Re: Seeking Information regarding VoIP security Assessment

[Abhishek Kumar <abhishek.luck () gmail com>]

> http://www.amazon.com/Hacking-VoIP-Protocols-Attacks-Countermeasures/dp/1593271638/ref=sr_1_5?ie=UTF8&s=books&qid=1255539821&sr=1-5

Its really a good book giving you the practical aspects of VoIP
communication and its security.

@Jon.Kible, thank you for suggesting this book.

I would appreciate if you could suggest more materials like this

regards
abhi

On Wed, Oct 14, 2009 at 10:35 PM, Jon Kibler <Jon.Kibler () aset com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Abhishek Kumar wrote:
> > Dear list,
> >
> > Can I have some resource materials for VoIP security and its Assessment ??
> >
> > regards
> > abhi
>
> What do you mean by VoIP security? SIPS/SRTP?
>
> VoIP has so very many security issues as to be almost laughable. There are so
> many VoIP issues that I would not know where to begin -- ranging any where from
> MiTM (ARP spoofing, capture and replay, etc.) and authentication and
> authorization, to RTP injection and ... I could go on forever, almost.
>
> Bottom line: VoIP, as implemented today, is a clear-text protocol (unless you
> are tunneling SIP and RTP through IPSec). It has all the equivalent security
> issues of any clear text protocol, such as FTP (actually, TFTP may be a better
> comparison).
>
> If you should be one of the rare organizations using SIPS/SRTP, there are still
> a ton of security issues (for example, SRTP setup in the clear). There are also
> incredible interop issues if you are using SIPS/SRTP.
>
> I just finished a 9 month VoIP project. I can assure you that VoIP security is a
> major nightmare. It is *not* a pretty picture! For a decent introduction to the
> low hanging fruit of VoIP security, I recommend:
> http://www.amazon.com/Hacking-VoIP-Protocols-Attacks-Countermeasures/dp/1593271638/ref=sr_1_5?ie=UTF8&s=books&qid=1255539821&sr=1-5
>
> I Hope this helps!
>
> Jon
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> c: 843-813-2924
> s: 843-564-4224
> s: JonRKibler
> e: Jon.Kibler () aset com
> e: Jon.R.Kibler () gmail com
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrWBNcACgkQUVxQRc85QlNbXwCgljTbySwlVM88scy4QOsPma3f
> UnkAn2UKVoPG1/Gv28KZKihA+E5IoCxN
> =GSEI
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------