As I mentioned earlier my old colleague Mark Collier from SecureLogix authored a book on VoIP security. I read through the first couple chapters of Hacking Exposed VoIP and so far it is a pretty good read. I am not terribly knowledgeable about VoIP so just reading through the book has been a good education.
One thing I liked about “Chapter 1: Footprinting a VoIP Network” was the information about adapting common hacking techniques such as Google Hacking to VoIP environments. The book outlines a number of useful search signatures that can be used to find interesting information about public-facing VoIP facilities.
Both Chapter 2 (Scanning a VoIP Network) and Chapter 3 (Enumerating a VoIP Network) have a lot of information that is a repeat of material you can find in other places – most specifically Hacking Exposed, 5th Edition. Some folks might see this as a negative but I found it really useful. As a person who is getting up to speed on VoIP it was valuable to see the underlying network facilities and protocols that make up the core of a VoIP deployment. Individuals who are deploying VoIP systems would do well to review the countermeasures outlined in the book for those infrastructure services while designing their deployments. I also enjoyed the primer on the SIP protocol in Chapter 3.
More info to come as I make further progress through the book. So far, though, Hacking Exposed VoIP has been a good resource for those deploying VoIP systems as well as those trying to undermine the security of VoIP installations. I expect that future chapters will delve deeper into VoIP-specific security issues and will therefore be increasingly interesting to readers with a more solid grounding in VoIP basics.
–Dan
dan _at_ denimgroup.com
Hey Dan, thanks a bunch for the post. The best chapters are yet to come… When are you going to write a book dude?
Yeah I’m still working through the last chapters of the book. Expect another post here in a couple of days.
Some of us still have to work for a living so right now I’m just trying to stay on top of this blog. Writing a book will have to come later. Denim Group may be looking at a book based on the Agile and Secure blog (http://www.agileandsecure.com/) but we will see.
–Dan
excellent!
denimgroup.typepad.com – the Best site
I like your great site – denimgroup.typepad.com .
Thank for your help for us!
Thank you, I will add it to my bookmarks
Best Regards
Mark