Title:
Unified communications forensics : anatomy of common UC attacks
Personal Author:
Publication Information:
Amsterdam : Syngress is an imprint of Elsevier, [2014]
Physical Description:
xvii, 149 pages: illustrations ; 24 cm.
ISBN:
9781597499927
General Note:
Includes index
Abstract:
"Communication is a key part of our every day lives. Today, we communicate in ways that were not possible for the average consumer just 15 years ago. Currently, there are multiple mediums by which communication can take place, from telephony to email to instant messaging to video conferencing. Since the first call was made on the telephone in 1876, improvements have been made on the utilization and transport of the human voice from one location to another. However, to provide lower costs and enhanced features, VoIP has been on most everyone's radar. However, as the voice and data networks continue to converge there is a serious need to understand the technology and attack vectors and mean to protect company sensitive information within this bleeding edge technology"--provided by publisher
Added Author:
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 32090000000197 | TK5105.8865 G73 2014 | Open Access Book | Book | Searching... |
Searching... | 33000000009210 | TK5105.8865 G73 2014 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Unified Communications Forensics: Anatomy of Common UC Attacks is the first book to explain the issues and vulnerabilities and demonstrate the attacks, forensic artifacts, and countermeasures required to establish a secure (UC) environment.
This book is written by leading UC experts Nicholas Grant and Joseph W. Shaw II and provides material never before found on the market, including:
* analysis of forensic artifacts in common UC attacks
* an in-depth look at established UC technologies and attack exploits
* hands-on understanding of UC attack vectors and associated countermeasures
* companion website http://secvoip.com giving readers access to the most up-to-date information on UC attacks.
Author Notes
Nick Grant and Joe Shaw have a combined 28 years of experience working in the Security and Computer Forensics Industries, they have multiple Certifications, and both have a passion for their work.
Table of Contents
| List of Figures | p. xi |
| About the Authors | p. xiii |
| Contributing Author | p. xv |
| Dedications | p. xvii |
| Chapter 1 A Brief Introduction | p. 1 |
| Introduction to Unified Communications | p. 1 |
| Protocols | p. 2 |
| Signaling | p. 2 |
| Media Session | p. 3 |
| An Introduction to Network Forensics | p. 3 |
| Network Forensics and Analysis Tools | p. 5 |
| Bro | p. 5 |
| Nftracker | p. 5 |
| Snort | p. 6 |
| Tcpdump | p. 6 |
| Tcpxtract | p. 7 |
| Wireshaik | p. 7 |
| Xplico System | p. 7 |
| Security Onion: All the Tools Rolled into One | p. 8 |
| Chapter 2 Spit, Phishing, and Other Social Outings | p. 15 |
| Introduction | p. 18 |
| Caller ID Spoofing | p. 18 |
| Phishing/Vishing/SMishing | p. 20 |
| SPIT | p. 20 |
| Security Best Practices | p. 21 |
| Required Annual Attendance | p. 22 |
| Role-Based Training | p. 22 |
| Delivery Modes | p. 22 |
| Require Training First | p. 23 |
| Acknowledgment of Policy | p. 23 |
| Outside References | p. 23 |
| Utilize Multiple Organizations | p. 23 |
| Conclusion | p. 24 |
| Chapter 3 Misconfiguration Begat Toll Fraud and Other VoIP Mischief | p. 25 |
| Introduction | p. 26 |
| Common Misconfigurations | p. 26 |
| Long Distance, Premium-Rate Telephone Numbers, and International | p. 27 |
| Encryption | p. 27 |
| Direct Inward System Access | p. 27 |
| Call Forwarding | p. 28 |
| Weak or Null Passwords | p. 28 |
| Security Best Practices | p. 28 |
| Dialing Restrictions | p. 29 |
| Encryption | p. 29 |
| Restrict Premium Features | p. 29 |
| Password/PIN Strength | p. 30 |
| Baseline | p. 30 |
| Phone Bill Analysis | p. 31 |
| Log Analysis | p. 31 |
| Conclusion | p. 31 |
| Chapter 4 Mixed Signals | p. 33 |
| Introduction | p. 34 |
| SIP Requests | p. 34 |
| Register | p. 34 |
| Invite | p. 37 |
| Bye | p. 44 |
| Options | p. 45 |
| Ack | p. 46 |
| Summing Up | p. 48 |
| SIP Responses | p. 48 |
| 1xx Responses | p. 48 |
| 2xx Responses | p. 48 |
| 3xx Responses | p. 49 |
| 4xx Responses | p. 49 |
| 5xx Responses | p. 49 |
| 6xx Response | p. 50 |
| Summary | p. 50 |
| Wrapping Up | p. 50 |
| Chapter 5 Can You Hear Me Now | p. 51 |
| Introduction | p. 52 |
| What Does It All Mean? | p. 52 |
| RTP Header Fields | p. 53 |
| Version | p. 53 |
| Padding | p. 53 |
| Extension | p. 53 |
| CSRC Count | p. 54 |
| Marker | p. 54 |
| Payload Type | p. 54 |
| Sequence Number | p. 54 |
| Timestamp | p. 54 |
| SSRC | p. 54 |
| CSRC List | p. 54 |
| Format | p. 55 |
| Extension Header | p. 55 |
| RTP Control Protocol | p. 55 |
| Feedback of Quality of Data Distribution | p. 55 |
| Carry Persistent Transport Identifiers | p. 56 |
| Control Send Rate | p. 56 |
| Convey Minimal Session Control | p. 56 |
| Packet Format | p. 56 |
| Common Header | p. 56 |
| Encryption Prefix | p. 57 |
| SR or RR | p. 57 |
| Additional RRs | p. 57 |
| SDES | p. 57 |
| BYE or APP | p. 57 |
| Packet Types | p. 57 |
| Pulling It All Together | p. 65 |
| Chapter 6 When SIP Attacks | p. 67 |
| SIP Attacks: Introduction | p. 67 |
| PBX Configuration | p. 68 |
| VAST Setup | p. 72 |
| SIP Enumeration | p. 73 |
| NMAP | p. 73 |
| SVMAP.PY | p. 75 |
| SVWAR.PY | p. 78 |
| SIP Exploitation | p. 80 |
| Attacking SIP | p. 84 |
| SVCRACK.PY | p. 84 |
| I can hear you | p. 85 |
| Conclusion | p. 91 |
| Chapter 7 Hacking the Network | p. 93 |
| Introduction | p. 93 |
| Gaining Initial Access | p. 94 |
| Scanning the Network for Potential Vulnerabilities | p. 94 |
| Vulnerabilities and Exploits | p. 94 |
| Discovery Scanning and Identification of Vulnerabilities | p. 95 |
| Softphone Exploits | p. 111 |
| Maintaining Access | p. 113 |
| Chapter 8 VoIP Bots | p. 115 |
| Introduction | p. 115 |
| Covert Channel | p. 115 |
| Attacks | p. 116 |
| Botnet | p. 116 |
| Data Exfiltration | p. 117 |
| The Proof Is in the Pudding | p. 117 |
| Discussion | p. 119 |
| Prevention | p. 120 |
| Chapter 9 Introduction to Digital Forensics | p. 123 |
| Introduction | p. 123 |
| One Discipline, Divergent Fields | p. 124 |
| Incident Response | p. 125 |
| Understanding Packet Capture | p. 131 |
| Netflow | p. 135 |
| Full Packet Capture Products | p. 136 |
| Pulling It All Together | p. 136 |
| Chapter 10 Security Best Practices-VoIP Implementation Policy | p. 139 |
| Introduction | p. 139 |
| Policy | p. 140 |
| Infrastructure | p. 140 |
| Server | p. 140 |
| Client | p. 141 |
| Administrative | p. 141 |
| Policy Review | p. 141 |
| Infrastructure | p. 141 |
| Server | p. 142 |
| Client | p. 144 |
| Administration | p. 144 |
| Final Thoughts | p. 145 |
| Index | p. 147 |
