Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures Paperback – Aug 1 2007
|New from||Used from|
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
From the Back Cover
In" Securing VoIP Networks, "two leading experts systematically review the security risks and vulnerabilities associated with VoIP networks and offer proven, detailed recommendations for securing them. Drawing on case studies from their own fieldwork, the authors address VoIP security from the perspective of real-world network implementers, managers, and security specialists. The authors identify key threats to VoIP networks, including eavesdropping, unauthorized access, denial of service, masquerading, and fraud; and review vulnerabilities in protocol design, network architecture, software, and system configuration that place networks at risk. They discuss the advantages and tradeoffs associated with protection mechanisms built into SIP, SRTP, and other VoIP protocols; and review key management solutions such as MIKEY and ZRTP. Next, they present a complete security framework for enterprise VoIP networks, and provide detailed architectural guidance for both service providers and enterprise users. 1 Introduction 2 VoIP Architectures and Protocols 3 Threats and Attacks 4 VoIP Vulnerabilites 5 Signaling Protection Mechanisms 6 Media Protection Mechanisms 7 Key Management Mechanisms 8 VoIP and Network Security Controls 9 A Security Framework for Enterprise VoIP Networks 10 Provider Architectures and Security 11 Enterprise Architectures and Security
About the Author
Peter Thermos is CTO of Palindrome Technologies, which provides information
security consulting services to government and commercial organizations.
Peter started his career at Bellcore (now Telcordia) as a member of the technical
staff and later as a principal technical expert on key information security and
assurance tasks. He is a frequent speaker at conferences and industry forums
including the IEEE, MIS, IEC, ISACA, VON, and others. Peter is also known
for his contributions to the security community for discovering software
vulnerabilities, the release of SiVuS (The First VoIP Vulnerability Scanner)
and the vopsecurity.org Forum. Peter holds a Masters Degree in Computer
Science from Columbia University where he is currently furthering his
Ari Takanen is founder and CTO of Codenomicon. Since 1998, Ari has
focused on information security issues in next-generation networks and security
critical environments. He began at Oulu University Secure Programming Group
(OUSPG) as a contributing member to PROTOS research that studied information
security and reliability errors in WAP, SNMP, LDAP, and VoIP implementations.
Ari and his company, Codenomicon Ltd. provide and commercialize automated
tools using a systematic approach to test a multitude of interfaces on mission-critical
software, VoIP platforms, Internet-routing infrastructure, and 3G devices.
Codenomicon and the University of Oulu aim to ensure new technologies are
accepted by the general public, by providing means of measuring and ensuring
quality in networked software. Ari has been speaking at numerous security and
testing conferences on four continents and has been invited to speak at leading
universities and international corporations.See all Product Description
Top Customer Reviews
Most Helpful Customer Reviews on Amazon.com (beta)
I was excited when this book came out, I have been following some of the author's Thermos and Takanen work and I think they were the perfect team for this book.
I feel that Chapter 3 and 4, threats and attacks and VoIP vulnerabilities are by far the strongest chapters and they alone are worth the purchase price of the book.
The majority of the rest of the book is focused on mitigating controls and it is solid writing, solid research, but not quite at the level of the pen test side of the book.
Chapters 10 and 11 are invaluable to anyone considering a VoIP deployment including a deployment where you are depending on a service provider. The charts and diagrams are clear and easy to understand, the whole book team is to be commended for that, this is a complex subject.
If you are even thinking about VoIP, you should read this book.
In Security VoIP Networks: Threats, Vulnerabilities, and Countermeasures, authors Peter Thermos and Ari Takanen do a superb job of illustrating the insecurities of VoIP. Not to suggest that it is just so inherently insecure that it should never be used, but C-level execs, and IT managers and administrators should be familiar with the information in this book before moving forward to deploy VoIP.
Chapter 2, 'VoIP Architecture and Protocols', provides a solid foundation on the basic components and technologies that make up VoIP. It is the next couple chapters that are the most valuable though. In 'VoIP Vulnerabilities', and 'Threats and Attacks', Thermos and Takanen demonstrate the weaknesses of VoIP and the simplicity with which VoIP communications can be disrupted or intercepted if not set up properly.
Chapters 5 - 8 analyze different security controls and protection mechanisms. One issue I had was that it was difficult to draw a one-to-one correlation and find the security countermeasures to defend against attacks identified earlier. The information is solid though.
The book wraps up by providing a look at what a VoIP security framework should entail, and architecture diagrams to help you create and deploy a secure VoIP solution.
I wish that the book were organized to relate the threats and attacks to the countermeasures more clearly -- I find it easier to understand a security protocol when someone shows me what attacks it can and can't block. I'd like to see a book like this that focuses on SIP/RTP VoIP in more depth and leaves out H.323 -- I know H.323 is more widely deployed, but SIP/RTP seems to be where the big vendors are headed. Still, these are minor quibbles -- I would recommend this book to anyone who needs an introduction to VoIP network security.
Look for similar items by category
- Books > Business & Investing > Industries & Professions > E-commerce
- Books > Computers & Technology > Certification Central
- Books > Computers & Technology > History & Culture > Privacy
- Books > Computers & Technology > Internet & Social Media
- Books > Computers & Technology > Networking & Cloud Computing > Internet, Groupware, & Telecommunications
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Computers & Technology > Networking & Cloud Computing > Networks, Protocols & APIs > Networks
- Books > Computers & Technology > Networking & Cloud Computing > Telephony
- Books > Computers & Technology > Security & Encryption > Privacy & Online Safety
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Textbooks > Computer Science & Information Systems > Networking