Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions - Softcover

About the Authors

David Endler is the director of security research for 3Com's security division, TippingPoint, where he oversees product security testing, the VoIP security research center, and their vulnerability research team. While at TippingPoint, David founded an industry-wide group called the Voice over IP Security Alliance (VOIPSA) in 2005. VOIPSAs mission is to help VoIP adoption by promoting the current state of VoIP security research, testing methodologies, best practices, and tools. David is currently the chairman of VOIPSA which boasts over 100 members from the VoIP vendor, carrier, and security space (http://www.voipsa.org). Prior to TippingPoint, David was the technical director at security services startup, iDefense, Inc. which was acquired by VeriSign. iDefense specializes in cyber security intelligence, tracking the activities of cyber-criminals and hackers, in addition to researching the latest vulnerabilities, worms, and viruses. Prior to iDefense, David spent many years in cutting edge security research roles with Xerox Corporation, the National Security Agency, and Massachusetts Institute of Technology. As an internationally recognized security expert, David is a frequent speaker at major industry conferences and has been quoted and featured in many top publications and media programs including the Wall Street Journal, USA Today, BusinessWeek, Wired Magazine, the Washington Post, CNET, Tech TV, and CNN. David has authored numerous articles and papers on computer security, and was named one of the Top 100 voices in IP Communications by IP Telephony Magazine. David is a Summa Cum Laude graduate from Tulane University where he earned a Bachelors degree and Masters degree in Computer Science.

Mark Collier is the Chief Technology Officer at SecureLogix corporation, where he directs the companies Voice Over IP (VoIP) security research and development. Mark also defines and conducts VoIP security assessments for SecureLogixs enterprise customers. Mark is actively performing research for the US Department of Defense, with a focus on developing SIP vulnerability assessment tools. Prior to SecureLogix, Mark was with Southwest Research Institute (SwRI), where he directed a group performing research and development in the areas of computer security and information warfare. Mark is a frequent speaker at major voice and security conferences. Mark has authored numerous articles and papers on VoIP security. Mark is also a founding member of the Voice Over IP Security Alliance (VoIPSA). Mark is a Magna Cum Laude graduate from St. Marys University, where he earned a Bachelors degree in Computer Science.

From the Back Cover

Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way

"This book illuminates how remote users can probe, sniff, and modify your
phones, phone switches, and networks that offer VoIP services. Most
importantly, the authors offer solutions to mitigate the risk of deploying
VoIP technologies." --Ron Gula, CTO of Tenable Network Security

Block debilitating VoIP attacks by learning how to look at your network and
devices through the eyes of the malicious intruder. Hacking Exposed VoIP
shows you, step-by-step, how online criminals perform reconnaissance, gain
access, steal data, and penetrate vulnerable systems. All hardware-specific
and network-centered security issues are covered alongside detailed
countermeasures, in-depth examples, and hands-on implementation techniques.
Inside, you'll learn how to defend against the latest DoS,
man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling
and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.

Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks
and hardware
Fortify Cisco, Avaya, and Asterisk systems
Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
Thwart number harvesting, call pattern tracking, and conversation
eavesdropping
Measure and maintain VoIP network quality of service and VoIP conversation
quality
Stop DoS and packet flood-based attacks from disrupting SIP proxies and
phones
Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
Avoid insertion/mixing of malicious audio
Learn about voice SPAM/SPIT and how to prevent it
Defend against voice phishing and identity theft scams