This is a story of VoIP security, a disgruntled employee and the trouble that can be caused in an unsecured environment. The presentation is done in a minimalist style popularized by Professor Lawrence Lessig. The 248 slides were presented in about 15 minutes at ClueCon 2009 in Chicago on August 5, 2009. A video recording will be made available and an update will be posted here. Do note that I did give an older version of this talk at ETel 2007 as "The Black Bag Security Review".

1. The Security
Saga of
SysAdmin Steve
Dan York, CISSP
ClueCon 2009
ClueCon 2009 – Dan York

2. Once upon a
time...
ClueCon 2009 – Dan York

3. big company
ClueCon 2009 – Dan York

4. smaller company
ClueCon 2009 – Dan York

5. SysAdmin Steve
ClueCon 2009 – Dan York

6. promotion
ClueCon 2009 – Dan York

7. IT
ClueCon 2009 – Dan York

8. phones, too!
ClueCon 2009 – Dan York

9. new VoIP system
ClueCon 2009 – Dan York

10. net head
ClueCon 2009 – Dan York

11. V
ClueCon 2009 – Dan York

12. Voice
ClueCon 2009 – Dan York

13. SIP
ClueCon 2009 – Dan York

14. open standard
ClueCon 2009 – Dan York

15. Security
Isn’t
Possible
ClueCon 2009 – Dan York

16. education
ClueCon 2009 – Dan York

17. PSTN
SIP Service
Provider
Internet
IP-PBX
LAN
ClueCon 2009 – Dan York

18. cheap
ClueCon 2009 – Dan York

19. merged
ClueCon 2009 – Dan York

20. quit
ClueCon 2009 – Dan York

21. ?
ClueCon 2009 – Dan York

22. new IT staff
ClueCon 2009 – Dan York

23. Juvenile Joe
ClueCon 2009 – Dan York

24. BOFH
ClueCon 2009 – Dan York

25. read e-mail
ClueCon 2009 – Dan York

26. monitor
ClueCon 2009 – Dan York

27. comment
ClueCon 2009 – Dan York

28. playground
ClueCon 2009 – Dan York

29. exploit chaos
ClueCon 2009 – Dan York

30. fun
ClueCon 2009 – Dan York

31. ultimate truism
ClueCon 2009 – Dan York

32. voice = packets
ClueCon 2009 – Dan York

33. packets = bits
ClueCon 2009 – Dan York

34. bits can be
manipulated
ClueCon 2009 – Dan York

35. “VoIP security
tools”
ClueCon 2009 – Dan York

36. tools, tools, tools
ClueCon 2009 – Dan York

37. voipsa.org
ClueCon 2009 – Dan York

38. hackingvoip.com
ClueCon 2009 – Dan York

39. sectools.org
ClueCon 2009 – Dan York

40. tools, tools, tools
ClueCon 2009 – Dan York

41. good
ClueCon 2009 – Dan York

42. evil
ClueCon 2009 – Dan York

43. test/defend
ClueCon 2009 – Dan York

44. attack
ClueCon 2009 – Dan York

45. perspective
ClueCon 2009 – Dan York

46. white hat
ClueCon 2009 – Dan York

47. black hat
ClueCon 2009 – Dan York

48. wireshark
ClueCon 2009 – Dan York

49. ClueCon 2009 – Dan York

50. cain & abel
ClueCon 2009 – Dan York

51. RTP
ClueCon 2009 – Dan York

52. WAV
ClueCon 2009 – Dan York

53. MP3s
ClueCon 2009 – Dan York

54. iPod
ClueCon 2009 – Dan York

55. 2-hour commute
ClueCon 2009 – Dan York

56. corporate
conversations
ClueCon 2009 – Dan York

57. personal
iPod
ClueCon 2009 – Dan York

58. corporate
conversations
ClueCon 2009 – Dan York

59. personal
iPod
ClueCon 2009 – Dan York

60. (scared yet?)
ClueCon 2009 – Dan York

61. conversations
ClueCon 2009 – Dan York

62. PIN
ClueCon 2009 – Dan York

63. voicemail PINs
ClueCon 2009 – Dan York

64. banking PINs
ClueCon 2009 – Dan York

65. DTMF decoder
ClueCon 2009 – Dan York

66. (fun stuff, eh?)
ClueCon 2009 – Dan York

67. Teleworker Ted
ClueCon 2009 – Dan York

68. envy
ClueCon 2009 – Dan York

69. grudge
ClueCon 2009 – Dan York

70. hang up Ted
ClueCon 2009 – Dan York

71. cell phone
ClueCon 2009 – Dan York

72. devious
ClueCon 2009 – Dan York

73. mix in new
background
ClueCon 2009 – Dan York

74. amusement park
ClueCon 2009 – Dan York

75. screaming kids
ClueCon 2009 – Dan York

76. dog
ClueCon 2009 – Dan York

77. Ted’s dog
ClueCon 2009 – Dan York

78. endless barking
ClueCon 2009 – Dan York

79. no clue
ClueCon 2009 – Dan York

80. Process Paul
ClueCon 2009 – Dan York

81. new rules
ClueCon 2009 – Dan York

82. worked late
ClueCon 2009 – Dan York

83. wife
ClueCon 2009 – Dan York

84. female
ClueCon 2009 – Dan York

85. ???
ClueCon 2009 – Dan York

86. no clue
ClueCon 2009 – Dan York

87. insecure firewall
ClueCon 2009 – Dan York

88. family
ClueCon 2009 – Dan York

89. SIP softphone
ClueCon 2009 – Dan York

90. free long distance
ClueCon 2009 – Dan York

91. (toll fraud)
ClueCon 2009 – Dan York

92. Board
conf calls
ClueCon 2009 – Dan York

93. revenues in the
tank
ClueCon 2009 – Dan York

94. only hope
ClueCon 2009 – Dan York

95. acquisition
ClueCon 2009 – Dan York

96. IT outsourced
ClueCon 2009 – Dan York

97. job
ClueCon 2009 – Dan York

98. (Uh-oh)
ClueCon 2009 – Dan York

99. war
ClueCon 2009 – Dan York

100. SIP trunk
ClueCon 2009 – Dan York

101. unencrypted
ClueCon 2009 – Dan York

102. sniff CID
ClueCon 2009 – Dan York

103. lawyers
ClueCon 2009 – Dan York

104. CFO
ClueCon 2009 – Dan York

105. SIP Redirect
ClueCon 2009 – Dan York

106. random extension
ClueCon 2009 – Dan York

107. shipping
ClueCon 2009 – Dan York

108. HR
ClueCon 2009 – Dan York

109. labs
ClueCon 2009 – Dan York

110. kitchen
ClueCon 2009 – Dan York

111. ?
ClueCon 2009 – Dan York

112. acquire?
ClueCon 2009 – Dan York

113. @#$@?%$!
ClueCon 2009 – Dan York

114. SysAdmin Steve
ClueCon 2009 – Dan York

115. fix it
ClueCon 2009 – Dan York

116. DoS
ClueCon 2009 – Dan York

117. BYE
ClueCon 2009 – Dan York

118. hang up CEO
ClueCon 2009 – Dan York

119. set reload
ClueCon 2009 – Dan York

120. erase SIP
registration
ClueCon 2009 – Dan York

121. no clue
ClueCon 2009 – Dan York

122. packet flood
ClueCon 2009 – Dan York

123. degrade
ClueCon 2009 – Dan York

124. cell phones
ClueCon 2009 – Dan York

125. acquire?
ClueCon 2009 – Dan York

126. @#$@?%$!
ClueCon 2009 – Dan York

127. SysAdmin Steve
ClueCon 2009 – Dan York

128. fix it
ClueCon 2009 – Dan York

129. 3 strikes
ClueCon 2009 – Dan York

130. investigation
ClueCon 2009 – Dan York

131. truth
ClueCon 2009 – Dan York

132. discovered
ClueCon 2009 – Dan York

133. heart attack
ClueCon 2009 – Dan York

134. corporate
conversations
ClueCon 2009 – Dan York

135. SIP trunk
ClueCon 2009 – Dan York

136. unencrypted
ClueCon 2009 – Dan York

137. public Internet
ClueCon 2009 – Dan York

138. clear
ClueCon 2009 – Dan York

139. call records
ClueCon 2009 – Dan York

140. public Internet
ClueCon 2009 – Dan York

141. cleartext
ClueCon 2009 – Dan York

142. (not good)
ClueCon 2009 – Dan York

143. plan
ClueCon 2009 – Dan York

144. Fire Joe!
ClueCon 2009 – Dan York

145. defense in depth
ClueCon 2009 – Dan York

146. layers
ClueCon 2009 – Dan York

147. encryption
ClueCon 2009 – Dan York

148. SRTP
ClueCon 2009 – Dan York

149. TLS / DTLS
ClueCon 2009 – Dan York

150. ZRTP
ClueCon 2009 – Dan York

151. voice
ClueCon 2009 – Dan York

152. call control
ClueCon 2009 – Dan York

153. LAN
ClueCon 2009 – Dan York

154. SIP trunk
ClueCon 2009 – Dan York

155. clueless
ClueCon 2009 – Dan York

156. new provider
ClueCon 2009 – Dan York

157. call accounting
ClueCon 2009 – Dan York

158. IP network
ClueCon 2009 – Dan York

159. VLANs
ClueCon 2009 – Dan York

160. IDS/IPS
ClueCon 2009 – Dan York

161. monitoring
ClueCon 2009 – Dan York

162. rate throttling
ClueCon 2009 – Dan York

163. secure perimeter
ClueCon 2009 – Dan York

164. firewall traversal
ClueCon 2009 – Dan York

165. firmware
ClueCon 2009 – Dan York

166. o/s patches
ClueCon 2009 – Dan York

167. disable services
ClueCon 2009 – Dan York

168. die,
default
passwords,
die, die, die
ClueCon 2009 – Dan York

169. layers
ClueCon 2009 – Dan York

170. secure VoIP
ClueCon 2009 – Dan York

171. caveat
ClueCon 2009 – Dan York

172. internal
ClueCon 2009 – Dan York

173. disgruntled
ClueCon 2009 – Dan York

174. x%?
ClueCon 2009 – Dan York

175. compromised
servers
ClueCon 2009 – Dan York

176. spyware
ClueCon 2009 – Dan York

177. unsecured WiFi
ClueCon 2009 – Dan York

178. (checked your
parking lot
lately?)
ClueCon 2009 – Dan York

179. offline analysis
ClueCon 2009 – Dan York

180. SIP trunk
ClueCon 2009 – Dan York

181. $$$
ClueCon 2009 – Dan York

182. security
ClueCon 2009 – Dan York

183. Botnet Bob
ClueCon 2009 – Dan York

184. zombies
ClueCon 2009 – Dan York

185. fun
ClueCon 2009 – Dan York

186. profit
ClueCon 2009 – Dan York

187. Criminal Chris
ClueCon 2009 – Dan York

188. espionage
ClueCon 2009 – Dan York

189. identity theft
ClueCon 2009 – Dan York

190. human replay
attack
ClueCon 2009 – Dan York

191. Spammer Sue
ClueCon 2009 – Dan York

192. SPIT
ClueCon 2009 – Dan York

193. 1,000s of calls
ClueCon 2009 – Dan York

194. “significant
event”
ClueCon 2009 – Dan York

195. Congressman
ClueCon 2009 – Dan York

196. mistress
ClueCon 2009 – Dan York

197. public official
ClueCon 2009 – Dan York

198. porn line
ClueCon 2009 – Dan York

199. identity theft
ClueCon 2009 – Dan York

200. 13-yr-old
ClueCon 2009 – Dan York

201. Wall St. Journal
ClueCon 2009 – Dan York

202. “VOIP IS
INSECURE”
ClueCon 2009 – Dan York

203. “(stupid) VOIP IS
INSECURE”
ClueCon 2009 – Dan York

204. “VOIP IS
INSECURE”
ClueCon 2009 – Dan York

205. moral
ClueCon 2009 – Dan York

206. VoIP *can* be
secure
ClueCon 2009 – Dan York

207. VoIP can be
MORE secure
than PSTN
ClueCon 2009 – Dan York

208. (red button,
anyone?)
ClueCon 2009 – Dan York

209. work
ClueCon 2009 – Dan York

210. plan
ClueCon 2009 – Dan York

211. questions
ClueCon 2009 – Dan York

212. education
ClueCon 2009 – Dan York

213. voipsa.org
ClueCon 2009 – Dan York

214. VOIPSA Threat
Taxonomy
ClueCon 2009 – Dan York

215. VOIPSA
Best Practices
ClueCon 2009 – Dan York

216. VOIPSEC
mailing list
ClueCon 2009 – Dan York

217. blueboxpodcast.com
ClueCon 2009 – Dan York

218. ClueCon 2009 – Dan York

219. (If you aren’t
reading them, be
aware the
attackers *are*)
ClueCon 2009 – Dan York

220. defense in depth
ClueCon 2009 – Dan York

221. layers and layers
ClueCon 2009 – Dan York

222. voice
ClueCon 2009 – Dan York

223. call control
ClueCon 2009 – Dan York

224. SIP trunks
ClueCon 2009 – Dan York

225. management
interfaces / APIs
ClueCon 2009 – Dan York

226. PSTN
interfaces
ClueCon 2009 – Dan York

227. PSTN
ClueCon 2009 – Dan York

228. VoIP = IP + PSTN
ClueCon 2009 – Dan York

229. it’s the network,
stupid
ClueCon 2009 – Dan York

230. cloud
ClueCon 2009 – Dan York

231. IP network
ClueCon 2009 – Dan York

232. voice = packets
ClueCon 2009 – Dan York

233. packets = bits
ClueCon 2009 – Dan York

234. bits can be
manipulated
ClueCon 2009 – Dan York

235. VoIP *can* be
secure
ClueCon 2009 – Dan York

236. work
ClueCon 2009 – Dan York

237. plan
ClueCon 2009 – Dan York

238. SysAdmin Steve?
ClueCon 2009 – Dan York

239. happily ever
after?
ClueCon 2009 – Dan York

240. acquisition?
ClueCon 2009 – Dan York

241. job?
ClueCon 2009 – Dan York

242. CIO?
ClueCon 2009 – Dan York

243. another story
ClueCon 2009 – Dan York

244. To be continued...
ClueCon 2009 – Dan York

245. The End
(or is it the beginning?)
ClueCon 2009 – Dan York

246. Please practice
safe VoIP!
ClueCon 2009 – Dan York

247. Q&A
www.voipsa.org
www.voipsa.org/blog
www.blueboxpodcast.com
blogs.voxeo.com
ClueCon 2009 – Dan York

248. Thank you
(Please practice safe VoIP!)
ClueCon 2009 – Dan York