SlideShare ist ein Scribd-Unternehmen logo

VoIP: Attacks & Countermeasures in the Corporate World

J
Jason Edelstein

Discusses VoIP security threats and countermeasures with a specific focus on the Cisco Call Manager implementations. Additional information can be found at: http://www.senseofsecurity.com.au

TechnologieNews & PolitikBusiness
1 von 24
Downloaden Sie, um offline zu lesen
VoIP: Attacks & Countermeasures in the Corporate World 1 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Agenda • Introduction • Typical VoIP Network Architecture • Anatomy of VoIP Attacks • Demo of a few VoIP Attacks • Countermeasures 2 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Introduction • Historically trends and advances in IT outpace security requirements. e.g. 802.11 Wireless. VoIP is the same. • Tools are becoming more readily available. • Many of the threats against VoIP are the same threats inherited from the data networking world. e.g. eavesdropping, mitm, replay etc. 3 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Key Threats • Denial of Service – attacks against availability • Eavesdropping - unauthorised interception of voice packets • Impersonation – masquerading as a handset or a piece of VoIP infrastructure 4 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Disclaimer The techniques demonstrated are not vendor specific. Our attacks are against an “out of the box” or “default” implementation of VoIP. We are not responsible for what you do with the tools and techniques demonstrated! 5 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Typical Cisco VoIP Implementation CISCO IP PHONE 7941SERIES 1 2 3 ABC DEF ? 4 5 6 GHI JKL MNO - + 7 8 9 PQRS TUV WXYZ 0 # * OPER IP Phone #1 x 1000 IP Phone #2 x 2000 1 3 5 7 9 11 13 15 17 19 21 23 CATALYST 3550 1 2 SYSTEM RPS STAT UTIL DUPLEX SPEED 2 4 6 8 10 12 14 16 18 20 22 24 Cisco Call Manager IP Phone #3 v4.X x 3000 Data Voice VLAN 2 VLAN 6 6 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Anatomy of Attack – Impersonation • Step 1: Determine MAC address of handset • Step 2: Change MAC address on PC • Step 3: Use Softphone to make a call as that extension 7 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Anatomy of Attack - Eavesdropping • Step 1: Gather initial information • Step 2: Get access to voice VLAN • Step 3: Locate phone targets • Step 4: Execute ARP poisoning attack and record voice call 8 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Information Gathering • Cisco phone information disclosure • IP addresses: DHCP, Call Manager, TFTP, DNS Servers 9 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security • Plug into the PC port and sniff! 10 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Get on the Voice Network • Use the info we have gathered to get on the Voice VLAN. • Configure the network adapter to tag all ethernet frames with the voice VLAN. • Voila! We are on the voice VLAN. • Now we can attack any system on the voice network. 11 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security MITM Attack – ARP Theory 1 3 5 7 9 11 13 15 17 19 21 23 CATALYST 3550 1 2 SYSTEM RPS STAT UTIL DUPLEX SPEED 2 4 6 8 10 12 14 16 18 20 22 24 12 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security MITM Attack - ARP Poisoning Theory Attackers PC IP: 10.6.0.40 MAC: D IP Phone #2 IP: 10.6.0.20 MAC: B 1 3 5 7 9 11 13 15 17 19 21 23 CATALYST 3550 1 2 SYSTEM RPS STAT UTIL DUPLEX SPEED 2 4 6 8 10 12 14 16 18 20 22 24 IP Phone #3 IP: 10.6.0.30 MAC: C 13 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security MITM Attack – Execution • Start Cain & Abel and configure ARP poisoning. • Cain & Abel also has the capability to record a call. • Sit back and wait! 14 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Game Over! 15 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Some Attack Possibilities.. • Telephone banking / Voicemail PIN disclosure • Insertion of audio into conversation • Real-time voicemail capture 16 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Compromising the PIN • Telephone banking requires a user to enter a customer number and PIN using the touchpad. • Each number pressed sends a unique tone which is interpreted by the end system. 17 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security 18 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security • But which buttons were pressed? 19 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Countermeasures Cisco Switch: • Enable DHCP Snooping • Enable Dynamic ARP Inspection • Enable IP Sourceguard • Enable Port Security • Implement VLAN ACLs • Implement 802.1x 20 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Countermeasures (cont.d) Cisco Call Manager: (Not without some side effects!) • Disable Settings button on phone • Disable Span to PC port • Disable Gratuitous ARP • Disable PC Voice VLAN Access • Configure Signaling & Media Encryption! 21 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security How Real is the Threat in Australia? • One Australian organisation suffers a major telephone hack each and every day. • AusCERT Computer Crime and Security Survey 2006 shows average value of loss of over $60,000. • The largest phone hack on record is $1.7M. • 97% not reported due to risk of adverse publicity. • Threat to phone service - how would your business cope without phones for an entire day? • Telstra, Optus and Macquarie Telecom have written to clients warning of the dangers and confirming the customer is liable. 22 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Conclusion • Most current implementations of VoIP are insecure. • VoIP can be secured with the right know how. • The only way to know if your implementation is secure is to have it audited by independent experts. 23 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
VoIP Security Questions? Contact: Jason Edelstein T: +61 2 9290 4441 E: jasone@senseofsecurity.com.au www.senseofsecurity.com.au 24 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007

Empfohlen

PINsafe by SWIVEL
PINsafe by SWIVELPINsafe by SWIVEL
PINsafe by SWIVELajldr
 
Solving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsSolving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsChristina Inge
 
Grandstream - VoIP & Surveillance Products by Cohesive Technologies
Grandstream - VoIP & Surveillance Products by Cohesive Technologies Grandstream - VoIP & Surveillance Products by Cohesive Technologies
Grandstream - VoIP & Surveillance Products by Cohesive Technologies Cohesive Technologies
 
IP Intercoms & Paging System - 2N
IP Intercoms & Paging System - 2N IP Intercoms & Paging System - 2N
IP Intercoms & Paging System - 2N Cohesive Technologies
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
Grandstream VoIP & Surveillance Products | Cohesive Technologies
Grandstream VoIP & Surveillance Products | Cohesive TechnologiesGrandstream VoIP & Surveillance Products | Cohesive Technologies
Grandstream VoIP & Surveillance Products | Cohesive TechnologiesCohesive Technologies
 
Grandstream Final22
Grandstream Final22Grandstream Final22
Grandstream Final22bongskey008
 
00 control panel videofied visio specifications sheet
00 control panel videofied visio specifications sheet00 control panel videofied visio specifications sheet
00 control panel videofied visio specifications sheetIlias Varsamis
 

Empfohlen

PINsafe by SWIVEL
PINsafe by SWIVELPINsafe by SWIVEL
PINsafe by SWIVELajldr
 
Solving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsSolving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsChristina Inge
 
Grandstream - VoIP & Surveillance Products by Cohesive Technologies
Grandstream - VoIP & Surveillance Products by Cohesive Technologies Grandstream - VoIP & Surveillance Products by Cohesive Technologies
Grandstream - VoIP & Surveillance Products by Cohesive Technologies Cohesive Technologies
 
IP Intercoms & Paging System - 2N
IP Intercoms & Paging System - 2N IP Intercoms & Paging System - 2N
IP Intercoms & Paging System - 2N Cohesive Technologies
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
Grandstream VoIP & Surveillance Products | Cohesive Technologies
Grandstream VoIP & Surveillance Products | Cohesive TechnologiesGrandstream VoIP & Surveillance Products | Cohesive Technologies
Grandstream VoIP & Surveillance Products | Cohesive TechnologiesCohesive Technologies
 
Grandstream Final22
Grandstream Final22Grandstream Final22
Grandstream Final22bongskey008
 
00 control panel videofied visio specifications sheet
00 control panel videofied visio specifications sheet00 control panel videofied visio specifications sheet
00 control panel videofied visio specifications sheetIlias Varsamis
 
Webinar: Certificación comercial Konftel
Webinar: Certificación comercial Konftel Webinar: Certificación comercial Konftel
Webinar: Certificación comercial Konftel Neocenter SA de CV
 
Adolfo_Tinoco_09_02_15
Adolfo_Tinoco_09_02_15Adolfo_Tinoco_09_02_15
Adolfo_Tinoco_09_02_15Adolfo J. Tinoco
 
SMB Communications - is VoIP secure?
SMB Communications - is VoIP secure?SMB Communications - is VoIP secure?
SMB Communications - is VoIP secure?Unified Communications Online
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
Cisco aironet 1600
Cisco aironet 1600Cisco aironet 1600
Cisco aironet 1600ณ.วัชร บัณฑิต
 
8039 sip video intercom
8039 sip video intercom8039 sip video intercom
8039 sip video intercomBadam Gantumur
 
PAN 5000
PAN 5000PAN 5000
PAN 5000Altaware, Inc.
 
Technical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - englishTechnical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - englishPrivateWave Italia SpA
 
Snom_Webinar_EN_160225
Snom_Webinar_EN_160225Snom_Webinar_EN_160225
Snom_Webinar_EN_160225Michiel Top
 
Ap650 spec sheet
Ap650 spec sheetAp650 spec sheet
Ap650 spec sheetAdvantec Distribution
 
What's up with SIP?
What's up with SIP?What's up with SIP?
What's up with SIP?Graham Francis
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateWave Italia SpA
 
Ap6562
Ap6562Ap6562
Ap6562Sam Kincaid
 
Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesBrian Huff
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignYosuke Sakai
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasuressecurityxploded
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Dstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous PathogensDstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous Pathogenswarwick_amr
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
Seminar Presentation
Seminar PresentationSeminar Presentation
Seminar PresentationSergey Rubinsky, Ph.D.
 
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresBone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresAmerican Astronautical Society
 

Weitere ähnliche Inhalte

Was ist angesagt?

Webinar: Certificación comercial Konftel
Webinar: Certificación comercial Konftel Webinar: Certificación comercial Konftel
Webinar: Certificación comercial Konftel Neocenter SA de CV
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
8039 sip video intercom
8039 sip video intercom8039 sip video intercom
8039 sip video intercomBadam Gantumur
 
Technical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - englishTechnical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - englishPrivateWave Italia SpA
 
Snom_Webinar_EN_160225
Snom_Webinar_EN_160225Snom_Webinar_EN_160225
Snom_Webinar_EN_160225Michiel Top
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateWave Italia SpA
 

Was ist angesagt? (13)

Webinar: Certificación comercial Konftel
Webinar: Certificación comercial Konftel Webinar: Certificación comercial Konftel
Webinar: Certificación comercial Konftel
 
Adolfo_Tinoco_09_02_15
Adolfo_Tinoco_09_02_15Adolfo_Tinoco_09_02_15
Adolfo_Tinoco_09_02_15
 
SMB Communications - is VoIP secure?
SMB Communications - is VoIP secure?SMB Communications - is VoIP secure?
SMB Communications - is VoIP secure?
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problems
 
Cisco aironet 1600
Cisco aironet 1600Cisco aironet 1600
Cisco aironet 1600
 
8039 sip video intercom
8039 sip video intercom8039 sip video intercom
8039 sip video intercom
 
PAN 5000
PAN 5000PAN 5000
PAN 5000
 
Technical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - englishTechnical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - english
 
Snom_Webinar_EN_160225
Snom_Webinar_EN_160225Snom_Webinar_EN_160225
Snom_Webinar_EN_160225
 
Ap650 spec sheet
Ap650 spec sheetAp650 spec sheet
Ap650 spec sheet
 
What's up with SIP?
What's up with SIP?What's up with SIP?
What's up with SIP?
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical Overview
 
Ap6562
Ap6562Ap6562
Ap6562
 

Andere mochten auch

Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesBrian Huff
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignYosuke Sakai
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasuressecurityxploded
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Dstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous PathogensDstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous Pathogenswarwick_amr
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresBone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresAmerican Astronautical Society
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011International Atomic Energy Agency
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingpolichen
 
Iis Security Programming Countermeasures
Iis Security Programming CountermeasuresIis Security Programming Countermeasures
Iis Security Programming Countermeasuresguestc27cd9
 
Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.Marko Kovic
 
Return oriented programming
Return oriented programmingReturn oriented programming
Return oriented programminghybr1s
 
Designing Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows ThreatsDesigning Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows ThreatsDarwish Ahmad
 
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"Alonso Caballero
 
Google Hacking for Cryptographic Secrets
Google Hacking for Cryptographic SecretsGoogle Hacking for Cryptographic Secrets
Google Hacking for Cryptographic SecretsDr. Emin İslam Tatlı
 
Irregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData ProcessorsIrregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData ProcessorsTokyo University of Science
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...CODE BLUE
 

Andere mochten auch (20)

Oracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best PracticesOracle UCM Security: Challenges and Best Practices
Oracle UCM Security: Challenges and Best Practices
 
Patent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction DesignPatent Risk and Countermeasures Related to Open Management in Interaction Design
Patent Risk and Countermeasures Related to Open Management in Interaction Design
 
Antivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and CountermeasuresAntivirus Evasion Techniques and Countermeasures
Antivirus Evasion Techniques and Countermeasures
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Dstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous PathogensDstl Medical Countermeasures for Dangerous Pathogens
Dstl Medical Countermeasures for Dangerous Pathogens
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
Seminar Presentation
Seminar PresentationSeminar Presentation
Seminar Presentation
 
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and CountermeasuresBone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
Bone Loss in Long-Duration Spaceflight: Measurements and Countermeasures
 
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
Table 4: Unit 4 Reactor: Fukushima Daiichi Nuclear Power Plant - 18 May 2011
 
Cehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hackingCehv8 module 01 introduction to ethical hacking
Cehv8 module 01 introduction to ethical hacking
 
Iis Security Programming Countermeasures
Iis Security Programming CountermeasuresIis Security Programming Countermeasures
Iis Security Programming Countermeasures
 
Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.Digital Astroturfing: Definition, typology, and countermeasures.
Digital Astroturfing: Definition, typology, and countermeasures.
 
Return oriented programming
Return oriented programmingReturn oriented programming
Return oriented programming
 
Designing Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows ThreatsDesigning Countermeasures For Tomorrows Threats
Designing Countermeasures For Tomorrows Threats
 
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
Webinar Gratuito: "Herramientas Graficas en Kali Linux 2.0"
 
Google Hacking for Cryptographic Secrets
Google Hacking for Cryptographic SecretsGoogle Hacking for Cryptographic Secrets
Google Hacking for Cryptographic Secrets
 
Irregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData ProcessorsIrregularity Countermeasures in Massively Parallel BigData Processors
Irregularity Countermeasures in Massively Parallel BigData Processors
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
 
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
[CB16] Air-Gap security: State-of-the-art Attacks, Analysis, and Mitigation b...
 

Ähnlich wie VoIP: Attacks & Countermeasures in the Corporate World

IPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication ApplicationsIPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication ApplicationsVoxeo Corp
 
Pass4sure 300 075 Implementing Cisco IP Telephony
Pass4sure 300 075 Implementing Cisco IP TelephonyPass4sure 300 075 Implementing Cisco IP Telephony
Pass4sure 300 075 Implementing Cisco IP Telephonynustouch
 
2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cmeYves Jean Louis
 
Sample of product development
Sample of product developmentSample of product development
Sample of product developmentTransit-Protect
 
Presentation cisco mobile internet
Presentation cisco mobile internetPresentation cisco mobile internet
Presentation cisco mobile internetxKinAnx
 
Yealink catalog vp530 v65-111105
Yealink catalog vp530 v65-111105Yealink catalog vp530 v65-111105
Yealink catalog vp530 v65-111105Flavio Espuela
 
Learning Erlang And Developing A Sip Server Stack With 30k Potential Users
Learning Erlang And Developing A Sip Server Stack With 30k Potential UsersLearning Erlang And Developing A Sip Server Stack With 30k Potential Users
Learning Erlang And Developing A Sip Server Stack With 30k Potential Usersl xf
 
VoIP and the Telcos - Is there a life after death?
VoIP and the Telcos - Is there a life after death?VoIP and the Telcos - Is there a life after death?
VoIP and the Telcos - Is there a life after death?webhostingguy
 
05 Voice / Video
05 Voice / Video 05 Voice / Video
05 Voice / Video Videoguy
 
Ipecs sbg-1000 brochure
Ipecs sbg-1000 brochureIpecs sbg-1000 brochure
Ipecs sbg-1000 brochureWill Morey
 
Jain Sip Tutorial
Jain Sip TutorialJain Sip Tutorial
Jain Sip Tutorialrajibdk
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowDan York
 
Sustainable Green IT, Cisco Systems
Sustainable Green IT, Cisco SystemsSustainable Green IT, Cisco Systems
Sustainable Green IT, Cisco SystemsNetzwerk GreenIT-BB
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 

Ähnlich wie VoIP: Attacks & Countermeasures in the Corporate World (20)

IPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication ApplicationsIPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication Applications
 
Pass4sure 300 075 Implementing Cisco IP Telephony
Pass4sure 300 075 Implementing Cisco IP TelephonyPass4sure 300 075 Implementing Cisco IP Telephony
Pass4sure 300 075 Implementing Cisco IP Telephony
 
2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme2+ipt+configuring cisco-cme
2+ipt+configuring cisco-cme
 
Sample of product development
Sample of product developmentSample of product development
Sample of product development
 
Presentation cisco mobile internet
Presentation cisco mobile internetPresentation cisco mobile internet
Presentation cisco mobile internet
 
10 fn s14
10 fn s1410 fn s14
10 fn s14
 
10 fn s14
10 fn s1410 fn s14
10 fn s14
 
Yealink catalog vp530 v65-111105
Yealink catalog vp530 v65-111105Yealink catalog vp530 v65-111105
Yealink catalog vp530 v65-111105
 
Learning Erlang And Developing A Sip Server Stack With 30k Potential Users
Learning Erlang And Developing A Sip Server Stack With 30k Potential UsersLearning Erlang And Developing A Sip Server Stack With 30k Potential Users
Learning Erlang And Developing A Sip Server Stack With 30k Potential Users
 
Shore
ShoreShore
Shore
 
VoIP and the Telcos - Is there a life after death?
VoIP and the Telcos - Is there a life after death?VoIP and the Telcos - Is there a life after death?
VoIP and the Telcos - Is there a life after death?
 
05 Voice / Video
05 Voice / Video 05 Voice / Video
05 Voice / Video
 
Ipecs sbg-1000 brochure
Ipecs sbg-1000 brochureIpecs sbg-1000 brochure
Ipecs sbg-1000 brochure
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
 
Jain Sip Tutorial
Jain Sip TutorialJain Sip Tutorial
Jain Sip Tutorial
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To Know
 
Demo
Demo Demo
Demo
 
Sustainable Green IT, Cisco Systems
Sustainable Green IT, Cisco SystemsSustainable Green IT, Cisco Systems
Sustainable Green IT, Cisco Systems
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
 

Mehr von Jason Edelstein

Sense of Security Best practice strategies to improve your enterprise security
Sense of Security Best practice strategies to improve your enterprise securitySense of Security Best practice strategies to improve your enterprise security
Sense of Security Best practice strategies to improve your enterprise securityJason Edelstein
 
Sense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsSense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsJason Edelstein
 
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsSense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsJason Edelstein
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009Jason Edelstein
 
PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009Jason Edelstein
 
PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007Jason Edelstein
 
Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Jason Edelstein
 
Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Jason Edelstein
 
Virtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware ImplementationsVirtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware ImplementationsJason Edelstein
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0Jason Edelstein
 

Mehr von Jason Edelstein (10)

Sense of Security Best practice strategies to improve your enterprise security
Sense of Security Best practice strategies to improve your enterprise securitySense of Security Best practice strategies to improve your enterprise security
Sense of Security Best practice strategies to improve your enterprise security
 
Sense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated EnvironmentsSense of security - Virtualisation Security for Regulated Environments
Sense of security - Virtualisation Security for Regulated Environments
 
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the FundamentalsSense of Security - Securing Virtualised Environments; Focus on the Fundamentals
Sense of Security - Securing Virtualised Environments; Focus on the Fundamentals
 
PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009PCI What When AISA Sydney 2009
PCI What When AISA Sydney 2009
 
PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009PCI Compliance a Business Issue Isaca 2009
PCI Compliance a Business Issue Isaca 2009
 
PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007PCI Compliance What Does This Mean For the Australian Market Place 2007
PCI Compliance What Does This Mean For the Australian Market Place 2007
 
Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009Addressing Security Challenges of Mobility and Web 2.0 2009
Addressing Security Challenges of Mobility and Web 2.0 2009
 
Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009Achieving PCI Compliance Long And Short Term Strategies 2009
Achieving PCI Compliance Long And Short Term Strategies 2009
 
Virtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware ImplementationsVirtualisation: Pitfalls in Corporate VMware Implementations
Virtualisation: Pitfalls in Corporate VMware Implementations
 
Managing and Securing Web 2.0
Managing and Securing Web 2.0Managing and Securing Web 2.0
Managing and Securing Web 2.0
 

Kürzlich hochgeladen

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 

Kürzlich hochgeladen (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 

VoIP: Attacks & Countermeasures in the Corporate World

  • 1. VoIP: Attacks & Countermeasures in the Corporate World 1 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 2. VoIP Security Agenda • Introduction • Typical VoIP Network Architecture • Anatomy of VoIP Attacks • Demo of a few VoIP Attacks • Countermeasures 2 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 3. VoIP Security Introduction • Historically trends and advances in IT outpace security requirements. e.g. 802.11 Wireless. VoIP is the same. • Tools are becoming more readily available. • Many of the threats against VoIP are the same threats inherited from the data networking world. e.g. eavesdropping, mitm, replay etc. 3 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 4. VoIP Security Key Threats • Denial of Service – attacks against availability • Eavesdropping - unauthorised interception of voice packets • Impersonation – masquerading as a handset or a piece of VoIP infrastructure 4 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 5. VoIP Security Disclaimer The techniques demonstrated are not vendor specific. Our attacks are against an “out of the box” or “default” implementation of VoIP. We are not responsible for what you do with the tools and techniques demonstrated! 5 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 6. VoIP Security Typical Cisco VoIP Implementation CISCO IP PHONE 7941SERIES 1 2 3 ABC DEF ? 4 5 6 GHI JKL MNO - + 7 8 9 PQRS TUV WXYZ 0 # * OPER IP Phone #1 x 1000 IP Phone #2 x 2000 1 3 5 7 9 11 13 15 17 19 21 23 CATALYST 3550 1 2 SYSTEM RPS STAT UTIL DUPLEX SPEED 2 4 6 8 10 12 14 16 18 20 22 24 Cisco Call Manager IP Phone #3 v4.X x 3000 Data Voice VLAN 2 VLAN 6 6 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 7. VoIP Security Anatomy of Attack – Impersonation • Step 1: Determine MAC address of handset • Step 2: Change MAC address on PC • Step 3: Use Softphone to make a call as that extension 7 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 8. VoIP Security Anatomy of Attack - Eavesdropping • Step 1: Gather initial information • Step 2: Get access to voice VLAN • Step 3: Locate phone targets • Step 4: Execute ARP poisoning attack and record voice call 8 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 9. VoIP Security Information Gathering • Cisco phone information disclosure • IP addresses: DHCP, Call Manager, TFTP, DNS Servers 9 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 10. VoIP Security • Plug into the PC port and sniff! 10 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 11. VoIP Security Get on the Voice Network • Use the info we have gathered to get on the Voice VLAN. • Configure the network adapter to tag all ethernet frames with the voice VLAN. • Voila! We are on the voice VLAN. • Now we can attack any system on the voice network. 11 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 12. VoIP Security MITM Attack – ARP Theory 1 3 5 7 9 11 13 15 17 19 21 23 CATALYST 3550 1 2 SYSTEM RPS STAT UTIL DUPLEX SPEED 2 4 6 8 10 12 14 16 18 20 22 24 12 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 13. VoIP Security MITM Attack - ARP Poisoning Theory Attackers PC IP: 10.6.0.40 MAC: D IP Phone #2 IP: 10.6.0.20 MAC: B 1 3 5 7 9 11 13 15 17 19 21 23 CATALYST 3550 1 2 SYSTEM RPS STAT UTIL DUPLEX SPEED 2 4 6 8 10 12 14 16 18 20 22 24 IP Phone #3 IP: 10.6.0.30 MAC: C 13 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 14. VoIP Security MITM Attack – Execution • Start Cain & Abel and configure ARP poisoning. • Cain & Abel also has the capability to record a call. • Sit back and wait! 14 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 15. VoIP Security Game Over! 15 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 16. VoIP Security Some Attack Possibilities.. • Telephone banking / Voicemail PIN disclosure • Insertion of audio into conversation • Real-time voicemail capture 16 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 17. VoIP Security Compromising the PIN • Telephone banking requires a user to enter a customer number and PIN using the touchpad. • Each number pressed sends a unique tone which is interpreted by the end system. 17 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 18. VoIP Security 18 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 19. VoIP Security • But which buttons were pressed? 19 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 20. VoIP Security Countermeasures Cisco Switch: • Enable DHCP Snooping • Enable Dynamic ARP Inspection • Enable IP Sourceguard • Enable Port Security • Implement VLAN ACLs • Implement 802.1x 20 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 21. VoIP Security Countermeasures (cont.d) Cisco Call Manager: (Not without some side effects!) • Disable Settings button on phone • Disable Span to PC port • Disable Gratuitous ARP • Disable PC Voice VLAN Access • Configure Signaling & Media Encryption! 21 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 22. VoIP Security How Real is the Threat in Australia? • One Australian organisation suffers a major telephone hack each and every day. • AusCERT Computer Crime and Security Survey 2006 shows average value of loss of over $60,000. • The largest phone hack on record is $1.7M. • 97% not reported due to risk of adverse publicity. • Threat to phone service - how would your business cope without phones for an entire day? • Telstra, Optus and Macquarie Telecom have written to clients warning of the dangers and confirming the customer is liable. 22 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 23. VoIP Security Conclusion • Most current implementations of VoIP are insecure. • VoIP can be secured with the right know how. • The only way to know if your implementation is secure is to have it audited by independent experts. 23 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007
  • 24. VoIP Security Questions? Contact: Jason Edelstein T: +61 2 9290 4441 E: jasone@senseofsecurity.com.au www.senseofsecurity.com.au 24 © Sense of Security 2007 www.senseofsecurity.com AusCERT - May 2007