Hacking VoIP

Protocols, Attacks, and Countermeasures
by Himanshu Dwivedi

October 2008, 232 pp.
ISBN: 978-1-59327-163-3
Contents | Reviews | Updates

Download Chapter 7: "Unconventional VoIP Security Threats"

Voice over Internet Protocol (VoIP) networks have freed users from the tyranny of big telecom, allowing people to make phone calls over the Internet at very low or no cost. But while VoIP is easy and cheap, it's notoriously lacking in security. With minimal effort, hackers can eavesdrop on conversations, disrupt phone calls, change caller IDs, insert unwanted audio into existing phone calls, and access sensitive information.

Hacking VoIP takes a dual approach to VoIP security, explaining its many security holes to hackers and administrators. If you're serious about security, and you either use or administer VoIP, you should know where VoIP's biggest weaknesses lie and how to shore up your security. And if your intellectual curiosity is leading you to explore the boundaries of VoIP, Hacking VoIP is your map and guidebook.

Hacking VoIP will introduce you to every aspect of VoIP security, both in home and enterprise implementations. You'll learn about popular security assessment tools, the inherent vulnerabilities of common hardware and software packages, and how to:

  • Identify and defend against VoIP security attacks such as eavesdropping, audio injection, caller ID spoofing, and VoIP phishing
  • Audit VoIP network security
  • Assess the security of enterprise-level VoIP networks such as Cisco, Avaya, and Asterisk, and home VoIP solutions like Yahoo! and Vonage
  • Use common VoIP protocols like H.323, SIP, and RTP as well as unique protocols like IAX
  • Identify the many vulnerabilities in any VoIP network

Whether you’re setting up and defending your VoIP network against attacks or just having sick fun testing the limits of VoIP networks, Hacking VoIP is your go-to source for every aspect of VoIP security and defense.


About the Author

Himanshu Dwivedi is a leading security expert and researcher. He has published four books, Hacking Exposed: Web 2.0 (McGraw-Hill), Securing Storage (Addison Wesley), Hacker's Challenge 3 (McGraw-Hill), and Implementing SSH (Wiley). A founder of iSEC Partners, Himanshu manages iSEC's product development and engineering, specialized security solutions, and the creation of security testing tools for customers.


Table of Contents

Acknowledgments

Introduction
Chapter 1: An Introduction to VoIP Security

PART I: VoIP Protocols
Chapter 2: Signaling: SIP Security
Chapter 3: Signaling: H.323 Security
Chapter 4: Media: RTP Security
Chapter 5: Signaling and Media: IAX Security

PART II: VoIP Security Threats
Chapter 6: Attacking VoIP Infrastructure
Chapter 7: Unconventional VoIP Security Threats
Chapter 8: Home VoIP Solutions

PART III: Assess and Secure VoIP
Chapter 9: Securing VoIP
Chapter 10: Auditing VoIP for Security Best Practices

Index

View the detailed Table of Contents (PDF)

View the Index (PDF)

(top)

Reviews

"Hacking VoIP is a practical guide for evaluating and testing VoIP implementation in your enterprise. I liked the concept where the author focused just on 'upper scale' deployments, making the book perfect for the system administrators that are getting deeper into the world of securing VoIP."
—(IN)SECURE Magazine (Download the March 2009 issue here)

"With VoIP rapidly proving to be a very cost-effective alternative to closed, proprietary network solutions, it is also shaping up to become the next white and black hacker battleground. Reading Himanshu's book supplies a meaningful education on the positive and negative opportunities that the technology can deliver developers, security professionals and users alike."
—Dr. Dobb's CodeTalk (Read More)

"With a focused audience and a clear goal, the book does justice to a technology moving towards maturity even as it finds a growing acceptance in the enterprise."
—Desicritics.org (Read More)

"I've never really thought about the subject and this book was a great introduction--not too light and a good read. I highly recommend it if you are remotely interested in the subject."
—misfitgeek.com (Read More)

"Hacking VoIP is an informative and well-organized book that will appeal to readers already familiar with VoIP...As computer books go, this is an enjoyable read."
—The Tech Static (Read More)

"The book provides a good background on the VoIP protocols themselves, and Dwivedi does an excellent job of explaining the weaknesses and exploits. VoIP admins should read this book and follow Dwivedi's advice to protect their VoIP environments."
—Tony Bradley, About.com (Read More)

"The content is . . . presented clearly with excellent wording and just enough detail to get me started."
—Kramses blog (Read More)

(top)