Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.
- Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardware
- Fortify Cisco, Avaya, and Asterisk systems
- Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
- Thwart number harvesting, call pattern tracking, and conversation eavesdropping
- Measure and maintain VoIP network quality of service and VoIP conversation quality
- Stop DoS and packet flood-based attacks from disrupting SIP proxies and phones
- Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
- Avoid insertion/mixing of malicious audio
- Learn about voice SPAM/SPIT and how to prevent it
- Defend against voice phishing and identity theft scams
About the Authors
David Endler is the director of security research for 3Com's security division, TippingPoint, where he oversees product security testing, the VoIP security research center, and their vulnerability research team. While at TippingPoint, David founded an industry-wide group called the Voice over IP Security Alliance (VoIPSA) in 2005. VoIPSA's mission is to help VoIP adoption by promoting the current state of VoIP security research, testing methodologies, best practices, and tools. David is currently the chairman of VoIPSA, which boasts over 100 members from the VoIP vendor, carrier, and security space.
Prior to TippingPoint, David was the technical director at a security services startup, iDefense, Inc., which was acquired by VeriSign. iDefense specializes in cybersecurity intelligence, tracking the activities of cybercriminals and hackers, in addition to researching the latest vulnerabilities, worms, and viruses. Prior to iDefense, David spent many years in cutting-edge security research roles with Xerox Corporation, the National Security Agency, and the Massachusetts Institute of Technology.
As an internationally recognized security expert, David is a frequent speaker at major industry conferences and has been quoted and featured in many top publications and media programs, including the Wall Street Journal, USA Today, BusinessWeek, Wired Magazine, the Washington Post, CNET, Tech TV, and CNN. David has authored numerous articles and papers on computer security and was named one of the Top 100 Voices in IP Communications by IP Telephony Magazine.
David graduated summa cum laude from Tulane University where he earned a bachelor's and master's degree in computer science.
Mark Collier is the chief technology officer at SecureLogix corporation, where he directs the company's VoIP security research and development. Mark also defines and conducts VoIP security assessments for SecureLogix's enterprise customers. Mark is actively performing research for the U.S. Department of Defense, with a focus on developing SIP vulnerability assessment tools.
Prior to SecureLogix, Mark was with Southwest Research Institute (SwRI), where he directed a group performing research and development in the areas of computer security and information warfare.
Mark is a frequent speaker at major VoIP and security conferences. He has authored numerous articles and papers on VoIP security and is also a founding member of the Voice over IP Security Alliance (VoIPSA).
Mark graduated magna cum laude from St. Mary's University, where he earned a bachelor's degree in computer science.