Hacking Exposed VoIP

Overview

Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way

"This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies." --Ron Gula, CTO of Tenable Network Security

Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.

• Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardware
• Fortify Cisco, Avaya, and Asterisk systems
• Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
• Thwart number harvesting, call pattern tracking, and conversation eavesdropping
• Measure and maintain VoIP network quality of service and VoIP conversation quality
• Stop DoS and packet flood-based attacks from disrupting SIP proxies and phones
• Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
• Avoid insertion/mixing of malicious audio
• Learn about voice SPAM/SPIT and how to prevent it
• Defend against voice phishing and identity theft scams

Table of contents

Part I: Casing the Establishment
Chapter 1: Footprinting a VoIP Network
Chapter 2: Scanning a VoIP Network
Chapter 3: Enumerating a VoIP Network
Part II: Exploiting the VoIP Underlying Platforms
Chapter 4: VoIP Network Infrastructure Denial of Service (DoS)
Chapter 5: VoIP Network Eavesdropping
Chapter 6: VoIP Interception and Modification
Part III: Exploiting Specific VoIP Platforms
Chapter 7: Cisco Unified CallManager
Chapter 8: Avaya Communication Manager
Chapter 9: Asterisk
Chapter 10: Emerging Softphone Technologies
Part IV : VoIP Session and Application Hacking
Chapter 11: VoIP Fuzzing
Chapter 12: Flood-based Disruption of Service
Chapter 13: Signaling and Media Manipulation
Part V: Social Threats
Chapter 14: SPAM over Internet Technology (SPIT)
Chapter 15: Voice Phishing
Index

Biographical note

David Endler is the Director of Security Research for TippingPoint, a division of 3Com. Previously, he performed security research for Xerox Corporation, the NSA, and MIT.  Endler is also the chairman and founder of the Voice over IP Security Alliance.Mark Collier is CTO for SecureLogix Corporation.  He is an expert author and frequent presenter on the topic of VoIP security. Collier is also a founding member of the Voice over IP Security Alliance.