SlideShare a Scribd company logo

Hacking VoIP Systems: What You Need to Worry About

Dan York
Dan York

Presentation by Dan York at AstriCon 2007 about how to secure VoIP systems with a focus on the Asterisk open source PBX. The presentation outlines the issues involved with VoIP security, the tools out there to attack/test VoIP systems, best practices to defend against attacks and ends with some specific security recommendations for Asterisk. Audio will soon be available at http://www.blueboxpodcast.com/ (and will be synced to this presentation).

BusinessTechnology
1 of 32
Download to read offline
Hacking and Attacking VoIP Systems What You Need To Worry About Dan York, CISSP VOIPSA Best Practices Chair September 27, 2007
Privacy Availability Compliance Confidence Mobility Cost Avoidance Business Continuity © 2007 VOIPSA and Owners as Marked p.
© 2007 VOIPSA and Owners as Marked p.
© 2007 VOIPSA and Owners as Marked p.
© 2007 VOIPSA and Owners as Marked p.
TDM security is relatively simple... PSTN Gateways TDM Switch Physical Wiring Voicemail © 2007 VOIPSA and Owners as Marked p.
VoIP security is more complex Desktop Operating PSTN E-mail PCs Systems Gateways Systems Network Web Firewalls Switches Servers Standards PDAs Voice over Wireless IP Devices Instant Messaging Directories Internet Databases Physical Voicemail Wiring © 2007 VOIPSA and Owners as Marked p.
What is the Industry Doing to Help? Security Vendors VoIP Vendors “The Sky Is Falling!” “Don’t Worry, Trust Us!” (Buy our products!) (Buy our products!) © 2007 VOIPSA and Owners as Marked p.
Voice Over IP Security Alliance (VOIPSA) • www.voipsa.org – 100 members from VoIP and security industries • VOIPSEC mailing list – www.voipsa.org/VOIPSEC/ • “Voice of VOIPSA” Blog – www.voipsa.org/blog • Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com • VoIP Security Threat Taxonomy • Best Practices Project underway now Security Research Market and Social Classification Best Practices Outreach Objectives and Taxonomy of for VoIP Communication Constraints Security Threats Security of Findings Security System Testing Published Active Now Ongoing LEGEND © 2007 VOIPSA and Owners as Marked p.
VoIP Security
Security concerns in telephony are not new… Image courtesy of the Computer History Museum © 2007 VOIPSA and Owners as Marked p.
Nor are our attempts to protect against threats… Image courtesy of Mike Sandman – http://www.sandman.com/ © 2007 VOIPSA and Owners as Marked p.
Security Aspects of IP Telephony Media / Voice Manage TCP/IP Call ment Network Control PSTN Policy © 2007 VOIPSA and Owners as Marked p.
Media Eavesdropping Degraded Voice Quality Encryption Virtual LANs (VLANs) Packet Filtering © 2007 VOIPSA and Owners as Marked p.
Signaling Denial of Service Impersonation Toll Fraud Encryption Encrypted Phone Software Proper Programming © 2007 VOIPSA and Owners as Marked p.
Management Web Interfaces APIs! Phones! Encryption Change Default Passwords! Patches? We don’t need... © 2007 VOIPSA and Owners as Marked p.
PSTN © 2007 VOIPSA and Owners as Marked p.
LAN Internet © 2007 VOIPSA and Owners as Marked p.
What about SPIT? (“SPam over Internet Telephony”) • Makes for great headlines, but not yet a significant threat • Fear is script/tool that: –Iterates through calling SIP addresses: • 111@sip.company.com, 112@sip.company.com, … • Opens an audio stream if call is answered (by person or voicemail) –Steals VoIP credentials and uses account to make calls SPAM • Reality is that today such direct connections are generally not allowed • This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls from any other IP endpoint) • Until that time, Telemarketers have to initiate unsolicited calls through the PSTN to reach their primary market: slows them down and adds cost © 2007 VOIPSA and Owners as Marked p.
The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN © 2007 VOIPSA and Owners as Marked p.
VoIP Security Tools
www.voipsa.org/Resources/tools.php www.hackingvoip.com © 2007 VOIPSA and Owners as Marked p.
© 2007 VOIPSA and Owners as Marked p.
Tools, tools, tools... • UDP Flooder • Asteroid • IAX Flooder • enumIAX • IAX Enumerator • iWar • ohrwurm RTP Fuzzer • StegRTP • RTP Flooder • VoiPong • INVITE Flooder • Web Interface for SIP Trace • AuthTool • SIPScan • BYE Teardown • SIPCrack • Redirect Poison • SiVuS • Registration Hijacker • SIPVicious Tool Suite • Registration Eraser • SIPBomber • RTP InsertSound • SIPsak • RTP MixSound • SIP bot • SPITTER © 2007 VOIPSA and Owners as Marked p.
Asterisk & Security
www.asterisk.org/security © 2007 VOIPSA and Owners as Marked p.
Security Suggestions for Asterisk 1. TLS-encrypted SIP • needs SIP over TCP first... 2. Secure RTP (SRTP) • there’s a patch 3. SRTP Key Exchange • sdescriptions now, DTLS or potentially ZRTP in the future If Asterisk is configured to use 4. Figure out the phone configuration mess IMAP as its backend storage for • so that the web servers on the phones can be disabled voicemail, then an e-mail sent to a • auto configuration is a start, but how secure are the config files? user with an invalid/corrupted MIME body will cause Asterisk to crash 5. Identity when the user listens to their • RFC 4474 (SIP Identity) voicemail using the phone. 6. Watch out for the APIs and the apps • always fun when a rolodex app can crash your phone system! 7. Toll fraud?? 8. Testing with tools? © 2007 VOIPSA and Owners as Marked p.
Resources
Security Links • VoIP Security Alliance - http://www.voipsa.org/ –Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php –VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ –Weblog - http://www.voipsa.org/blog/ –Security Tools list - http://www.voipsa.org/Resources/tools.php –Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com • NIST SP800-58, “Security Considerations for VoIP Systems” – http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf • Network Security Tools – http://sectools.org/ • Hacking Exposed VoIP site and tools – http://www.hackingvoip.com/ © 2007 VOIPSA and Owners as Marked p.
Q&eh? www.voipsa.org
Speaker Introduction – Dan York Dan York, CISSP, is the Best Practices Chair for the VOIP Security Alliance where he leads the project to develop and document a concise set of industry-wide best practices for security VoIP systems. He is also heading up VOIPSA's move into quot;social mediaquot; with the launch of the Voice of VOIPSA group weblog. Additionally, York is the producer of Blue Box: The VoIP Security Podcast where each week he and co-host Jonathan Zar discuss VoIP security news and interview people involved in the field. Most recently he served as Director of IP Technology reporting to the CTO of Mitel Corporation and focused on emerging VoIP technology and VoIP security. As chair of Mitel's Product Security Team, he coordinates the efforts of a cross-functional group to communicate both externally and internally on VoIP security issues, respond to customer inquiries related to security, investigate security vulnerability reports, and monitor security standards and trends. Previously, York served in Mitel Product Management bringing multiple products to market including Mitel's secure VoIP Teleworker Solution in 2003. His writing can also be found online at his weblog, Disruptive Telephony. © 2007 VOIPSA and Owners as Marked p.
Other Best Practices Media / Voice TCP/IP Manage Call Network • Network ment Control Policy PSTN –Networks should be evaluated for readiness to carry VoIP traffic. –Secure mechanisms should be used for traversal of firewalls. • Phone Sets –Set software loads should be encrypted and tamper-proof. –Sets should run the minimum of services required. –Connection of a set to the system must require an initial authentication and authorization. • Servers –Servers should be incorporated into appropriate patch management and anti-virus systems. –Sufficient backup power should be available to maintain operation of telephony devices (and necessary network infrastructure) in the event of a power failure. • Wireless –All wireless devices should implement WPA and/or WPA2 versus WEP. © 2007 VOIPSA and Owners as Marked p.

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
smart ms voip for lte networks
smart ms voip for lte networkssmart ms voip for lte networks
smart ms voip for lte networksStreamWIDE
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
smart ms voip for lte networks
smart ms voip for lte networkssmart ms voip for lte networks
smart ms voip for lte networksStreamWIDE
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Securityn|u - The Open Security Community
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
VOIP security
VOIP securityVOIP security
VOIP securityRohit Gurjar
 
PBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Corporation
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenFatih Ozavci
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation tofael1
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 
Sangoma SBC Training Presentation
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training PresentationEmpatiq İletişim Teknolojileri AŞ.
 
Điện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetĐiện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetNam TruongGiang
 
Voip introduction
Voip introductionVoip introduction
Voip introductiondaksh bhatt
 
Voip
VoipVoip
VoipHarry Sunarsa
 
Voip
VoipVoip
VoipZohaib Hussain
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?broadconnect
 
Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatilsMostain Billah
 
AudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateAudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateJohn D'Annunzio
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIPPaloSanto Solutions
 
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesDan York
 
Sip termination providers
Sip termination providersSip termination providers
Sip termination providerscall2customernet
 

More Related Content

What's hot

Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
PBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Corporation
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenFatih Ozavci
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation tofael1
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 
Điện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetĐiện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetNam TruongGiang
 
Voip introduction
Voip introductionVoip introduction
Voip introductiondaksh bhatt
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?broadconnect
 
Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatilsMostain Billah
 
AudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateAudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateJohn D'Annunzio
 

What's hot (20)

Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP Gateways
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Security
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
VOIP security
VOIP securityVOIP security
VOIP security
 
PBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales Presentation
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers Awaken
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
 
Sangoma SBC Training Presentation
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training Presentation
 
Điện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetĐiện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheet
 
Voip introduction
Voip introductionVoip introduction
Voip introduction
 
Voip
VoipVoip
Voip
 
Voip
VoipVoip
Voip
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?
 
Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatils
 
AudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateAudioCodes Session Border Controller Update
AudioCodes Session Border Controller Update
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIP
 

Viewers also liked

E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesDan York
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.Sumutiu Marius
 
LONG_Dong_CV
LONG_Dong_CVLONG_Dong_CV
LONG_Dong_CVdong long
 
Viproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiViproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiFatih Ozavci
 
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Mostafa El-Beheiry
 
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiOzgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiFatih Ozavci
 
Security Challenges In VoIP
Security Challenges In VoIPSecurity Challenges In VoIP
Security Challenges In VoIPTomGilis
 
Risk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back DoorRisk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back DoorRisk Crew
 
Fun with Linux Telephony
Fun with Linux TelephonyFun with Linux Telephony
Fun with Linux TelephonyDonald Burr
 
Conceptos básicos de telefonía
Conceptos básicos de telefoníaConceptos básicos de telefonía
Conceptos básicos de telefoníae-Contact LATAM
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpointGW1992
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)habib_786
 
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)Olle E Johansson
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia
 

Viewers also liked (16)

E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
 
Sip termination providers
Sip termination providersSip termination providers
Sip termination providers
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
 
LONG_Dong_CV
LONG_Dong_CVLONG_Dong_CV
LONG_Dong_CV
 
Viproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiViproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik Denetimi
 
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
 
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiOzgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
 
Security Challenges In VoIP
Security Challenges In VoIPSecurity Challenges In VoIP
Security Challenges In VoIP
 
Risk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back DoorRisk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back Door
 
Fun with Linux Telephony
Fun with Linux TelephonyFun with Linux Telephony
Fun with Linux Telephony
 
Conceptos básicos de telefonía
Conceptos básicos de telefoníaConceptos básicos de telefonía
Conceptos básicos de telefonía
 
Migration to FreePBX
Migration to FreePBXMigration to FreePBX
Migration to FreePBX
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpoint
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)
 
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, English
 

Similar to Hacking VoIP Systems: What You Need to Worry About

SIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkSIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkDan York
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...SSA KPI
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...IMEX Research
 
Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa Data
 
Explanation of voip
Explanation of voipExplanation of voip
Explanation of voiphuntysen
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 PraesentationSophan_Pheng
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centersscarisbrick
 
Solving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsSolving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsChristina Inge
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technicalImranD1
 
Introduction To Xener Systems
Introduction To Xener SystemsIntroduction To Xener Systems
Introduction To Xener SystemsGuisun Han
 
Network Storage: State of the Industry
Network Storage: State of the IndustryNetwork Storage: State of the Industry
Network Storage: State of the IndustryIMEX Research
 
3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_DempseyFOMS011
 
Ultima - Mobile Data Security
Ultima - Mobile Data SecurityUltima - Mobile Data Security
Ultima - Mobile Data Securitytrickey270
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Newlink
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Newlink
 
Core Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondCore Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondRadisys Corporation
 

Similar to Hacking VoIP Systems: What You Need to Worry About (20)

SIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkSIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise Network
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
 
Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013
 
Explanation of voip
Explanation of voipExplanation of voip
Explanation of voip
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
 
Solving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsSolving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open Standards
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technical
 
Introduction To Xener Systems
Introduction To Xener SystemsIntroduction To Xener Systems
Introduction To Xener Systems
 
S series presentation
S series presentationS series presentation
S series presentation
 
Hosted Contact Centre Security
Hosted Contact Centre SecurityHosted Contact Centre Security
Hosted Contact Centre Security
 
Network Storage: State of the Industry
Network Storage: State of the IndustryNetwork Storage: State of the Industry
Network Storage: State of the Industry
 
3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey
 
Ultima - Mobile Data Security
Ultima - Mobile Data SecurityUltima - Mobile Data Security
Ultima - Mobile Data Security
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02
 
Core Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondCore Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & Beyond
 
Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008
 

More from Dan York

Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Dan York
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?Dan York
 
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?Dan York
 
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Dan York
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDan York
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
 
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...Dan York
 
How IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItHow IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItDan York
 
SIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and SecuritySIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and SecurityDan York
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveDan York
 
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLOSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLDan York
 
IP Telephony Security 101
IP Telephony Security 101IP Telephony Security 101
IP Telephony Security 101Dan York
 
Recording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeRecording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeDan York
 
BLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationBLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationDan York
 
ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)Dan York
 

More from Dan York (15)

Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
 
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
 
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
 
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
 
How IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItHow IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About It
 
SIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and SecuritySIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and Security
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin Steve
 
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLOSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
 
IP Telephony Security 101
IP Telephony Security 101IP Telephony Security 101
IP Telephony Security 101
 
Recording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeRecording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/Skype
 
BLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationBLISS Problem Statement and Motivation
BLISS Problem Statement and Motivation
 
ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)
 

Recently uploaded

Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxShruti Mittal
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSendBig4
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Pitch deck sample detail for New Business Proposal
Pitch deck sample detail for New Business ProposalPitch deck sample detail for New Business Proposal
Pitch deck sample detail for New Business ProposalEvelina300651
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesDavidSamuel525586
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditNhtLNguyn9
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 

Recently uploaded (20)

Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptx
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.com
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Pitch deck sample detail for New Business Proposal
Pitch deck sample detail for New Business ProposalPitch deck sample detail for New Business Proposal
Pitch deck sample detail for New Business Proposal
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in Philippines
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal audit
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 

Hacking VoIP Systems: What You Need to Worry About

  • 1. Hacking and Attacking VoIP Systems What You Need To Worry About Dan York, CISSP VOIPSA Best Practices Chair September 27, 2007
  • 2. Privacy Availability Compliance Confidence Mobility Cost Avoidance Business Continuity © 2007 VOIPSA and Owners as Marked p.
  • 3. © 2007 VOIPSA and Owners as Marked p.
  • 4. © 2007 VOIPSA and Owners as Marked p.
  • 5. © 2007 VOIPSA and Owners as Marked p.
  • 6. TDM security is relatively simple... PSTN Gateways TDM Switch Physical Wiring Voicemail © 2007 VOIPSA and Owners as Marked p.
  • 7. VoIP security is more complex Desktop Operating PSTN E-mail PCs Systems Gateways Systems Network Web Firewalls Switches Servers Standards PDAs Voice over Wireless IP Devices Instant Messaging Directories Internet Databases Physical Voicemail Wiring © 2007 VOIPSA and Owners as Marked p.
  • 8. What is the Industry Doing to Help? Security Vendors VoIP Vendors “The Sky Is Falling!” “Don’t Worry, Trust Us!” (Buy our products!) (Buy our products!) © 2007 VOIPSA and Owners as Marked p.
  • 9. Voice Over IP Security Alliance (VOIPSA) • www.voipsa.org – 100 members from VoIP and security industries • VOIPSEC mailing list – www.voipsa.org/VOIPSEC/ • “Voice of VOIPSA” Blog – www.voipsa.org/blog • Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com • VoIP Security Threat Taxonomy • Best Practices Project underway now Security Research Market and Social Classification Best Practices Outreach Objectives and Taxonomy of for VoIP Communication Constraints Security Threats Security of Findings Security System Testing Published Active Now Ongoing LEGEND © 2007 VOIPSA and Owners as Marked p.
  • 11. Security concerns in telephony are not new… Image courtesy of the Computer History Museum © 2007 VOIPSA and Owners as Marked p.
  • 12. Nor are our attempts to protect against threats… Image courtesy of Mike Sandman – http://www.sandman.com/ © 2007 VOIPSA and Owners as Marked p.
  • 13. Security Aspects of IP Telephony Media / Voice Manage TCP/IP Call ment Network Control PSTN Policy © 2007 VOIPSA and Owners as Marked p.
  • 14. Media Eavesdropping Degraded Voice Quality Encryption Virtual LANs (VLANs) Packet Filtering © 2007 VOIPSA and Owners as Marked p.
  • 15. Signaling Denial of Service Impersonation Toll Fraud Encryption Encrypted Phone Software Proper Programming © 2007 VOIPSA and Owners as Marked p.
  • 16. Management Web Interfaces APIs! Phones! Encryption Change Default Passwords! Patches? We don’t need... © 2007 VOIPSA and Owners as Marked p.
  • 17. PSTN © 2007 VOIPSA and Owners as Marked p.
  • 18. LAN Internet © 2007 VOIPSA and Owners as Marked p.
  • 19. What about SPIT? (“SPam over Internet Telephony”) • Makes for great headlines, but not yet a significant threat • Fear is script/tool that: –Iterates through calling SIP addresses: • 111@sip.company.com, 112@sip.company.com, … • Opens an audio stream if call is answered (by person or voicemail) –Steals VoIP credentials and uses account to make calls SPAM • Reality is that today such direct connections are generally not allowed • This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls from any other IP endpoint) • Until that time, Telemarketers have to initiate unsolicited calls through the PSTN to reach their primary market: slows them down and adds cost © 2007 VOIPSA and Owners as Marked p.
  • 20. The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN © 2007 VOIPSA and Owners as Marked p.
  • 22. www.voipsa.org/Resources/tools.php www.hackingvoip.com © 2007 VOIPSA and Owners as Marked p.
  • 23. © 2007 VOIPSA and Owners as Marked p.
  • 24. Tools, tools, tools... • UDP Flooder • Asteroid • IAX Flooder • enumIAX • IAX Enumerator • iWar • ohrwurm RTP Fuzzer • StegRTP • RTP Flooder • VoiPong • INVITE Flooder • Web Interface for SIP Trace • AuthTool • SIPScan • BYE Teardown • SIPCrack • Redirect Poison • SiVuS • Registration Hijacker • SIPVicious Tool Suite • Registration Eraser • SIPBomber • RTP InsertSound • SIPsak • RTP MixSound • SIP bot • SPITTER © 2007 VOIPSA and Owners as Marked p.
  • 27. Security Suggestions for Asterisk 1. TLS-encrypted SIP • needs SIP over TCP first... 2. Secure RTP (SRTP) • there’s a patch 3. SRTP Key Exchange • sdescriptions now, DTLS or potentially ZRTP in the future If Asterisk is configured to use 4. Figure out the phone configuration mess IMAP as its backend storage for • so that the web servers on the phones can be disabled voicemail, then an e-mail sent to a • auto configuration is a start, but how secure are the config files? user with an invalid/corrupted MIME body will cause Asterisk to crash 5. Identity when the user listens to their • RFC 4474 (SIP Identity) voicemail using the phone. 6. Watch out for the APIs and the apps • always fun when a rolodex app can crash your phone system! 7. Toll fraud?? 8. Testing with tools? © 2007 VOIPSA and Owners as Marked p.
  • 29. Security Links • VoIP Security Alliance - http://www.voipsa.org/ –Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php –VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ –Weblog - http://www.voipsa.org/blog/ –Security Tools list - http://www.voipsa.org/Resources/tools.php –Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com • NIST SP800-58, “Security Considerations for VoIP Systems” – http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf • Network Security Tools – http://sectools.org/ • Hacking Exposed VoIP site and tools – http://www.hackingvoip.com/ © 2007 VOIPSA and Owners as Marked p.
  • 31. Speaker Introduction – Dan York Dan York, CISSP, is the Best Practices Chair for the VOIP Security Alliance where he leads the project to develop and document a concise set of industry-wide best practices for security VoIP systems. He is also heading up VOIPSA's move into quot;social mediaquot; with the launch of the Voice of VOIPSA group weblog. Additionally, York is the producer of Blue Box: The VoIP Security Podcast where each week he and co-host Jonathan Zar discuss VoIP security news and interview people involved in the field. Most recently he served as Director of IP Technology reporting to the CTO of Mitel Corporation and focused on emerging VoIP technology and VoIP security. As chair of Mitel's Product Security Team, he coordinates the efforts of a cross-functional group to communicate both externally and internally on VoIP security issues, respond to customer inquiries related to security, investigate security vulnerability reports, and monitor security standards and trends. Previously, York served in Mitel Product Management bringing multiple products to market including Mitel's secure VoIP Teleworker Solution in 2003. His writing can also be found online at his weblog, Disruptive Telephony. © 2007 VOIPSA and Owners as Marked p.
  • 32. Other Best Practices Media / Voice TCP/IP Manage Call Network • Network ment Control Policy PSTN –Networks should be evaluated for readiness to carry VoIP traffic. –Secure mechanisms should be used for traversal of firewalls. • Phone Sets –Set software loads should be encrypted and tamper-proof. –Sets should run the minimum of services required. –Connection of a set to the system must require an initial authentication and authorization. • Servers –Servers should be incorporated into appropriate patch management and anti-virus systems. –Sufficient backup power should be available to maintain operation of telephony devices (and necessary network infrastructure) in the event of a power failure. • Wireless –All wireless devices should implement WPA and/or WPA2 versus WEP. © 2007 VOIPSA and Owners as Marked p.