This is the perfect guide if VoIP engineering is not your specialty. It is the perfect introduction to VoIP security, covering exploit tools and how they can be used against VoIP (Voice over IP) systems. It gives the basics of attack methodologies used against the SIP and H.323 protocols as well as VoIP network infrastructure.
* VoIP Isn't Just Another Data Protocol
IP telephony uses the Internet architecture, similar to any other data application. However, from a security administrator's point of view, VoIP is different. Understand why.
* What Functionality Is Gained, Degraded, or Enhanced on a VoIP Network?
Find out the issues associated with quality of service, emergency 911 service, and the major benefits of VoIP.
* The Security Considerations of Voice Messaging
Learn about the types of security attacks you need to protect against within your voice messaging system.
* Understand the VoIP Communication Architectures
Understand what PSTN is and what it does as well as the H.323 protocol specification, and SIP Functions and features.
* The Support Protocols of VoIP Environments
Learn the services, features, and security implications of DNS, TFTP, HTTP, SNMP, DHCP, RSVP, SDP, and SKINNY.
* Securing the Whole VoIP Infrastructure
Learn about Denial-of-Service attacks, VoIP service disruption, call hijacking and interception, H.323-specific attacks, and SIP-specific attacks.
* Authorized Access Begins with Authentication
Learn the methods of verifying both the user identity and the device identity in order to secure a VoIP network.
* Understand Skype Security
Skype does not log a history like other VoIP solutions, understand the implications of conducting business over a Skype connection.
* Get the Basics of a VoIP Security Policy
Use a sample VoIP Security Policy to understand the components of a complete policy.
*Provides system administrators with hundreds of tips, tricks, and scripts to complete administration tasks more quickly and efficiently
*Short on theory, history, and technical data that ultimately is not helpful in performing their jobs
*Avoid the time drains associated with securing VoIP
The Perfect Reference for the Multitasked SysAdminThis is the perfect guide if VoIP engineering is not your specialty. It is the perfect introduction to VoIP security, covering exploit tools and how they can be used against VoIP (Voice over IP) systems. It gives the basics of attack methodologies used against the SIP and H.323 protocols as well as VoIP network infrastructure. * VoIP Isn't Just Another Data ProtocolIP telephony uses the Internet architecture, similar to any other data application. However, from a security administrator's point of view, VoIP is different. Understand why. * What Functionality Is Gained, Degraded, or Enhanced on a VoIP Network?Find out the issues associated with quality of service, emergency 911 service, and the major benefits of VoIP.* The Security Considerations of Voice MessagingLearn about the types of security attacks you need to protect against within your voice messaging system.* Understand the VoIP Communication ArchitecturesUnderstand what PSTN is and what it does as well as the H.323 protocol specification, and SIP Functions and features.* The Support Protocols of VoIP EnvironmentsLearn the services, features, and security implications of DNS, TFTP, HTTP, SNMP, DHCP, RSVP, SDP, and SKINNY.* Securing the Whole VoIP InfrastructureLearn about Denial-of-Service attacks, VoIP service disruption, call hijacking and interception, H.323-specific attacks, and SIP-specific attacks.* Authorized Access Begins with AuthenticationLearn the methods of verifying both the user identity and the device identity in order to secure a VoIP network.* Understand Skype SecuritySkype does not log a history like other VoIP solutions; understand the implications of conducting business over a Skype connection.* Get the Basics of a VoIP Security PolicyUse a sample VoIP Security Policy to understand the components of a complete policy. Provides system administrators with hundreds of tips, tricks, and scripts to complete administration tasks more quickly and efficiently Short on theory, history, and technical data that ultimately is not helpful in performing their jobs Avoid the time drains associated with securing VoIP
Front Cover 1
How to Cheat at: VoIP Security 4
Copyright Page 5
Contents 12
Chapter 1. Introduction to VoIP Security 22
Introduction 23
The Switch Leaves the Basement 25
What Is VolP? 27
VoIP Isn't Just Another Data Protocol 30
Security Issues in Converged Networks 32
A New Security Model 36
Summary 37
Chapter 2. The Hardware Infrastructure 40
Introduction 41
Traditional PBX Systems 42
PBX Alternatives 51
VoIP Telephony and Infrastructure 52
Summary 65
Chapter 3. Architectures 66
Introduction 67
PSTN: What Is It, and How Does It Work? 67
PSTN Call Flow 82
PSTN Protocol Security 85
The H.323 Protocol Specification 88
The Primary H.323 VoIP-Related Protocols 89
H.235 Security Mechanisms 99
Understanding SIP 103
SIP Functions and Features 108
SIP Architecture 111
Instant Messaging and SIMPLE 126
Summary 130
Chapter 4. Support Protocols 132
Introduction 133
DNS 133
TFTP 139
HTTP 141
SNMP 144
DHCP 147
RSVP 150
SDP 153
Skinny 156
Summary 178
Chapter 5. Threats to VoIP Communications Systems 162
Introduction 163
Denial-of-Service or VolP Service Disruption 163
Call Hijacking and Interception 169
H.323-Specific Attacks 176
SIP-Specific Attacks 15
Summary 178
Chapter 6. Confirm User Identity 180
Introduction 181
802.1x and 802.11i (WPA2) 184
EAP Authentication Types 188
Public Key Infrastructure 196
Minor Authentication Methods 203
Summary 204
Chapter 7. Active Security Monitoring 206
Introduction 207
Network Intrusion Detection Systems 208
Host-Based Intrusion Detection Systems 217
What Is a Penetration / Vulnerability Test? 221
Summary 226
Chapter 8. Logically Segregate Network Traffic 228
Introduction 229
VLANs 230
QoS and Traffic Shaping 235
NAT and IP Addressing 236
Firewalls 246
Access Control Lists 256
Summary 258
Chapter 9. IETF Encryption Solutions for VoIP 260
Introduction 261
Suites from the IETF 261
S/MIME: Message Authentication 262
TLS: Key Exchange and Signaling Packet Security 265
SRTP: Voice/Video Packet Security 268
Summary 272
Chapter 10. Skype Security 274
Security 275
Chapter 11. Skype Firewall and Network Setup 284
A Word about Network Address Translation and Firewalls 290
What You Need to Know About Configuring Your Network Devices 290
Ports Required for Skype 292
Using Proxy Servers and Skype 297
How to Block Skype in the Enterprose 303
Endnote 304
Appendix A. Validate Existing Security Infrastructure 306
Introduction 307
Security Policies and Processes 308
Physical Security 318
Server Hardening 322
Supporting Services 334
Unified Network Management 338
Summary 342
Appendix B. The IP Multimedia Subsystem: True Converged Communications 344
Introduction 345
IMS Security Architecture 346
IMS Security Issues 346
Summary 353
Related Resources 353
Appendix C. Regulatory Compliance 354
Introduction 355
SOX: Sarbanes–Oxley Act 357
GLBA: Gramm–Leach–Bliley Act 363
HIPAA: Health Insurance Portability and Accountability Act 372
CALEA: Communications Assistance for Law Enforcement Act 381
E911: Enhanced 911 and Related Regulations 398
EU and EU Member States' eCommunications Regulations 405
Summary 411
Index 412
Contributors
Brian Baskin (MCR CTT +) is a researcher and developer for Computer Sciences Corporation, on contract to the Defense Cyber Crime Center’s (DC3) Computer Investigations Training Program (DCITP). Here, he researches, develops, and instructs computer forensic courses for members of the military and law enforcement. Brian currently specializes in Linux/Solaris intrusion investigations, as well as investigations of various network applications. He has designed and implemented networks to be used in scenarios, and he has also exercised penetration-testing procedures.
Brian has been instructing courses for six years, including presentations at the annual DoD Cyber Crime Conference. He is an avid amateur programmer in many languages, beginning when his father purchased QuickC for him when he was 11, and he has geared much of his life around the implementations of technology. He has also been an avid Linux user since 1994 and enjoys a relaxing terminal screen whenever he can. He has worked in networking environment for over 10 years from small Novell networks to large, mission-critical, Windows-based networks.
Brian lives in the Baltimore, MD, area with his lovely wife and son. He is also the founder, and president, of the Lightning Owners of Maryland car club. Brian is a motor sports enthusiast and spends much of his time building and racing his vehicles. He attributes a great deal of his success to his parents, who relinquished their household 80286 PC to him at a young age and allowed him the freedom to explore technology.
Joshua Brashars is a security researcher for the External Threat Assessment Team at Secure Science Corporation. Before that, Joshua spent many years in the telecommunications industry as an implementation consultant for traditional and VoIP PBX systems. Joshua would like to extend heartfelt thanks to his family, friends, Lance James and SSC, Johnny Long and all of johnny.ihackstuff.com, and a special nod to Natas, Strom Carlson, and lucky225 for fueling the fire in his passion for telephone systems.
Michael Cross (MCSE, MCP + I, CNA, Network +) is an Internet Specialist/Computer Forensic Analyst with the Niagara Regional Police Service (NRPS). He performs computer forensic examinations on computers involved in criminal investigation. He also has consulted and assisted in cases dealing with computer-related/Internet crimes. In addition to designing and maintaining the NRPS Web site at www.nrps.com and the NRPS intranet, he has provided support in the areas of programming, hardware, and network administration. As part of an information technology team that provides support to a user base of more than 800 civilian and uniform users, he has a theory that when the users carry guns, you tend to be more motivated in solving their problems.
Michael also owns Knight Ware (www.knightware.ca), which provides computer-related services such as Web page design, and Bookworms (www.bookworms.ca), where you can purchase collectibles and other interesting items online. He has been a freelance writer for several years, and he has been published more than three dozen times in numerous books and anthologies. He currently resides in St. Catharines, Ontario, Canada, with his lovely wife, Jennifer, his darling daughter, Sara, and charming son, Jason.
Dan Douglass (MCSE + I, MCDBA, MCSD, MCT, Brainbench .Net Programmer Job Role) is the Special Projects Manager with a cutting-edge medical software company in Dallas, TX. His latest venture is as President/Owner of a new technology firm, Code Hatchery. He currently provides software development skills and internal training and integration solutions, as well as peer guidance for technical skills development. Dan’s specialties include enterprise application integration and design; HL7, XML, XSL, C++, C#, JavaScript, Visual Basic, and Visual Basic.Net; database design and administration; Back Office and .NET Server platforms; Network design, including LAN and WAN solutions; all Microsoft operating systems; and Mac OS X, FreeBSD, and Linux. When he has free time, Dan teaches programming, database design, and database administration at a prominent Dallas university. Dan is a former U.S. Navy Nuclear Submariner and lives in Plano, TX, with his very supportive and understanding wife, Tavish.
Dan wishes to extend special thanks to his mother-in-law, Sue Moffett, for all her love and support through the years.
Bradley Dunsmore (CCNR, CCDR, CCSR, INFOSEC, MCSE + I, MCDBA) is a Software/QA engineer for the Voice Technology Group at Cisco Systems Inc. He is part of the Golden Bridge solution test team for IPT based in RTP, NC. His responsibilities include the design, deployment, testing, and troubleshooting of Cisco’s enterprise voice portfolio. His focus area is the integration of Cisco’s network security product line in an enterprise voice environment. Bradley has been working with Cisco’s network security product line for four years, and he is currently working on his CCIE lab for Security. Prior to his six years at Cisco, Bradley worked for Adtran, for Bell Atlantic, and as a network integrator in Virginia Beach, VA.
Bradley has authored, coauthored, or edited several books for Syngress Publishing and Cisco Press for network security, telecommunication, and general networking. He would like to thank his fiancée, Amanda, for her unwavering support in everything that he does. Her support makes all of this possible.
Michael Gough is host and webmaster of www.SkypeTips.com, which was launched in January 2005 and receives more than 100,000 hits per month, and www.VideoCallTips.com, which receives more than 30,000 hits per month. Michael writes articles on Skype and related issues. He also explains Skype’s options and instructions to users so that they can practically apply Skype at home and in the workplace. Michael also evaluates products used with Skype and provides feedback to the vendors on features and improvements to help drive the direction of Skype-related products. Michael is also the host and webmaster for www.VideoCallTips.com, a Web site focused on helping people understand how to make video calls to family and friends, and maintains ratings of the many video call solutions available.
Michael’s full-time employment is as a computer security consultant with 18 years’ experience in the computer technology field. Michael works for a Fortune 500 company, where he delivers security consulting services to its clients. Michael also presents for his company at many trade shows and conferences and works with associations and groups, advising agencies like the FBI on Skype security and the Center for Internet Security on wireless security.
Tony Rosela (PMP, CTT +) is a Senior Member Technical Staff with Computer Sciences Corporation working in the development and delivery of technical instructional material. He provides leadership through knowledge and experience with the operational fundamentals of PSTN architecture and how the PSTN has evolved to deliver high-quality services, including VoIP His other specialties include IP enabling voice networks, WAN voice and data network design, implementation and troubleshooting as well as spending a great deal of time in the field of computer forensics and data analysis.
Choon Shim is responsible for Qovia’s technology direction and development of the Qovia product line.
Choon was previously President at Widearea Data Systems, where he designed and developed collaboration platform software. Prior to joining Widearea Data Systems, he was the Senior Development Manager and Principal Engineer for Merant.
Choon is a successful technology leader with 20 + years’ experience architecting, building, and delivering large-scale infrastructure software products. He has extensive hands-on technical development skills and has successfully managed software teams for well-known enterprise software companies, including BMC Software and EMC Corporation.
Choon is the author of Community Works and Express/OS shareware used widely throughout the world. He is a frequent speaker at VoIP and networking conferences for academic and industry. He recently gave a keynote speech to an SNPD conference and chaired a VoIP Security Panel at Supercomm05. Choon holds a B.S. in Computer Science from Kyoungpook National University and an M.S in Electrical Engineering from the University of Wisconsin.
Michael Sweeney (CCNA, CCDA, CCNP, MCSE, SCP) is the owner of the Network Security consulting firm Packetattack.com. Packetattack.com’s specialties are network design and troubleshooting, wireless network design, security, and analysis. The Packetattack team uses industry-standard tools such as Airmagnet, AiroPeekNX, and NAI Sniffer. Packetattack.com also provides digital forensic analysis services.
Michael has been a contributing author for Syngress for the books Cisco Security Specialist’s Guide to PIX Firewalls (ISBN: 1-931836-63-9), Cisco Security Specialist’s Guide to Secure Intrusion Detection Systems (ISBN: 1-932266-69-0), and Building DMZs for Enterprise Networks (ISBN: 1-931836-88-4). Through PacketPress, Michael has also published Securing Your Network Using Linux (ISBN: 1-411621-77-8).
Michael has recently joined the ranks of “Switchers” where he is now using two OS X Macs...
| Erscheint lt. Verlag | 18.4.2011 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Technik ► Elektrotechnik / Energietechnik | |
| Technik ► Nachrichtentechnik | |
| ISBN-10 | 0-08-055353-2 / 0080553532 |
| ISBN-13 | 978-0-08-055353-5 / 9780080553535 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 53,8 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
EPUB (Adobe DRM)Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
