Product Description
Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way"This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies." --Ron Gula, CTO of Tenable Network SecurityBlock debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardwareFortify Cisco, Avaya, and Asterisk systemsPrevent DNS poisoning, DHCP exhaustion, and ARP table manipulationThwart number harvesting, call pattern tracking, and conversation eavesdroppingMeasure and maintain VoIP network quality of service and VoIP conversation qualityStop DoS and packet flood-based attacks from disrupting SIP proxies and phones Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacksAvoid insertion/mixing of malicious audioLearn about voice SPAM/SPIT and how to prevent itDefend against voice phishing and identity theft scams

CUSTOMER REVIEWS (Average Customer Rating: 4.5 based on 3 reviews)

Lots of interesting info, but mostly about enterprise VoIP (not carrier/hosted VoIP) by Mark R. Lindsey (Valdosta, GA, USA)

3 Stars
March 12, 2009
This book has a lot of good background info on VoIP systems. It covers Cisco Call Manager, Avaya, and Asterisk VoIP systems in depth. It's definitely focused on SIP and RTP, and focused on Enterprise VoIP deployments. The authors appear to be unaware of hosted / carrier VoIP, such as used by Verizon. The authors don't mention anything about BroadSoft BroadWorks, MetaSwitch, Acme Packet, Sylantro, or others, though their general technology coverage certainly relates to these systems. I also wish they had considered some of the very popular SIP phones -- e.g., Linksys and Polycom. They give examples of using numerous VoIP security-scanning / exploit tools. The theoretical attacker in the book likely has physical access to the target network, or at least layer-2 (Ethernet) access. Many of the attacks are much more difficult or impossible if you're attacking across the Internet. Still, coverage of the tools is very useful to a Carrier VoIP researcher.

Invaluable VoIP Security Handbook by Martyn Davies

5 Stars
August 11, 2007
In this book David Endler and Mark Collier have pulled together a vast wealth of material about hacking VoIP networks at every possible level. More than this, they have also created new value in the form of software test tools, which they have published on an accompanying website. It really is a must-have reference book for anyone working in VoIP. Chapter 1 talks about Google hacking, or in other words, using the Internet to find out things about a target network. They show that Google can be a crucial tool in finding out what type of hardware and software you use in your VoIP networks, and in some cases will give vital clues even about how to login to the management systems of your network from the Internet. If this doesn't scare the bejesus out of you, then proceed on to further chapters about more VoIP-specific issues. Chapters 2 and 3 detail the kind of tools a hacker might use to scan your network and enumerate all the devices, i.e. build their own map of how your network is laid out, right down to the telephone numbers and MAC addresses of desktop phones. Chapter 4 talks about Denial-of-Service, and the kind of attack resources that hackers might use to cripple a telephony network. Chapter 5 is on VoIP eavesdropping, talking about some existing tools that can be used for this (Oreka, Wireshark and the unpleasantly named vomit), and as in the earlier chapters, some suggestions on how to defend against such a type of threat. Chapter 6 goes further to explain how a VoIP man-in-the-middle attack might be mounted, giving the possibility not just to listen, but to modify, replace or remix the audio stream. Chapters 7, 8, 9 talk about specific platform threats, namely to Cisco Unified CallManager, Avaya Communication Manager and the Asterisk PBX. The vendors have added their own comment to these chapters, at the request of the authors. Chapter 10 takes in Softphones, including Google Talk, Gizmo, Yahoo and of course the ever popular Skype. Chapter 11 describes VoIP fuzzing, or in other words, testing protocol stacks for flaws, so this is useful for those developing VoIP systems and applications. Chapter 12 talks about disruption of networks using flooding techniques and chapter 13 talks about Signaling and Media Manipulation. The final section of the book is entitled Social Threats, and talks about SPAM over Internet Telephony (SPIT) in Chapter 14, followed by Voice Phishing in Chapter 15. Neither of these threats are in frequent use yet, but their use is certain to increase in the future, so this is a good moment to get to grips with what this means. This is a highly technical book, but for managers responsible for IT security but not immersed in the details I would say this: buy the book, and read the case studies. There are five sections to the book, and each starts with a short case study. Invest 20 minutes in reading these, and you will start to get an appreciation for how important VoIP Security will be in the future. Then pass the book on to your hands-on security guy and tell him to read it from cover to cover.

A great Hacking Exposed and VoIP security book by Richard Bejtlich (Metro Washington, DC)

5 Stars
May 06, 2007
Hacking Exposed: VoIP (HE:V) is the sort of HE book I like. It's fashionable to think HE books are only suitable for script kiddies who run tools they don't understand against vulnerable services they don't recognize. I like HE books because the good ones explain a technology from a security standpoint, how to exploit it, and how to defend it. I thought HE:V did well in all three areas, even featuring original research and experiments to document and validate the authors' claims. HE:V is a real eye-opener for those of us who don't perform VoIP pen testing or assessments. It's important to remember that the original HE books were written by Foundstone consultants who put their work experience in book form. HE books that continue this tradition tend to be successful, and HE:V is no exception. Good HE books also introduce a wide variety of tools and techniques to exploit weaknesses in targets, and HE:V also delivers in this respect. HE:V also extends attacks beyond what most people recognize. For example, everyone probably knows about low-level exploitation of VoIP traffic for call interception and manipulation. However, chapter 6 discusses application-level interception. HE:V goes the extra mile by introducing tools written by the authors specifically to implement attacks. In at least one case the authors also provide a packet capture (for the Skinny protocol) which I particularly appreciate. HE:V also looks ahead to attacks that are appearing but not yet prevalent, like telephony spam and voice phishing. Taken together, all of these features result in a great book. You should already be familiar with the common enumeration and exploitation methods found in HE 5th Ed, because the HE:V authors wisely avoid repeating material in other books (thank you). If you want to understand VoIP, how to attack it, and how to defend it, I highly recommend reading HE:V. The book is clear, thorough, and written by experts.

SIMILAR PRODUCTS

	Hacking Exposed Wireless: Wireless Security Secrets & Solutions by Johnny Cache (Author), Vincent Liu (Author) Secure Your Wireless Networks the Hacking Exposed Way Defend against the latest pervasive and devastating wireless attacks using the tactical security information contained in this comprehensive volume. Hacking Exposed Wireless reveals how hackers zero in on susceptible networks and peripherals, gain access, and execute debilitating attacks. Find out how to plug security holes in Wi-Fi/802.11 and Bluetooth systems and devices. You'll also learn how to launch wireless exploits from...
	Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures by Peter Thermos (Author), Ari Takanen (Author) In Securing VoIP Networks, two leading experts systematically review the security risks and vulnerabilities associated with VoIP networks and offer proven, detailed recommendations for securing them. Drawing on case studies from their own fieldwork, the authors address VoIP security from the perspective of real-world network implementers, managers, and security specialists. The authors identify key threats to VoIP networks, including eavesdropping, unauthorized access,...
	Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition by Stuart McClure (Author), Joel Scambray (Author), George Kurtz (Author) The world's bestselling computer security book--fully expanded and updated "Right now you hold in your hand one of the most successful security books ever written. Rather than being a sideline participant, leverage the valuable insights Hacking Exposed 6 provides to help yourself, your company, and your country fight cyber-crime." --From the Foreword by Dave DeWalt, President and CEO, McAfee, Inc. "For security to be successful in any company, you must ‘think evil' and be attuned to...
	Hacking Exposed Cisco Networks: Cisco Security Secrets & Solutions by Andrew Vladimirov (Author), Konstantin Gavrilenko (Author), Andrei Mikhailovsky (Author) Here is the first book to focus solely on Cisco network hacking, security auditing, and defense issues. Using the proven Hacking Exposed methodology, this book shows you how to locate and patch system vulnerabilities by looking at your Cisco network through the eyes of a hacker. The book covers device-specific and network-centered attacks and defenses and offers real-world case studies.
	VoIP Hacks: Tips & Tools for Internet Telephony by Ted Wallingford (Author) Voice over Internet Protocol (VoIP) is gaining a lot of attention these days, as more companies and individuals switch from standard telephone service to phone service via the Internet. The reason is simple: A single network to carry voice and data is easier to scale, maintain, and administer. As an added bonus, it's also cheaper, because VoIP is free of the endless government regulations and tariffs imposed upon phone companies. VoIP is simply overflowing with hack potential, and "VoIP...