Securing VoIP Networks and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $54.99
  • Save: $7.47 (14%)
Only 4 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Add to Cart
FREE Shipping on orders over $35.
Used: Very Good | Details
Condition: Used: Very Good
Comment: Light wear to the edges. Clean, unmarked pages
Access codes and supplements are not guaranteed with used items.
Add to Cart
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures Paperback – August 11, 2007

ISBN-13: 978-0321437341 ISBN-10: 0321437349 Edition: 1st

Buy New
Price: $47.52
23 New from $40.52 26 Used from $0.01
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$47.52
$40.52 $0.01
Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Frequently Bought Together

Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures + Hacking VoIP: Protocols, Attacks, and Countermeasures
Price for both: $79.35

Buy the selected items together

NO_CONTENT_IN_FEATURE

Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Product Details

  • Paperback: 384 pages
  • Publisher: Addison-Wesley Professional; 1 edition (August 11, 2007)
  • Language: English
  • ISBN-10: 0321437349
  • ISBN-13: 978-0321437341
  • Product Dimensions: 9.1 x 7.1 x 0.8 inches
  • Shipping Weight: 1.2 pounds (View shipping rates and policies)
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Best Sellers Rank: #1,615,348 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Peter Thermos is CTO of Palindrome Technologies, which provides information

security consulting services to government and commercial organizations.

Peter started his career at Bellcore (now Telcordia) as a member of the technical

staff and later as a principal technical expert on key information security and

assurance tasks. He is a frequent speaker at conferences and industry forums

including the IEEE, MIS, IEC, ISACA, VON, and others. Peter is also known

for his contributions to the security community for discovering software

vulnerabilities, the release of SiVuS (The First VoIP Vulnerability Scanner)

and the vopsecurity.org Forum. Peter holds a Masters Degree in Computer

Science from Columbia University where he is currently furthering his

graduate studies.

 

Ari Takanen is founder and CTO of Codenomicon. Since 1998, Ari has

focused on information security issues in next-generation networks and security

critical environments. He began at Oulu University Secure Programming Group

(OUSPG) as a contributing member to PROTOS research that studied information

security and reliability errors in WAP, SNMP, LDAP, and VoIP implementations.

Ari and his company, Codenomicon Ltd. provide and commercialize automated

tools using a systematic approach to test a multitude of interfaces on mission-critical

software, VoIP platforms, Internet-routing infrastructure, and 3G devices.

Codenomicon and the University of Oulu aim to ensure new technologies are

accepted by the general public, by providing means of measuring and ensuring

quality in networked software. Ari has been speaking at numerous security and

testing conferences on four continents and has been invited to speak at leading

universities and international corporations.

Excerpt. © Reprinted by permission. All rights reserved.

Preface

Preface

Communication between people has changed with the invention of the telephone. The ability to communicate across continents in real-time has also helped our society in several dimensions including entertainment, trade, finance, and defense. But this new capability did not come without an investment. Building an international telephony infrastructure has required the cooperation of both commercial and government organizations to evolve into what it is today. It has also led to the formation of international standard bodies that both direct and support the industry towards an interoperable communication networks.

IP networks are the next step from the traditional telecommunications. For a while, IP family of protocols was only used in the Internet, and the main applications were file transfers and e-mail. With the World Wide Web, the Internet changed into a global and always open information distribution channel. And finally with the advent of VoIP, the Internet is becoming a real-time communication media that integrates with all the earlier multimedia capabilities.

Traditional telecommunication networks are critical to the survival of our society. The PSTN is a closed network and its operational intricacies are known to a few select individuals who have devoted much of their lives to building it. Although operations in PSTN are not entirely a secret, they were and still remain proprietary for several reasons such as competitive advantage and national defense. The PSTN was and remains a closed infrastructure that concentrated its intelligence in its core network elements and left the edge devices very simplistic. The equipment and resources to operate a TDM network require a substantial financial investment. This lack of direct access to core network elements from subscribers and the high price of connectivity alleviated the risk for attacks. Ergo, subscribers demonstrate greater trust for communications through the PSTN compared to the Internet. This is a misconceived trust once you start analyzing the PSTN components and protocols and realize the lack of protection mechanisms.

In the earlier days of the Internet, security was appalling. The Internet was an open network where anyone could attack anyone anonymously and many of the attack tools were, and still are, available. As such, security research became a standard practice in government, commercial, and academic worlds with globally known research groups in organizations such as DARPA, DISA, CERIAS, MIT CIS, Bellcore, Bell Labs, and many others. Things became a bit more complicated with the transition of critical services such as telephony on the Internet along with other multimedia applications such as video and gaming. And due to the performance, availability, and privacy requirements of these applications, their security requires new approaches and methods compared to traditional IP security. Nevertheless the traditional security objectives apply such as confidentiality, integrity, and availability of services.

Before gaining the interest of the academia, the topic of Internet security has been a secret science, or not even a science. The security field was a competition between hackers and system administrators, in a constant race of "patch and penetrate." Very few people knew what they actually were fixing in the systems when they applied new security updates or patches. And very few hackers understood what the attack tools actually did when they penetrated the services they wanted access to. People spoke of threats, attacks, and security measures that needed to be applied to protect from these attacks. The actual core reasons that enabled the existence of the attacks were not understood. For most of the users of communication systems, these weaknesses were hidden in complex, hard-to- understand protocols and components used in the implementations.

VoIP has been discussed at length in many textbooks and thus we avoid long discussions of its origins and details on introductory concepts. Instead the book focuses on the details associated with the security of multimedia communications including VoIP. Our purpose is to extend your knowledge of vulnerabilities, attacks, and protection mechanisms of VoIP and generally Internet multimedia applications. We deviate from listing a series of security tools and products and instead provide detailed discussions on actual attacks and vulnerabilities in the network design, implementation, and configuration and protection mechanisms for signaling and media streams, architectural recommendations, and organizational strategy—thus enabling you to understand and implement the best countermeasures that are applicable to your environment.

The book is structured so that we start by briefly explaining VoIP networks, and then go through the threats, attacks, and vulnerabilities to enable you to understand how VoIP attacks are made possible and their impact. The book discusses in great detail various attacks (published and unpublished) for eavesdropping, unauthorized access, impersonation, and service disruption. These attacks are used as proof of concept, but at the same time they also expose the reader to real-life weaknesses and serve as a mechanism to promote comprehension. In addition, this book discusses VoIP vulnerabilities, their structure, and their categorization as they have been investigated in enterprise and carrier environments.

Following VoIP vulnerabilities and attacks, the book discusses in great detail a number of protection mechanisms. In order to protect against current and emerging threats, there a number of areas that need to be considered when deploying VoIP. The book provides extensive coverage on the intricacies, strengths, and limitations of the protection mechanisms including SIPS, H.235, SRTP, MIKEY, ZTP, and others. Furthermore, the book focuses on identifying a VoIP security framework as a starting point for enterprise networks and provides several recommendations. Security architectures in enterprise and carrier environments are also discussed.

This first edition of the book aims in establishing the landscape of the current state of VoIP security and provides an insight to administrators, architects, security professionals, management personnel, and students who are interested in understanding VoIP security in detail.



More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

4.5 out of 5 stars
5 star
2
4 star
2
3 star
0
2 star
0
1 star
0
See all 4 customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

10 of 10 people found the following review helpful By Stephen Northcutt on September 16, 2007
Format: Paperback
A quick read of the first 1/3 of the book will cure you of your doubts VoIP can be attacked forever! It was almost painful reading; exploit approach after exploit approach, but I mean that in a good way like the pain you feel in your muscles after exercise.

I was excited when this book came out, I have been following some of the author's Thermos and Takanen work and I think they were the perfect team for this book.

I feel that Chapter 3 and 4, threats and attacks and VoIP vulnerabilities are by far the strongest chapters and they alone are worth the purchase price of the book.

The majority of the rest of the book is focused on mitigating controls and it is solid writing, solid research, but not quite at the level of the pen test side of the book.

Chapters 10 and 11 are invaluable to anyone considering a VoIP deployment including a deployment where you are depending on a service provider. The charts and diagrams are clear and easy to understand, the whole book team is to be commended for that, this is a complex subject.

If you are even thinking about VoIP, you should read this book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 3 people found the following review helpful By sixmonkeyjungle on April 21, 2008
Format: Paperback
There are many benefits to VoIP and IP-based communications. However, relying on your network infrastructure to transport your telephone communications renders your telecommunications vulnerable to virtually all of the same issues and threats as your network. On top of that, there are also unique attack vectors introduced by VoIP. As organizations race to deploy VoIP and experience the benefits, most would probably benefit from slowing down to consider the security implications and develop appropriate controls to protect their communications.

In Security VoIP Networks: Threats, Vulnerabilities, and Countermeasures, authors Peter Thermos and Ari Takanen do a superb job of illustrating the insecurities of VoIP. Not to suggest that it is just so inherently insecure that it should never be used, but C-level execs, and IT managers and administrators should be familiar with the information in this book before moving forward to deploy VoIP.

Chapter 2, 'VoIP Architecture and Protocols', provides a solid foundation on the basic components and technologies that make up VoIP. It is the next couple chapters that are the most valuable though. In 'VoIP Vulnerabilities', and 'Threats and Attacks', Thermos and Takanen demonstrate the weaknesses of VoIP and the simplicity with which VoIP communications can be disrupted or intercepted if not set up properly.

Chapters 5 - 8 analyze different security controls and protection mechanisms. One issue I had was that it was difficult to draw a one-to-one correlation and find the security countermeasures to defend against attacks identified earlier. The information is solid though.

The book wraps up by providing a look at what a VoIP security framework should entail, and architecture diagrams to help you create and deploy a secure VoIP solution.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 7 people found the following review helpful By B. Robert Helm on November 15, 2007
Format: Paperback
This book was useful for understanding VoIP security protocols, including somewhat obscure ones such as SIP over TLS. The threats section looks like it will be valuable for convincing managers to take VoIP security seriously. I used the book to evaluate Microsoft's new VoIP products (I work for an analyst firm, Directions on Microsoft, that covers the company) and found it very helpful.

I wish that the book were organized to relate the threats and attacks to the countermeasures more clearly -- I find it easier to understand a security protocol when someone shows me what attacks it can and can't block. I'd like to see a book like this that focuses on SIP/RTP VoIP in more depth and leaves out H.323 -- I know H.323 is more widely deployed, but SIP/RTP seems to be where the big vendors are headed. Still, these are minor quibbles -- I would recommend this book to anyone who needs an introduction to VoIP network security.

Rob Helm
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
0 of 1 people found the following review helpful By J. Turner on November 12, 2011
Format: Paperback Verified Purchase
This is a Great book for fundamental understanding of VoIP security. I recommend this book for anyone looking to learn baseline technology.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images

Search