Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 32090000000197 | TK5105.8865 G73 2014 | Open Access Book | Book | Searching... |
Searching... | 33000000009210 | TK5105.8865 G73 2014 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Unified Communications Forensics: Anatomy of Common UC Attacks is the first book to explain the issues and vulnerabilities and demonstrate the attacks, forensic artifacts, and countermeasures required to establish a secure (UC) environment.
This book is written by leading UC experts Nicholas Grant and Joseph W. Shaw II and provides material never before found on the market, including:
* analysis of forensic artifacts in common UC attacks
* an in-depth look at established UC technologies and attack exploits
* hands-on understanding of UC attack vectors and associated countermeasures
* companion website http://secvoip.com giving readers access to the most up-to-date information on UC attacks.
Author Notes
Nick Grant and Joe Shaw have a combined 28 years of experience working in the Security and Computer Forensics Industries, they have multiple Certifications, and both have a passion for their work.
Table of Contents
List of Figures | p. xi |
About the Authors | p. xiii |
Contributing Author | p. xv |
Dedications | p. xvii |
Chapter 1 A Brief Introduction | p. 1 |
Introduction to Unified Communications | p. 1 |
Protocols | p. 2 |
Signaling | p. 2 |
Media Session | p. 3 |
An Introduction to Network Forensics | p. 3 |
Network Forensics and Analysis Tools | p. 5 |
Bro | p. 5 |
Nftracker | p. 5 |
Snort | p. 6 |
Tcpdump | p. 6 |
Tcpxtract | p. 7 |
Wireshaik | p. 7 |
Xplico System | p. 7 |
Security Onion: All the Tools Rolled into One | p. 8 |
Chapter 2 Spit, Phishing, and Other Social Outings | p. 15 |
Introduction | p. 18 |
Caller ID Spoofing | p. 18 |
Phishing/Vishing/SMishing | p. 20 |
SPIT | p. 20 |
Security Best Practices | p. 21 |
Required Annual Attendance | p. 22 |
Role-Based Training | p. 22 |
Delivery Modes | p. 22 |
Require Training First | p. 23 |
Acknowledgment of Policy | p. 23 |
Outside References | p. 23 |
Utilize Multiple Organizations | p. 23 |
Conclusion | p. 24 |
Chapter 3 Misconfiguration Begat Toll Fraud and Other VoIP Mischief | p. 25 |
Introduction | p. 26 |
Common Misconfigurations | p. 26 |
Long Distance, Premium-Rate Telephone Numbers, and International | p. 27 |
Encryption | p. 27 |
Direct Inward System Access | p. 27 |
Call Forwarding | p. 28 |
Weak or Null Passwords | p. 28 |
Security Best Practices | p. 28 |
Dialing Restrictions | p. 29 |
Encryption | p. 29 |
Restrict Premium Features | p. 29 |
Password/PIN Strength | p. 30 |
Baseline | p. 30 |
Phone Bill Analysis | p. 31 |
Log Analysis | p. 31 |
Conclusion | p. 31 |
Chapter 4 Mixed Signals | p. 33 |
Introduction | p. 34 |
SIP Requests | p. 34 |
Register | p. 34 |
Invite | p. 37 |
Bye | p. 44 |
Options | p. 45 |
Ack | p. 46 |
Summing Up | p. 48 |
SIP Responses | p. 48 |
1xx Responses | p. 48 |
2xx Responses | p. 48 |
3xx Responses | p. 49 |
4xx Responses | p. 49 |
5xx Responses | p. 49 |
6xx Response | p. 50 |
Summary | p. 50 |
Wrapping Up | p. 50 |
Chapter 5 Can You Hear Me Now | p. 51 |
Introduction | p. 52 |
What Does It All Mean? | p. 52 |
RTP Header Fields | p. 53 |
Version | p. 53 |
Padding | p. 53 |
Extension | p. 53 |
CSRC Count | p. 54 |
Marker | p. 54 |
Payload Type | p. 54 |
Sequence Number | p. 54 |
Timestamp | p. 54 |
SSRC | p. 54 |
CSRC List | p. 54 |
Format | p. 55 |
Extension Header | p. 55 |
RTP Control Protocol | p. 55 |
Feedback of Quality of Data Distribution | p. 55 |
Carry Persistent Transport Identifiers | p. 56 |
Control Send Rate | p. 56 |
Convey Minimal Session Control | p. 56 |
Packet Format | p. 56 |
Common Header | p. 56 |
Encryption Prefix | p. 57 |
SR or RR | p. 57 |
Additional RRs | p. 57 |
SDES | p. 57 |
BYE or APP | p. 57 |
Packet Types | p. 57 |
Pulling It All Together | p. 65 |
Chapter 6 When SIP Attacks | p. 67 |
SIP Attacks: Introduction | p. 67 |
PBX Configuration | p. 68 |
VAST Setup | p. 72 |
SIP Enumeration | p. 73 |
NMAP | p. 73 |
SVMAP.PY | p. 75 |
SVWAR.PY | p. 78 |
SIP Exploitation | p. 80 |
Attacking SIP | p. 84 |
SVCRACK.PY | p. 84 |
I can hear you | p. 85 |
Conclusion | p. 91 |
Chapter 7 Hacking the Network | p. 93 |
Introduction | p. 93 |
Gaining Initial Access | p. 94 |
Scanning the Network for Potential Vulnerabilities | p. 94 |
Vulnerabilities and Exploits | p. 94 |
Discovery Scanning and Identification of Vulnerabilities | p. 95 |
Softphone Exploits | p. 111 |
Maintaining Access | p. 113 |
Chapter 8 VoIP Bots | p. 115 |
Introduction | p. 115 |
Covert Channel | p. 115 |
Attacks | p. 116 |
Botnet | p. 116 |
Data Exfiltration | p. 117 |
The Proof Is in the Pudding | p. 117 |
Discussion | p. 119 |
Prevention | p. 120 |
Chapter 9 Introduction to Digital Forensics | p. 123 |
Introduction | p. 123 |
One Discipline, Divergent Fields | p. 124 |
Incident Response | p. 125 |
Understanding Packet Capture | p. 131 |
Netflow | p. 135 |
Full Packet Capture Products | p. 136 |
Pulling It All Together | p. 136 |
Chapter 10 Security Best Practices-VoIP Implementation Policy | p. 139 |
Introduction | p. 139 |
Policy | p. 140 |
Infrastructure | p. 140 |
Server | p. 140 |
Client | p. 141 |
Administrative | p. 141 |
Policy Review | p. 141 |
Infrastructure | p. 141 |
Server | p. 142 |
Client | p. 144 |
Administration | p. 144 |
Final Thoughts | p. 145 |
Index | p. 147 |