Hacking Exposed VoIP Review: Part 1

February 15, 2007
Dan Cornell

As I mentioned earlier my old colleague Mark Collier from SecureLogix authored a book on VoIP security.  I read through the first couple chapters of Hacking Exposed VoIP and so far it is a pretty good read.  I am not terribly knowledgeable about VoIP so just reading through the book has been a good education.

One thing I liked about “Chapter 1: Footprinting a VoIP Network” was the information about adapting common hacking techniques such as Google Hacking to VoIP environments.  The book outlines a number of useful search signatures that can be used to find interesting information about public-facing VoIP facilities.

Both Chapter 2 (Scanning a VoIP Network) and Chapter 3 (Enumerating a VoIP Network) have a lot of information that is a repeat of material you can find in other places – most specifically Hacking Exposed, 5th Edition.  Some folks might see this as a negative but I found it really useful.  As a person who is getting up to speed on VoIP it was valuable to see the underlying network facilities and protocols that make up the core of a VoIP deployment.  Individuals who are deploying VoIP systems would do well to review the countermeasures outlined in the book for those infrastructure services while designing their deployments.  I also enjoyed the primer on the SIP protocol in Chapter 3.

More info to come as I make further progress through the book.  So far, though, Hacking Exposed VoIP has been a good resource for those deploying VoIP systems as well as those trying to undermine the security of VoIP installations.  I expect that future chapters will delve deeper into VoIP-specific security issues and will therefore be increasingly interesting to readers with a more solid grounding in VoIP basics.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

Dan Cornell Web Resolution

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Web Application Security

4 Responses to “Hacking Exposed VoIP Review: Part 1”

  1. Mark Collier

    Hey Dan, thanks a bunch for the post. The best chapters are yet to come… When are you going to write a book dude?

  2. Dan Cornell

    Yeah I’m still working through the last chapters of the book. Expect another post here in a couple of days.

    Some of us still have to work for a living so right now I’m just trying to stay on top of this blog. Writing a book will have to come later. Denim Group may be looking at a book based on the Agile and Secure blog (http://www.agileandsecure.com/) but we will see.

    –Dan

  3. accochetTut

    excellent!

  4. UtipGootZoomi

    denimgroup.typepad.com – the Best site

    I like your great site – denimgroup.typepad.com .
    Thank for your help for us!
    Thank you, I will add it to my bookmarks

    Best Regards

    Mark

Leave a Reply to Mark Collier Cancel reply

Your email address will not be published. Required fields are marked *