• Hacking VoIP

    by  • July 29, 2009 • G-I

    Rating

    The Bottom Line

    Voice over IP (VoIP) is quickly replacing traditional telephone systems for both consumers and enterprises. Merging voice communications onto the data network provdies a variety of benefits, however it is also a double-edged sword that opens voice communications to a whole new realm of attacks and security issues. Himanshu Dwivedi takes on the task of explaining the security concerns of VoIP and providing actionable information you can use to protect your voice communications from these attacks.

    Pros

    • Solid coverage of voice over IP security issues
    • Provides good understanding of the underlying protocols
    • Lab setup instructions enable reader to follow VoIP tests in book

    Cons

    • Little information for consumers- mostly for enterprise VoIP admins

    Description

    • Dwivedi does a good job of explaining the various protocols used for VoIP communications
    • Lab setup instructions walk the reader through building an environment to test out the exploits and attacks
    • Comprehensive coverage of VoIP protocols and the security issues to be concerned with
    • Provides countermeasures and mitigations to help protect VoIP communications from the attacks discussed
    • Detailed without being overwhelming. Very readable at 220 pages

    Review

    Voice over IP (VoIP) communications are a core component of the next wave of communications. Consumers and enterprises both are beginning to grasp the benefits of VoIP communications and making the switch from traditional voice communications to VoIP.

    VoIP can be a double-edged sword as well though. It provides cost savings. It adds flexibility and extensibility that isn’t possible with traditional telephone communications. It enables a whole new scope of applications to interact with and leverage voice communications in whole new ways.

    However, with all of those benefits, it also merges voice data onto the standard data network and exposes what was a relatively secure system to a wide variety of attacks and exploits. Traditional voice attacks like eavesdropping or wiretapping are still issues, but on a grander scale. And now voice communications can also be subjected to denial-of-service (DoS) and man-in-the-middle (MiTM) and other attacks that have traditionally been reserved for data networks.

    With Hacking VoIP: Protocols, Attacks, and Countermeasures from No Starch Press, Himanshu Dwivedi explores the security issues inherent with VoIP communications and how to protect your VoIP system against them.

    Dwivedi opens the book by walking through how to build a VoIP lab environment to use as you read through the book to get first-hand experience and understanding of the VoIP attacks and exploits and the countermeasures to use against them. This hands-on experience helps the reader to see the attacks in action rather than just reading about them.

    The book provides a good background on the VoIP protocols themselves, and Dwivedi does an excellent job of explaining the weaknesses and exploits. VoIP admins should read this book and follow Dwivedi’s advice to protect their VoIP environments.

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com