• Save
ETel2007: The Black Bag Security Review (VoIP Security)
Upcoming SlideShare
Loading in...5
×
 

ETel2007: The Black Bag Security Review (VoIP Security)

on

  • 16,366 views

VoIP security presentation given by Dan York of the VoIP Security Alliance (VOIPSA) at O'Reilly's Emerging Telephony 2007 conference on March 1, 2007. Slides really need to be viewed with the audio, ...

VoIP security presentation given by Dan York of the VoIP Security Alliance (VOIPSA) at O'Reilly's Emerging Telephony 2007 conference on March 1, 2007. Slides really need to be viewed with the audio, which will be uploaded to Blue Box: The VoIP Security Podcast at http://www.blueboxpodcast.com/ soon.

Statistics

Views

Total Views
16,366
Views on SlideShare
16,200
Embed Views
166

Actions

Likes
15
Downloads
0
Comments
6

13 Embeds 166

http://www.wirechatter.com 79
http://www.blueboxpodcast.com 34
http://www.slideshare.net 14
http://www.disruptiveconversations.com 13
http://websecurity.com.ua 10
http://www.disruptivetelephony.com 8
http://q-ontech.blogspot.com 2
http://feeds.feedburner.com 1
http://translate.googleusercontent.com 1
http://www.marc-seeger.de 1
http://rashmisinha.blogspot.com 1
http://64.233.169.104 1
http://feeds2.feedburner.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

16 of 6 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Awsome
    Are you sure you want to
    Your message goes here
    Processing…
  • :) simple as it gets, great job.

    http://www.quiosque-virtual.pt<br /><br/>
    Are you sure you want to
    Your message goes here
    Processing…
  • Okay, because of some changes to the sync tool, the audio is now up and sync'd. Because the transitions are so fast, it was a bit tough at times, but I think I have them close to where they are supposed to be. Do let me know what you think!
    Are you sure you want to
    Your message goes here
    Processing…
  • While this slide set shows as having audio, the slides have not yet been synced. Unfortunately, I move through the slides faster than the current slidecasting interface can allow for the syncing to occur. I am hopeful that a future rev of the Slidecasting interface will let me sync the slides. (I need to go down to as little as 2 seconds a slide. Currently the user interface gives me a default that's around 5 seconds with no way to go lower.)
    Are you sure you want to
    Your message goes here
    Processing…
  • Jonathan,
    Yes, the audio was recorded and is now available through my Blue Box VoIP security podcast at:

    http://www.blueboxpodcast.com/2007/03/blue_box_se_15_.html

    Despite the high number of slides, the presentation actually only lasted about 15 minutes. It was fun to do and generally seemed to be well received.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    ETel2007: The Black Bag Security Review (VoIP Security) ETel2007: The Black Bag Security Review (VoIP Security) Presentation Transcript

    • The Black Bag Security Review Dan York, CISSP Emerging Telephony 2007
    • The Story of SysAdmin Steve
      • Part 1
    • Once upon a time...
    • big company
    • smaller company
    • promotion
    • IT
    • phones, too!
    • new VoIP system
    • net head
    • V
    • Voice
    • SIP
    • open standard
    • Security Isn’t Possible
    • education
    • IP-PBX SIP Service Provider LAN Internet PSTN
    • cheap
    • merged
    • quit
    • ?
    • new IT staff
    • Juvenile Joe
    • BOFH
    • read e-mail
    • monitor
    • comment
    • playground
    • exploit chaos
    • fun
    • ultimate truism
    • voice = packets
    • packets = bits
    • bits can be manipulated
    • “ VoIP security tools”
    • tools, tools, tools
    • voipsa.org
    • hackingvoip.com
    • sectools.org
    • tools, tools, tools
    • good
    • evil
    • test/defend
    • attack
    • perspective
    • white hat
    • black hat
    • wireshark
      • the tool formerly known as Ethereal
    •  
    • cain & abel
    • RTP
    • WAV
    • MP3s
    • iPod
    • 2-hour commute
    • corporate conversations
    • personal iPod
    • corporate conversations
    • personal iPod
    • (scared yet?)
    • conversations
    • PIN
    • voicemail PINs
    • banking PINs
    • DTMF decoder
    • (fun stuff, eh?)
    • Teleworker Ted
    • envy
    • grudge
    • hang up Ted
    • cell phone
    • devious
    • mix in new background
    • amusement park
    • screaming kids
    • dog
    • Ted’s dog
    • endless barking
    • no clue
    • Process Paul
    • new rules
    • worked late
    • wife
    • female
    • no clue
    • ???
    • insecure firewall
    • family
    • SIP softphone
    • free long distance
    • (toll fraud)
    • Board conf calls
    • revenues in the tank
    • acquisition
    • only hope
    • IT outsourced
    • job
    • (Uh-oh)
    • war
    • SIP trunk
    • unencrypted
    • sniff CID
    • lawyers
    • CFO
    • SIP Redirect
    • random extension
    • shipping
    • HR
    • labs
    • kitchen
    • ?
    • acquire?
    • @#$@?%$!
    • SysAdmin Steve
    • fix it
    • DoS
    • BYE
    • hang up CEO
    • set reload
    • erase SIP registration
    • busy
    • packet flood
    • degrade
    • cell phones
    • acquire?
    • @#$@?%$!
    • SysAdmin Steve
    • fix it
    • 3 strikes
    • investigation
    • truth
    • discovered
    • heart attack
    • SIP trunk
    • unencrypted
    • corporate conversations
    • public Internet
    • clear
    • call records
    • public Internet
    • cleartext
    • (not good)
    • plan
    • Fire Joe!
    • defense in depth
    • layers
    • encryption
    • voice
    • call control
    • LAN
    • SIP trunk
    • clueless
    • new provider
    • call accounting
    • IP network
    • VLANs
    • IDS/IPS
    • monitoring
    • rate throttling
    • secure perimeter
    • firewall traversal
    • firmware
    • o/s patches
    • disable services
    • die, default passwords, die, die, die
    • layers
    • secure VoIP
    • caveat
    • internal
    • disgruntled
    • x%?
    • compromised servers
    • spyware
    • unsecured WiFi
    • (checked your parking lot lately?)
    • offline analysis
    • SIP trunk
    • $$$
    • security
    • (differentiator?)
    • Botnet Bob
    • zombies
    • fun
    • profit
    • Criminal Chris
    • espionage
    • identity theft
    • human replay attack
    • Spammer Sue
    • SPIT
    • 1,000s of calls
    • “ significant event”
    • Congressman
    • mistress
    • public official
    • porn line
    • identity theft
    • 13-yr-old
    • podcast
    • Wall Street Journal
    • “ VOIP IS INSECURE!”
    • moral
    • VoIP *can* be secure
    • work
    • plan
    • questions
    • education
    • good news
    • voipsa.org
    • VOIPSA Threat Taxonomy
    • VOIPSA Best Practices
    • VOIPSEC mailing list
    • blueboxpodcast.com
    •  
    • (if you’re not reading them, be aware the attackers ARE!)
    • defense in depth
    • layers and layers
    • voice
    • call control
    • SIP trunks
    • management interfaces / APIs
    • PSTN interfaces
    • PSTN
    • voip = IP + PSTN
    • it’s the network, stupid
    • IP network
    • voice = packets
    • packets = bits
    • bits can be manipulated
    • VoIP *can* be secure
    • work
    • plan
    • SysAdmin Steve?
    • happily ever after?
    • acquisition?
    • job?
    • CIO?
    • another story
    • To be continued...
    • The End
      • (or is it the beginning?)
    • Please practice safe VoIP!
    • Q&eh?
      • www.voipsa.org www.voipsa.org/blog www.blueboxpodcast.com www.disruptivetelephony.com www.mitel.com
    • Thank you
      • (Please practice safe VoIP!)