Search

ETel2007: The Black Bag Security Review (VoIP Security)

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

5 comments

Comments 1 - 5 of 5 previous next Post a comment

  • + quiosquevirtual quiosquevirtual 2 years ago
    :) simple as it gets, great job.

    http://www.quiosque-virtual.pt

  • + danyork Dan York 3 years ago
    Okay, because of some changes to the sync tool, the audio is now up and sync’d. Because the transitions are so fast, it was a bit tough at times, but I think I have them close to where they are supposed to be. Do let me know what you think!
  • + danyork Dan York 3 years ago
    While this slide set shows as having audio, the slides have not yet been synced. Unfortunately, I move through the slides faster than the current slidecasting interface can allow for the syncing to occur. I am hopeful that a future rev of the Slidecasting interface will let me sync the slides. (I need to go down to as little as 2 seconds a slide. Currently the user interface gives me a default that’s around 5 seconds with no way to go lower.)
  • + danyork Dan York 3 years ago
    Jonathan,
    Yes, the audio was recorded and is now available through my Blue Box VoIP security podcast at:

    http://www.blueboxpodcast.com/2007/03/blue_box_se_15_.html

    Despite the high number of slides, the presentation actually only lasted about 15 minutes. It was fun to do and generally seemed to be well received.
  • + jboutelle Jonathan Boutelle 3 years ago
    I wish there was audio for this presentation ... it looks funny and insightful. Was it recorded by any chance?
Post a comment
Embed Video
Edit your comment Cancel

Notes on slide 1

14 Favorites & 5 Groups

ETel2007: The Black Bag Security Review (VoIP Security) - Presentation Transcript

  1. The Black Bag Security Review Dan York, CISSP Emerging Telephony 2007
  2. The Story of SysAdmin Steve
    • Part 1
  3. Once upon a time...
  4. big company
  5. smaller company
  6. promotion
  7. IT
  8. phones, too!
  9. new VoIP system
  10. net head
  11. V
  12. Voice
  13. SIP
  14. open standard
  15. Security Isn’t Possible
  16. education
  17. IP-PBX SIP Service Provider LAN Internet PSTN
  18. cheap
  19. merged
  20. quit
  21. ?
  22. new IT staff
  23. Juvenile Joe
  24. BOFH
  25. read e-mail
  26. monitor
  27. comment
  28. playground
  29. exploit chaos
  30. fun
  31. ultimate truism
  32. voice = packets
  33. packets = bits
  34. bits can be manipulated
  35. “ VoIP security tools”
  36. tools, tools, tools
  37. voipsa.org
  38. hackingvoip.com
  39. sectools.org
  40. tools, tools, tools
  41. good
  42. evil
  43. test/defend
  44. attack
  45. perspective
  46. white hat
  47. black hat
  48. wireshark
    • the tool formerly known as Ethereal
  49.  
  50. cain & abel
  51. RTP
  52. WAV
  53. MP3s
  54. iPod
  55. 2-hour commute
  56. corporate conversations
  57. personal iPod
  58. corporate conversations
  59. personal iPod
  60. (scared yet?)
  61. conversations
  62. PIN
  63. voicemail PINs
  64. banking PINs
  65. DTMF decoder
  66. (fun stuff, eh?)
  67. Teleworker Ted
  68. envy
  69. grudge
  70. hang up Ted
  71. cell phone
  72. devious
  73. mix in new background
  74. amusement park
  75. screaming kids
  76. dog
  77. Ted’s dog
  78. endless barking
  79. no clue
  80. Process Paul
  81. new rules
  82. worked late
  83. wife
  84. female
  85. no clue
  86. ???
  87. insecure firewall
  88. family
  89. SIP softphone
  90. free long distance
  91. (toll fraud)
  92. Board conf calls
  93. revenues in the tank
  94. acquisition
  95. only hope
  96. IT outsourced
  97. job
  98. (Uh-oh)
  99. war
  100. SIP trunk
  101. unencrypted
  102. sniff CID
  103. lawyers
  104. CFO
  105. SIP Redirect
  106. random extension
  107. shipping
  108. HR
  109. labs
  110. kitchen
  111. ?
  112. acquire?
  113. @#$@?%$!
  114. SysAdmin Steve
  115. fix it
  116. DoS
  117. BYE
  118. hang up CEO
  119. set reload
  120. erase SIP registration
  121. busy
  122. packet flood
  123. degrade
  124. cell phones
  125. acquire?
  126. @#$@?%$!
  127. SysAdmin Steve
  128. fix it
  129. 3 strikes
  130. investigation
  131. truth
  132. discovered
  133. heart attack
  134. SIP trunk
  135. unencrypted
  136. corporate conversations
  137. public Internet
  138. clear
  139. call records
  140. public Internet
  141. cleartext
  142. (not good)
  143. plan
  144. Fire Joe!
  145. defense in depth
  146. layers
  147. encryption
  148. voice
  149. call control
  150. LAN
  151. SIP trunk
  152. clueless
  153. new provider
  154. call accounting
  155. IP network
  156. VLANs
  157. IDS/IPS
  158. monitoring
  159. rate throttling
  160. secure perimeter
  161. firewall traversal
  162. firmware
  163. o/s patches
  164. disable services
  165. die, default passwords, die, die, die
  166. layers
  167. secure VoIP
  168. caveat
  169. internal
  170. disgruntled
  171. x%?
  172. compromised servers
  173. spyware
  174. unsecured WiFi
  175. (checked your parking lot lately?)
  176. offline analysis
  177. SIP trunk
  178. $$$
  179. security
  180. (differentiator?)
  181. Botnet Bob
  182. zombies
  183. fun
  184. profit
  185. Criminal Chris
  186. espionage
  187. identity theft
  188. human replay attack
  189. Spammer Sue
  190. SPIT
  191. 1,000s of calls
  192. “ significant event”
  193. Congressman
  194. mistress
  195. public official
  196. porn line
  197. identity theft
  198. 13-yr-old
  199. podcast
  200. Wall Street Journal
  201. “ VOIP IS INSECURE!”
  202. moral
  203. VoIP *can* be secure
  204. work
  205. plan
  206. questions
  207. education
  208. good news
  209. voipsa.org
  210. VOIPSA Threat Taxonomy
  211. VOIPSA Best Practices
  212. VOIPSEC mailing list
  213. blueboxpodcast.com
  214.  
  215. (if you’re not reading them, be aware the attackers ARE!)
  216. defense in depth
  217. layers and layers
  218. voice
  219. call control
  220. SIP trunks
  221. management interfaces / APIs
  222. PSTN interfaces
  223. PSTN
  224. voip = IP + PSTN
  225. it’s the network, stupid
  226. IP network
  227. voice = packets
  228. packets = bits
  229. bits can be manipulated
  230. VoIP *can* be secure
  231. work
  232. plan
  233. SysAdmin Steve?
  234. happily ever after?
  235. acquisition?
  236. job?
  237. CIO?
  238. another story
  239. To be continued...
  240. The End
    • (or is it the beginning?)
  241. Please practice safe VoIP!
  242. Q&eh?
    • www.voipsa.org www.voipsa.org/blog www.blueboxpodcast.com www.disruptivetelephony.com www.mitel.com
  243. Thank you
    • (Please practice safe VoIP!)

+ Dan YorkDan York, 3 years ago

custom

11813 views, 14 favs, 8 embeds more stats

VoIP security presentation given by Dan York of the more

More info about this document

© All Rights Reserved

Go to text version

  • Total Views 11813
    • 11751 on SlideShare
    • 62 from embeds
  • Comments 5
  • Favorites 14
  • Downloads 0
Most viewed embeds
  • 34 views on http://www.blueboxpodcast.com
  • 13 views on http://www.disruptiveconversations.com
  • 8 views on http://www.disruptivetelephony.com
  • 2 views on http://q-ontech.blogspot.com
  • 2 views on http://www.wirechatter.com

more

All embeds
  • 34 views on http://www.blueboxpodcast.com
  • 13 views on http://www.disruptiveconversations.com
  • 8 views on http://www.disruptivetelephony.com
  • 2 views on http://q-ontech.blogspot.com
  • 2 views on http://www.wirechatter.com
  • 1 views on http://64.233.169.104
  • 1 views on http://rashmisinha.blogspot.com
  • 1 views on http://www.marc-seeger.de

less

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

Cancel
File a copyright complaint
Having problems? Go to our helpdesk?

Categories

Tags

more

Groups / Events

Looking for?

-->
Search
RSS Feed
What's new?

© 2009 SlideShare Inc. All Rights Reserved