Security Basics mailing list archives
Re: Seeking Information regarding VoIP security Assessment
From: Abhishek Kumar <abhishek.luck () gmail com>
Date: Thu, 15 Oct 2009 11:52:13 +0530
http://www.amazon.com/Hacking-VoIP-Protocols-Attacks-Countermeasures/dp/1593271638/ref=sr_1_5?ie=UTF8&s=books&qid=1255539821&sr=1-5
Its really a good book giving you the practical aspects of VoIP communication and its security. @Jon.Kible, thank you for suggesting this book. I would appreciate if you could suggest more materials like this regards abhi On Wed, Oct 14, 2009 at 10:35 PM, Jon Kibler <Jon.Kibler () aset com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Abhishek Kumar wrote:Dear list, Can I have some resource materials for VoIP security and its Assessment ?? regards abhiWhat do you mean by VoIP security? SIPS/SRTP? VoIP has so very many security issues as to be almost laughable. There are so many VoIP issues that I would not know where to begin -- ranging any where from MiTM (ARP spoofing, capture and replay, etc.) and authentication and authorization, to RTP injection and ... I could go on forever, almost. Bottom line: VoIP, as implemented today, is a clear-text protocol (unless you are tunneling SIP and RTP through IPSec). It has all the equivalent security issues of any clear text protocol, such as FTP (actually, TFTP may be a better comparison). If you should be one of the rare organizations using SIPS/SRTP, there are still a ton of security issues (for example, SRTP setup in the clear). There are also incredible interop issues if you are using SIPS/SRTP. I just finished a 9 month VoIP project. I can assure you that VoIP security is a major nightmare. It is *not* a pretty picture! For a decent introduction to the low hanging fruit of VoIP security, I recommend: http://www.amazon.com/Hacking-VoIP-Protocols-Attacks-Countermeasures/dp/1593271638/ref=sr_1_5?ie=UTF8&s=books&qid=1255539821&sr=1-5 I Hope this helps! Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 s: JonRKibler e: Jon.Kibler () aset com e: Jon.R.Kibler () gmail com http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrWBNcACgkQUVxQRc85QlNbXwCgljTbySwlVM88scy4QOsPma3f UnkAn2UKVoPG1/Gv28KZKihA+E5IoCxN =GSEI -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Lim Ming Wei (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Jon Kibler (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment Nikhil Wagholikar (Oct 14)
- RE: Seeking Information regarding VoIP security Assessment SOC (Oct 14)
- Message not available
- Re: Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment J. Oquendo (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Ivan . (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment Abhishek Kumar (Oct 14)
- Re: Seeking Information regarding VoIP security Assessment Rick Zhong (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment DiPo (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment J. Oquendo (Oct 15)
- Re: Seeking Information regarding VoIP security Assessment DiPo (Oct 15)