCon 2009 – Dan York
    205. moral ClueCon 2009 – Dan York
    206. VoIP *can* be secure ClueCon 2009 – Dan York
    207. VoIP can be MORE secure than PSTN ClueCon 2009 – Dan York
    208. (red button, anyone?) ClueCon 2009 – Dan York
    209. work ClueCon 2009 – Dan York
    210. plan ClueCon 2009 – Dan York
    211. questions ClueCon 2009 – Dan York
    212. education ClueCon 2009 – Dan York
    213. voipsa.org ClueCon 2009 – Dan York
    214. VOIPSA Threat Taxonomy ClueCon 2009 – Dan York
    215. VOIPSA Best Practices ClueCon 2009 – Dan York
    216. VOIPSEC mailing list ClueCon 2009 – Dan York
    217. blueboxpodcast.com ClueCon 2009 – Dan York
    218. ClueCon 2009 – Dan York
    219. (If you aren’t reading them, be aware the attackers *are*) ClueCon 2009 – Dan York
    220. defense in depth ClueCon 2009 – Dan York
    221. layers and layers ClueCon 2009 – Dan York
    222. voice ClueCon 2009 – Dan York
    223. call control ClueCon 2009 – Dan York
    224. SIP trunks ClueCon 2009 – Dan York
    225. management interfaces / APIs ClueCon 2009 – Dan York
    226. PSTN interfaces ClueCon 2009 – Dan York
    227. PSTN ClueCon 2009 – Dan York
    228. VoIP = IP + PSTN ClueCon 2009 – Dan York
    229. it’s the network, stupid ClueCon 2009 – Dan York
    230. cloud ClueCon 2009 – Dan York
    231. IP network ClueCon 2009 – Dan York
    232. voice = packets ClueCon 2009 – Dan York
    233. packets = bits ClueCon 2009 – Dan York
    234. bits can be manipulated ClueCon 2009 – Dan York
    235. VoIP *can* be secure ClueCon 2009 – Dan York
    236. work ClueCon 2009 – Dan York
    237. plan ClueCon 2009 – Dan York
    238. SysAdmin Steve? ClueCon 2009 – Dan York
    239. happily ever after? ClueCon 2009 – Dan York
    240. acquisition? ClueCon 2009 – Dan York
    241. job? ClueCon 2009 – Dan York
    242. CIO? ClueCon 2009 – Dan York
    243. another story ClueCon 2009 – Dan York
    244. To be continued... ClueCon 2009 – Dan York
    245. The End (or is it the beginning?) ClueCon 2009 – Dan York
    246. Please practice safe VoIP! ClueCon 2009 – Dan York
    247. Q&A www.voipsa.org www.voipsa.org/blog www.blueboxpodcast.com blogs.voxeo.com ClueCon 2009 – Dan York
    248. Thank you (Please practice safe VoIP!) ClueCon 2009 – Dan York

    + Dan YorkDan York, 3 months ago

    custom

    302 views, 1 favs, 0 embeds more stats

    This is a story of VoIP security, a disgruntled emp more

    More info about this document

    CC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs License

    Go to text version

    • Total Views 302
      • 302 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 1
    • Downloads 3
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    Search
    RSS Feed
    What's new?

    © 2009 SlideShare Inc. All Rights Reserved