O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, 2nd Edition

Book Description

The latest techniques for averting UC disaster

“This book is a must-read for any security professional responsible for VoIP or UC infrastructure. This new edition is a powerful resource that will help you keep your communications systems secure.” —Dan York, Producer and Co-Host, Blue Box: The VoIP Security Podcast

“The original edition, Hacking Exposed: Voice over IP Secrets & Solutions, provided a valuable resource for security professionals. But since then, criminals abusing VoIP and UC have become more sophisticated and prolific, with some high-profile cases ringing up huge losses. This book is a welcome update that covers these new threats with practical examples, showing the exact tools in use by the real attackers.” —Sandro Gauci, Penetration Tester and Security Researcher, Author of SIPVicious

“Powerful UC hacking secrets revealed within. An outstanding and informative book. Hacking Exposed: Unified Communications & VoIP Security Secrets & Solutions walks the reader through powerful yet practical offensive security techniques and tools for UC hacking, which then informs defense for threat mitigation. The authors do an excellent job of weaving case studies and real-world attack scenarios with useful references. This book is essential for not only IT managers deploying UC, but also for security practitioners responsible for UC security.” —Jason Ostrom, UC Security Researcher, Stora SANS Institute, co-author, SEC540 class

“After reading Hacking Exposed: Unified Communications & VoIP Security Secrets & Solutions, I was saddened to not have had this book published years ago. The amount of time and money I could have saved myself, and my clients, would have been enormous. Being a professional in an ITSP/MSP, I know firsthand the complexities and challenges involved with auditing, assessing, and securing VoIP-based networks. From the carrier level, right down to the managed PBX level, and everything in between, Hacking Exposed: Unified Communications & VoIP Security Secrets & Solutions is a de facto must-have book. For those learning VoIP security to those heavily involved in any VoIP-related capacity, this book is worth its weight in gold.” —J. Oquendo, Lead Security Engineer, E–Fensive Security Strategies

Hacking Exposed: Unified Communications & VoIP Security Secrets & Solutions, includes more sophisticated attack vectors focused on UC and NGN. The authors describe in depth many new tools and techniques such as TDoS and UC interception. Using these techniques, you will learn how you can identify the security problems of VoIP/UC. This book is a masterpiece.” —Fatih Ozavci, Senior Security Consultant at Sense of Security, Author of viproy

“This book provides you with the knowledge you need to understand VoIP threats in reality. No doom and gloom, overhyped, never to happen in the real-world scenarios. You will understand the vulnerabilities, the risks, and how to protect against them.” —Shane Green, Senior Voice Security Analyst

Establish a holistic security stance by learning to view your unified communications infrastructure through the eyes of the nefarious cyber-criminal. Hacking Exposed Unified Communications & VoIP, Second Edition offers thoroughly expanded coverage of today’s rampant threats alongside ready-to-deploy countermeasures. Find out how to block TDoS, toll fraud, voice SPAM, voice social engineering and phishing, eavesdropping, and man-in-the-middle exploits. This comprehensive guide features all-new chapters, case studies, and examples.

  • See how hackers target vulnerable UC devices and entire networks
  • Defend against TDoS, toll fraud, and service abuse
  • Block calling number hacks and calling number spoofing
  • Thwart voice social engineering and phishing exploits
  • Employ voice spam mitigation products and filters
  • Fortify Cisco Unified Communications Manager
  • Use encryption to prevent eavesdropping and MITM attacks
  • Avoid injection of malicious audio, video, and media files
  • Use fuzzers to test and buttress your VoIP applications
  • Learn about emerging technologies such as Microsoft Lync, OTT UC, other forms of UC, and cloud and WebRTC

Table of Contents

  1. Cover
  2. HACKING EXPOSED™: Unified Communications & VoIP Security Secrets & Solutions, Second Edition
  3. Copyright Page
  4. Dedication
  5. About the Authors
  6. At a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. Part I Casing the Establishment
    1. Case Study: Is There Really Any SIP in the Internet?
      1. Scanning the Entire Internet for SIP Servers
      2. Using the Shodan Search Engine to Locate Internet SIP Servers
    2. 1 VoIP Targets, Threats, and Components
      1. Campus/Internal UC
      2. Session Initiation Protocol and SIP Trunk Threats
      3. Increased Threats from the Public Voice Network
      4. Hosted UC
      5. Summary
      6. References
    3. 2 Footprinting a UC Network
      1. Why Footprint First?
      2. UC Footprinting Methodology
        1. Scoping the Effort
      3. Summary
      4. References
    4. 3 Scanning a UC Network
      1. Our VoIP Test Bed
      2. Network Host/Device Discovery
        1. ICMP Ping Sweeps
        2. Other ICMP Ping Sweeps
      3. Port Scanning and Service Discovery
      4. Host/Device Identification
      5. UC Phone Scanning and Discovery
      6. Summary
      7. References
    5. 4 Enumerating a UC Network
      1. SIP 101
        1. SIP URIs
        2. SIP Architecture Elements
        3. SIP Requests
        4. SIP Responses
        5. Typical Call Flow
        6. Further Reading
      2. RTP 101
      3. Banner Grabbing
      4. SIP User/Extension Enumeration
      5. Enumeration of Other UC Support Services
      6. UC Application-Level Enumeration
      7. Summary
      8. References
  11. Part II Application Attacks
    1. Case Study: A Real-world Telephony Denial of Service (TDoS) Attack
      1. The Payday Loan Scam
    2. 5 Toll Fraud and Service Abuse
      1. Internal Abuse of Unmonitored Phones
      2. Full-Scale Toll Fraud
      3. Summary
      4. References
    3. 6 Calling Number Spoofing
      1. Calling Number 101
      2. Spoofing/Masking the Calling Number with an IP PBX
      3. Anonymous Calling
      4. Network Services and Smartphone Apps
      5. Summary
      6. References
    4. 7 Harassing Calls and Telephony Denial of Service (TDoS)
      1. Harassing and Threatening Calls
      2. Social Networking TDoS
      3. Automated TDoS
        1. SIP Trunking
        2. Getting Target Numbers
        3. Audio Content
        4. Call Generation
        5. Attack Timing
        6. TDoS Attack Demonstration
        7. Using Virtual Queues
        8. Using Automated DoS to Cover Fraud
      4. Call Pumping
      5. DTMF DoS and Fuzzing
      6. Summary
      7. References
    5. 8 Voice SPAM
      1. Understanding Voice SPAM
        1. The FTC Robocall Challenge
        2. Other Types of UC SPAM
      2. Summary
      3. References
    6. 9 Voice Social Engineering and Voice Phishing
      1. Voice Social Engineering
      2. Voice Phishing
        1. Anatomy of a Traditional Email-based Phishing Attack
      3. Summary
      4. References
  12. Part III Exploiting the UC Network
    1. Case Study: The Angry Ex-Employee
    2. 10 UC Network Eavesdropping
      1. UC Privacy: What’s at Risk
        1. TFTP Configuration File Sniffing
        2. Number Harvesting
        3. Call Pattern Tracking
        4. Conversation Eavesdropping and Analysis
      2. First, Gain Access to the UC Traffic
        1. Compromising a Network Node
      3. Now That We Have Access, Let’s Sniff!
      4. Summary
      5. References
    3. 11 UC Interception and Modifi cation
      1. ARP Poisoning
        1. ARP Poisoning Attack Scenario
      2. Application-Level Interception Techniques
        1. How to Insert Rogue Applications
        2. SIP Rogue Application
      3. Summary
      4. References
    4. 12 UC Network Infrastructure Denial of Service (DoS)
      1. Call and Session Quality
        1. Measuring UC Call Quality
        2. Network Latency
        3. Jitter
        4. Packet Loss
        5. UC Call Quality Tools
      2. What Are DoS and DDoS Attacks?
      3. Flooding Attacks
      4. Network Availability Attacks
      5. Supporting Infrastructure Attacks
      6. Summary
      7. References
    5. 13 Cisco Unifi ed Communications Manager
      1. Introduction to the Basic Cisco UC Components
        1. IP PBX and Proxy
        2. Hard Phones
        3. Softphones
        4. Voicemail
        5. Switches and Routing
        6. Communication Between Cisco Phones and CUCM with SCCP
        7. Basic Deployment Scenarios
      2. Network Reconnaissance
        1. Sniffing
        2. Scanning and Enumeration
      3. Exploiting the Network
      4. Summary
      5. References
  13. Part IV UC Session and Application Hacking
    1. Case Study: An Attack Against Central SIP
    2. 14 Fuzzing, Flooding, and Disruption of Service
      1. Access to SIP and RTP
      2. What Is Fuzzing?
        1. Vulnerabilities 101
        2. Who’s Fuzzing?
      3. Flooding
      4. Summary
      5. References
    3. 15 Signaling Manipulation
      1. Registration Manipulation
        1. Registration Removal
        2. Registration Addition
        3. Registration Hijacking
      2. Redirection Attacks
      3. Session Teardown
      4. SIP Phone Reboot
      5. Other Signaling Manipulation Tools
      6. Summary
      7. References
    4. 16 Audio and Video Manipulation
      1. Media Manipulation
        1. Audio Insertion and Mixing
        2. Video Dropping, Injection, and DoS with VideoJak and VideoSnarf
      2. Media “Steganophony”
      3. Summary
      4. References
    5. 17 Emerging Technologies
      1. Other Enterprise UC Systems
        1. Microsoft Lync
      2. Over-the-Top (OTT)/Internet Softphone Applications
        1. Skype
      3. Mobility and Smartphones
        1. Security
      4. Other Forms of Communications
        1. Video
        2. Text Messaging
        3. Messaging
        4. Enterprise Messaging
        5. Social Networking
      5. Bring Your Own Device (BYOD)
        1. Security
      6. The Cloud
        1. Hosted UC
        2. Security
      7. WebRTC
        1. Security
      8. Summary
      9. References
  14. Index