The document discusses vulnerabilities and attacks against Voice over IP (VoIP) systems. It begins with an introduction to VoIP architecture, components, and protocols. It then covers vulnerabilities and common attack vectors against VoIP, such as identity spoofing, eavesdropping, password cracking, and denial of service attacks. The document demonstrates some example attacks and outlines tools that can be used for scanning, attacking, and testing the security of VoIP systems. It concludes with recommendations for countermeasures like firewalls, encryption, and network hardening to better secure VoIP infrastructures.
This presentation contain basic knowledge about how voIP work and what are the security threat in voIP. It will also contain how we can prevent attack on voIP system.
Become Wireshark Certified - https://www.udemy.com/wireshark-tutorial/?couponCode=CEWS Understand Wireshark and how this network analyzer tool can help you succeed in your Wireshark job!
Brief introduction into SIP protocol, how it works, common problems to solve. Tech. details about handshake, SIP Trunks and SIP trunking. Market research.
This presentation contain basic knowledge about how voIP work and what are the security threat in voIP. It will also contain how we can prevent attack on voIP system.
Become Wireshark Certified - https://www.udemy.com/wireshark-tutorial/?couponCode=CEWS Understand Wireshark and how this network analyzer tool can help you succeed in your Wireshark job!
Brief introduction into SIP protocol, how it works, common problems to solve. Tech. details about handshake, SIP Trunks and SIP trunking. Market research.
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
This is my Athcon 2013 slide set. I also demonstrated that attacking mobile applications via SIP Trust, scanning via SIP proxies and MITM fuzzing in Live Demo.
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
VoIP attacks have evolved, and they are targeting Unified Communications (UC), commercial services, hosted environment and call centres using major vendor and protocol vulnerabilities. This workshop is designed to demonstrate these cutting edge VoIP attacks, and improve the VoIP skills of the incident response teams, penetration testers and network engineers. Signalling protocols are the centre of UC environments, but also susceptible to IP spoofing, trust issues, call spoofing, authentication bypass and invalid signalling flows. They can be hacked with legacy techniques, but a set of new attacks will be demonstrated in this workshop. This workshop includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy use to analyse signalling services using novel techniques. Also the well-known attacks to the network infrastructure will be combined with the current VoIP vulnerabilities to test the target workshop network. Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by Fatih). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts, Cisco CUCDM exploitation and debugging services using as MITM. Furthermore, Viproy provides these attack modules in the Metasploit Framework environment with full integration. The workshop contains live demonstration of practical VoIP attacks and usage of the Viproy modules.
In this hands-on workshop, attendees will learn about basic attack types for UC infrastructure, advanced attacks to the SIP protocol weaknesses, Cisco Skinny protocol hacking, hacking Cisco CUCDM and CUCM servers, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy VoIP pen-test kit to analyse VoIP services using novel techniques. New CDP, CUCDM and Cisco Skinny modules and techniques of Viproy will be demonstrated in the workshop as well.
Presented by: Muhammad Yeasir Arafat
ElastixWorld 2013
Today, the session initiation protocol (SIP) is the predominant protocol for IP Telephony Signalling. The intention of this paper is to present an overview of IP Telephony security issues - both current and future – focusing on SIP. We start by presenting some fundamental differences between IP Telephony and the public switched telephone network (PSTN). We then look at specific problems for SIP signalling that arise from these differences. We summarize current activities regarding SIP security, including recent developments in the research community and standardization efforts within the IETF. Finally, the paper gives an outlook on the security issues of IP Telephony.
Download paper at: http://elx.ec/ssiipt
The Session Initiation Protocol (SIP) is the dominant signaling protocol used in VoIP today. It is
responsible for the establishment, control and termination of sessions by exchanging ASCII-text-based
messages between the endpoints. This post goes through the basic components of SIP: messages and
logical entities.
Switching: means receiving data on a certain port and forwarding it to appropriate port transparently, just care about the next hop, so it is a layer 2 action.
Examples of Layer 2 devices: NIC, Bridge and Switch.
Hierarchical network design with access, distribution and core layers.
The benefits of the hierarchical network design.
Understanding hierarchical network design principles such as network diameter, bandwidth aggregation and redundancy.
The definition converged network.
Understanding different switch features:
1. Form Factors (Fixed, Modular and Stackable)
2. Performance (Port Density)
3. Performance (Forwarding Rates & Link Aggregation)
4. Power over Ethernet
5. L3 Functions
Access Layer Switch Features.
Distribution Layer Switch Features.
Core Layer Switch Features
Features of Cisco Catalyst Switches
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
This is my Athcon 2013 slide set. I also demonstrated that attacking mobile applications via SIP Trust, scanning via SIP proxies and MITM fuzzing in Live Demo.
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
VoIP attacks have evolved, and they are targeting Unified Communications (UC), commercial services, hosted environment and call centres using major vendor and protocol vulnerabilities. This workshop is designed to demonstrate these cutting edge VoIP attacks, and improve the VoIP skills of the incident response teams, penetration testers and network engineers. Signalling protocols are the centre of UC environments, but also susceptible to IP spoofing, trust issues, call spoofing, authentication bypass and invalid signalling flows. They can be hacked with legacy techniques, but a set of new attacks will be demonstrated in this workshop. This workshop includes basic attack types for UC infrastructure, advanced attacks to the SIP and Skinny protocol weaknesses, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy use to analyse signalling services using novel techniques. Also the well-known attacks to the network infrastructure will be combined with the current VoIP vulnerabilities to test the target workshop network. Attacking VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by Fatih). It has a dozen modules to test trust hacking issues, information collected from SIP and Skinny services, gaining unauthorised access, call redirection, call spoofing, brute-forcing VoIP accounts, Cisco CUCDM exploitation and debugging services using as MITM. Furthermore, Viproy provides these attack modules in the Metasploit Framework environment with full integration. The workshop contains live demonstration of practical VoIP attacks and usage of the Viproy modules.
In this hands-on workshop, attendees will learn about basic attack types for UC infrastructure, advanced attacks to the SIP protocol weaknesses, Cisco Skinny protocol hacking, hacking Cisco CUCDM and CUCM servers, network infrastructure attacks, value added services analysis, Cdr/Log/Billing analysis and Viproy VoIP pen-test kit to analyse VoIP services using novel techniques. New CDP, CUCDM and Cisco Skinny modules and techniques of Viproy will be demonstrated in the workshop as well.
Presented by: Muhammad Yeasir Arafat
ElastixWorld 2013
Today, the session initiation protocol (SIP) is the predominant protocol for IP Telephony Signalling. The intention of this paper is to present an overview of IP Telephony security issues - both current and future – focusing on SIP. We start by presenting some fundamental differences between IP Telephony and the public switched telephone network (PSTN). We then look at specific problems for SIP signalling that arise from these differences. We summarize current activities regarding SIP security, including recent developments in the research community and standardization efforts within the IETF. Finally, the paper gives an outlook on the security issues of IP Telephony.
Download paper at: http://elx.ec/ssiipt
The Session Initiation Protocol (SIP) is the dominant signaling protocol used in VoIP today. It is
responsible for the establishment, control and termination of sessions by exchanging ASCII-text-based
messages between the endpoints. This post goes through the basic components of SIP: messages and
logical entities.
Switching: means receiving data on a certain port and forwarding it to appropriate port transparently, just care about the next hop, so it is a layer 2 action.
Examples of Layer 2 devices: NIC, Bridge and Switch.
Hierarchical network design with access, distribution and core layers.
The benefits of the hierarchical network design.
Understanding hierarchical network design principles such as network diameter, bandwidth aggregation and redundancy.
The definition converged network.
Understanding different switch features:
1. Form Factors (Fixed, Modular and Stackable)
2. Performance (Port Density)
3. Performance (Forwarding Rates & Link Aggregation)
4. Power over Ethernet
5. L3 Functions
Access Layer Switch Features.
Distribution Layer Switch Features.
Core Layer Switch Features
Features of Cisco Catalyst Switches
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.
Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.
Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.
• A brief introduction to Microsoft Lync ecosystem
• Security requirements, design vulnerabilities and priorities
• Modern threats against commercial Microsoft Lync services
• Demonstration of new attack vectors against target test platform
Overview of VoIP (Voice over IP) and FoIP (Fax over IP) technologies like Session Initiation Protocol and H.323.
Even though voice over IP (VoIP) was hailed as a technological innovation, the idea to transport real-time traffic over TCP/IP networks was not new back in the 1990s when VoIP started being deployed in networks. Chapter 2.5 of the venerable RFC793 (TCP) shows both data oriented application traffic as well as voice being transported over IP based networks.
Nevertheless, VoIP puts high demands on signal and protocol processing capabilities so it became possible at reasonable costs only in the 1990s.
VoIP can be roughly split into two main functions. Signaling protocols like SIP (Session Initiation Protocol), H.323 and MGCP/H.248 are used to establish a conference session and the data path for transporting real-time voice data packets. SIP has largely supplanted H.323 in recent years to its simpler structure and packet sequences. MGCP and H.248 are mostly used in carrier backbone networks.
Protocols like RTP (Real Time Protocol) transport voice packets and provide the necessary information for receivers to equalize packet flow variations to provide a smooth playback of the original voice signal.
Voice codecs are one of the core functions of the data path. Voice compression reduces the bandwidth required to transport voice over an IP based network. Compression may be less of a concern in local area networks with gigabit speeds, on slower links like 3G (UMTS, LTE) it still makes a lot of sense.
The algorithms used in different codecs make use of various characteristics of the characteristics of human speech recognition. Redundant information is removed from the signals thus slightly reducing the quality, but greatly reducing the required bandwidth.
In VoIP networks, the echo problem is typically compounded by the increased delay incurred by packetization of voice signals. To counteract the echo problem, VoIP gear (hard phones, soft phones, gateways) include echo cancelers to remove echo signals from the transmit signal.
To transport facsimile over an IP based network, even more technology is needed. Facsimile protocols are very susceptible to delay and delay variation and thus need more compensation algorithms. Protocols like T.38 terminate facsimile protocols like T.30 (analog facsimile) and transport the fax images as digitized pictures over IP based networks.
Black Hat USA 2016 - Presentation Video
https://www.youtube.com/watch?v=rl_kp5UZKlw
Larger organisations are using VoIP within their commercial services and corporate communications and the take up of cloud based Unified Communications (UC) solutions is rising every day. However, response teams and security testers have limited knowledge of VoIP attack surfaces and threats in the wild. Due to this lack of understanding of modern UC security requirements, numerous service providers, larger organisations and subscribers are leaving themselves susceptible to attack. Current threat actors are repurposing this exposed infrastructure for botnets, toll fraud etc.
The talk aims to arm response and security testing teams with knowledge of cutting-edge attacks, tools and vulnerabilities for VoIP networks. Some of the headlines are: attacking cloud based VoIP solutions to jailbreak tenant environments; discovering critical security vulnerabilities with the VoIP products of major vendors; exploiting harder to fix VoIP protocol and service vulnerabilities; testing the security of IP Multimedia Subsystem (IMS) services; and understanding the toolset developed by the author to discover previously unknown vulnerabilities and to develop custom attacks. In addition, the business impact of these attacks will be explained for various implementations, such as cloud UC services, commercial services, service provider networks and corporate communication. Through the demonstrations, the audience will understand how can they secure and test their communication infrastructure and services. The talk will also be accompanied by the newer versions of Viproy and Viproxy developed by the author to operate the attack demonstrations.
Voice over Internet Protocol (VoIP) is a general term for a family of transmission technologies for delivery of voice communications over IP networks such as the Internet or other packet-switched networks.
Nowadays VoIP technologies have taken the upper hand offering many advantages compared to the traditional telephone network, but what are the security risks involved when voice and data networks come together. In this presentation, we will identify and evaluate these different security risks and their countermeasures both from a defensive as offensive position.
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.
Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.
Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.
• A brief introduction to Microsoft Lync ecosystem
• Security requirements, design vulnerabilities and priorities
• Modern threats against commercial Microsoft Lync services
• Demonstration of new attack vectors against target test platform
Internet protocol (VoIP) is the technology of digitizing sound, compressing it, breaking it up into data packets, and sending it over an IP network.The conventional technique used for sending voice is PSTN (public switched telephone network) . As data traffic has higher speed than telephone traffic, so what we do most of the time we prefer to send voice over data networks. Voice over internet protocol (VoIP) is a method of telephone communication over a data network.
Introduction to VoIP, 2nd chapter of "Unified Communications with Elastix" Vol.1
We recommend to read the chapter along with the presentation.
http://elx.ec/chapter2
The slides for the "Fuzzing Janus for fun and profit" paper I presented at IPTComm 2019, in Chicago. Simon (Romano) came up with the title, as a homage to the famous "Smashing the stack for fun and profit" article.
My talk on the excellent work Alessandro Toppi did at Meetecho on investigating the different code fuzzing options, and how it was eventually integrated in Janus for improving the robustness of the WebRTC stack (RTP, RTCP and SDP currently). It includes considerations on sharing corpora files and making this all distributed via OSS-Fuzz.
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansLiving Online
In the past five years, technologies have converged to such an extent that one can transmit voice, fax and video over the same internet protocol network that one uses for data. This workshop examines Voice over IP (VoIP) technologies and provides you with the skills to competently implement a VoIP network for your organisation. Numerous case studies and exercises throughout the course ensure that you get a good grasp on the technologies used. Solid practical advice is given on application, implementation and most importantly troubleshooting these systems.
MORE INFORMATION: http://www.idc-online.com/content/practical-fundamentals-voice-over-ip-voip-engineers-and-technicians-3
Join us for an introductory webinar on VoIP and learn:
- The fundamental principles of VoIP including RTP and SIP
- What voice metrics to measure and why they matter
- The different methods to monitor and troubleshoot VoIP
The Transmission Control Protocol (TCP) is used by the vast majority of applications to transport their data reliably across the Internet and in the cloud. TCP was designed in the 1970s and has slowly evolved since then. Today's networks are multipath: mobile devices have multiple wireless interfaces, datacenters have many redundant paths between servers, and multihoming has become the norm for big server farms. Meanwhile, TCP is essentially a single-path protocol: when a TCP connection is established, the connection is bound to the IP addresses of the two communicating hosts and these cannot change. Multipath TCP (MPTCP) is a major modification to TCP that allows multiple paths to be used simultaneously by a single transport connection. Multipath TCP circumvents the issues mentioned above and several others that affect TCP. The IETF is currently finalising the Multipath TCP RFC and an implementation in the Linux kernel is available today.
This tutorial will present in details the design of Multipath TCP and the role that it could play in cloud environments. We will start with a presentation of the current Internet landscape and explain how various types of middleboxes have influenced the design of Multipath TCP. Second we will describe in details the connection establishment and release procedures as well as the data transfer mechanisms that are specific to Multipath TCP. We will then discuss several use cases for the deployment of Multipath TCP including improving the performance of datacenters and
mobile WiFi offloading on smartphones. All these use cases are key when both accessing cloud-based services or when providing them. We will end the tutorial with some open research issues.
This tutorial was given at the IEEE Cloud'Net 2012 conference in novembrer 2012.
The pptx version containing animations that are not shown here is available from http://www.multipath-tcp.org
VOIP SoftSwitch Providers Solution powered by Session Initiation Protocol or SIP is highly efficient in performing ITSPs to offer: - PC to Phone, PC to PC, IP Phone to Phone and IP Device to Phone , phone to phone and calling card services.
VoIP InfoTech provides direct solution to route the calls from one network to varied networks through the prescribed path of internet protocol. This prescribed path of VOIP SoftSwitch technology route calls on integrated network circuits and packets based networks like PTSN; instead, of conventional landlines.
VoIP InfoTech provides direct solution to route the calls from one network to varied networks through the prescribed path of internet protocol. This prescribed path of VOIP SoftSwitch technology route calls on integrated network circuits and packets based networks like PTSN; instead, of conventional landlines.
Similar to VoIP – vulnerabilities and attacks (20)
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
2. Agenda
• Introduction to VoIP
– VoIP Architecture
– VoIP Components
– VoIP Protocols
• A PenTester Perspective
– Attack Vectors
– Scanning
– Attacks
– Tools of Trade
– Countermeasures and Security
http://null.co.in/ http://nullcon.net/
4. VoIP
• IP Telephony
• Voice over Internet Protocol
• Subset of IP Telephony
• Transmission of “Voice” over Packet-Switched
Network.
• Is it only Voice??? – Data, Audio, Video
http://null.co.in/ http://nullcon.net/
5. VoIP
• Voice Analog Signals are converted to digital
bits - “Sampled” and transmitted in packets
Analog Voice
Signals
101010101010
1101101101
Analog Voice
1010101010101101101 101010101010110110
Signals 101 1101
101010101010
1101101101 Internet
1010101010101101101 101010101010110110
101 1101
http://null.co.in/ http://nullcon.net/
6. VoIP Architecture
Ordinary Phone ATA Ethernet Router Internet
http://null.co.in/ http://nullcon.net/
7. VoIP Architecture
IP Phone Ethernet IP-PBX Router Internet
Internet
IP Phone IP - PBX Modem / Router
http://null.co.in/ http://nullcon.net/
8. VoIP Architecture
Softphone Phone Ethernet Router Internet
Internet
http://null.co.in/ http://nullcon.net/
10. VoIP Components
• User Agents (devices) • Redirect Servers
• Media gateways • Registrar Servers
• Signaling gateways • Location Servers
• Network management system
• Gatekeepers • Billing systems
• Proxy Servers
GW Gateway MG Media Gateway GK Gatekeeper
MGC Media Gateway Controller NMS Network Management System
IVR Interactive Voice Response
http://null.co.in/ http://nullcon.net/
11. VoIP Protocols
• Vendor Proprietary
• Signaling Protocols
• Media Protocols
http://null.co.in/ http://nullcon.net/
12. VoIP Protocols
SIP Session Initiation Protocol SAP Session Announcement Protocol
SGCP Simple Gateway Control Protocol MIME Multipurpose Internet Mail
IPDC Internet Protocol device Control Extensions – Set of Standards
RTP Real Time Transmission Protocol IAX Inter-Asterisk eXchange
SRTP Secure Real Time Transmission Protocol Megaco H.248 Gateway Control Protocol
RTCP RTP Control Protocol RVP over IP Remote Voice Protocol over IP
SRTCP Secure RTP Control Protocol RTSP Real Time Streaming Protocol
MGCP Media Gateway Control Protocol SCCP Skinny Client Control Protocol (Cisco).
SDP Session Description Protocol UNISTIM Unified Network Stimulus (Nortel).
http://null.co.in/ http://nullcon.net/
26. VoIP – Attacks Demo
• Password Cracking
– Tools Used :
• SIPDump
• SIPCrack
• svcrack
http://null.co.in/ http://nullcon.net/
27. VoIP - Attacks
Some Default Passwords for VoIP Devices and Consoles:
Device / Console Username Password
Uniden UIP1868P VoIP - admin
phone Web Interface
Hitachi IP5000 VOIP WIFI - 0000
Phone 1.5.6
Vonage VoIP Telephone user user
Adapter
Grandstream Phones - Web Administrator /admin admin
Adimistrator Interface
user user
•Asterisk Manager User Accounts are configured in /etc/asterisk/manager.conf
http://null.co.in/ http://nullcon.net/
29. Countermeasures & Security
• Separate Infrasrtucture
• Do not integrate Data and VoIP Networks
• VoIP-aware Firewalls,
• Secure Protocols like SRTP,
• Session Encryption using SIP/TLS, SCCP/TLS
• Harden Network Security – IDS – IPS - NIPS
http://null.co.in/ http://nullcon.net/
30. Thank You
See you all @ nullcon - Delhi
http://null.co.in/ http://nullcon.net/
Editor's Notes
IP Telephony - 1990
Run all VoIP traffic through a separate Internet connection, separating voice and data into their own network segments (VLAN). Set up separate servers dedicated just to VoIP traffic and firewall them apart from the rest of your network. VoIP connections between different buildings use a Virtual Private Network (VPN) to authenticate users to prevent spoofing. Avoid use of cheap VoIP systems. Encrypt any VoIP traffic to keep it confidential and prevent eavesdropping by network sniffers. Put VoIP servers in a secure physical location. Make sure all routers and servers hosting your VoIP system have been hardened and all unnecessary services turned off and ports closed. Restrict access to VoIP servers to only system administrators and log and monitor all access. Use intrusion detection systems to monitor malicious attempts to access your VoIP network. Employ a defense-in-depth of strategy with multiple layers of security, including dedicated VoIP-ready firewalls. Test all devices that send, receive or parse VoIP protocols, including handsets, softphones, SIP proxies, H.323 gateways, call managers and firewalls that VoIP messages pass through.