SlideShare a Scribd company logo

Hacking VoIP Systems: What You Need to Worry About

Dan York
Dan York

Presentation by Dan York at AstriCon 2007 about how to secure VoIP systems with a focus on the Asterisk open source PBX. The presentation outlines the issues involved with VoIP security, the tools out there to attack/test VoIP systems, best practices to defend against attacks and ends with some specific security recommendations for Asterisk. Audio will soon be available at http://www.blueboxpodcast.com/ (and will be synced to this presentation).

BusinessTechnology
1 of 32
Download to read offline
Hacking and Attacking VoIP Systems What You Need To Worry About Dan York, CISSP VOIPSA Best Practices Chair September 27, 2007
Privacy Availability Compliance Confidence Mobility Cost Avoidance Business Continuity © 2007 VOIPSA and Owners as Marked p.
© 2007 VOIPSA and Owners as Marked p.
© 2007 VOIPSA and Owners as Marked p.
© 2007 VOIPSA and Owners as Marked p.
TDM security is relatively simple... PSTN Gateways TDM Switch Physical Wiring Voicemail © 2007 VOIPSA and Owners as Marked p.
VoIP security is more complex Desktop Operating PSTN E-mail PCs Systems Gateways Systems Network Web Firewalls Switches Servers Standards PDAs Voice over Wireless IP Devices Instant Messaging Directories Internet Databases Physical Voicemail Wiring © 2007 VOIPSA and Owners as Marked p.
What is the Industry Doing to Help? Security Vendors VoIP Vendors “The Sky Is Falling!” “Don’t Worry, Trust Us!” (Buy our products!) (Buy our products!) © 2007 VOIPSA and Owners as Marked p.
Voice Over IP Security Alliance (VOIPSA) • www.voipsa.org – 100 members from VoIP and security industries • VOIPSEC mailing list – www.voipsa.org/VOIPSEC/ • “Voice of VOIPSA” Blog – www.voipsa.org/blog • Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com • VoIP Security Threat Taxonomy • Best Practices Project underway now Security Research Market and Social Classification Best Practices Outreach Objectives and Taxonomy of for VoIP Communication Constraints Security Threats Security of Findings Security System Testing Published Active Now Ongoing LEGEND © 2007 VOIPSA and Owners as Marked p.
VoIP Security
Security concerns in telephony are not new… Image courtesy of the Computer History Museum © 2007 VOIPSA and Owners as Marked p.
Nor are our attempts to protect against threats… Image courtesy of Mike Sandman – http://www.sandman.com/ © 2007 VOIPSA and Owners as Marked p.
Security Aspects of IP Telephony Media / Voice Manage TCP/IP Call ment Network Control PSTN Policy © 2007 VOIPSA and Owners as Marked p.
Media Eavesdropping Degraded Voice Quality Encryption Virtual LANs (VLANs) Packet Filtering © 2007 VOIPSA and Owners as Marked p.
Signaling Denial of Service Impersonation Toll Fraud Encryption Encrypted Phone Software Proper Programming © 2007 VOIPSA and Owners as Marked p.
Management Web Interfaces APIs! Phones! Encryption Change Default Passwords! Patches? We don’t need... © 2007 VOIPSA and Owners as Marked p.
PSTN © 2007 VOIPSA and Owners as Marked p.
LAN Internet © 2007 VOIPSA and Owners as Marked p.
What about SPIT? (“SPam over Internet Telephony”) • Makes for great headlines, but not yet a significant threat • Fear is script/tool that: –Iterates through calling SIP addresses: • 111@sip.company.com, 112@sip.company.com, … • Opens an audio stream if call is answered (by person or voicemail) –Steals VoIP credentials and uses account to make calls SPAM • Reality is that today such direct connections are generally not allowed • This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls from any other IP endpoint) • Until that time, Telemarketers have to initiate unsolicited calls through the PSTN to reach their primary market: slows them down and adds cost © 2007 VOIPSA and Owners as Marked p.
The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN © 2007 VOIPSA and Owners as Marked p.
VoIP Security Tools
www.voipsa.org/Resources/tools.php www.hackingvoip.com © 2007 VOIPSA and Owners as Marked p.
© 2007 VOIPSA and Owners as Marked p.
Tools, tools, tools... • UDP Flooder • Asteroid • IAX Flooder • enumIAX • IAX Enumerator • iWar • ohrwurm RTP Fuzzer • StegRTP • RTP Flooder • VoiPong • INVITE Flooder • Web Interface for SIP Trace • AuthTool • SIPScan • BYE Teardown • SIPCrack • Redirect Poison • SiVuS • Registration Hijacker • SIPVicious Tool Suite • Registration Eraser • SIPBomber • RTP InsertSound • SIPsak • RTP MixSound • SIP bot • SPITTER © 2007 VOIPSA and Owners as Marked p.
Asterisk & Security
www.asterisk.org/security © 2007 VOIPSA and Owners as Marked p.
Security Suggestions for Asterisk 1. TLS-encrypted SIP • needs SIP over TCP first... 2. Secure RTP (SRTP) • there’s a patch 3. SRTP Key Exchange • sdescriptions now, DTLS or potentially ZRTP in the future If Asterisk is configured to use 4. Figure out the phone configuration mess IMAP as its backend storage for • so that the web servers on the phones can be disabled voicemail, then an e-mail sent to a • auto configuration is a start, but how secure are the config files? user with an invalid/corrupted MIME body will cause Asterisk to crash 5. Identity when the user listens to their • RFC 4474 (SIP Identity) voicemail using the phone. 6. Watch out for the APIs and the apps • always fun when a rolodex app can crash your phone system! 7. Toll fraud?? 8. Testing with tools? © 2007 VOIPSA and Owners as Marked p.
Resources
Security Links • VoIP Security Alliance - http://www.voipsa.org/ –Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php –VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ –Weblog - http://www.voipsa.org/blog/ –Security Tools list - http://www.voipsa.org/Resources/tools.php –Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com • NIST SP800-58, “Security Considerations for VoIP Systems” – http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf • Network Security Tools – http://sectools.org/ • Hacking Exposed VoIP site and tools – http://www.hackingvoip.com/ © 2007 VOIPSA and Owners as Marked p.
Q&eh? www.voipsa.org
Speaker Introduction – Dan York Dan York, CISSP, is the Best Practices Chair for the VOIP Security Alliance where he leads the project to develop and document a concise set of industry-wide best practices for security VoIP systems. He is also heading up VOIPSA's move into quot;social mediaquot; with the launch of the Voice of VOIPSA group weblog. Additionally, York is the producer of Blue Box: The VoIP Security Podcast where each week he and co-host Jonathan Zar discuss VoIP security news and interview people involved in the field. Most recently he served as Director of IP Technology reporting to the CTO of Mitel Corporation and focused on emerging VoIP technology and VoIP security. As chair of Mitel's Product Security Team, he coordinates the efforts of a cross-functional group to communicate both externally and internally on VoIP security issues, respond to customer inquiries related to security, investigate security vulnerability reports, and monitor security standards and trends. Previously, York served in Mitel Product Management bringing multiple products to market including Mitel's secure VoIP Teleworker Solution in 2003. His writing can also be found online at his weblog, Disruptive Telephony. © 2007 VOIPSA and Owners as Marked p.
Other Best Practices Media / Voice TCP/IP Manage Call Network • Network ment Control Policy PSTN –Networks should be evaluated for readiness to carry VoIP traffic. –Secure mechanisms should be used for traversal of firewalls. • Phone Sets –Set software loads should be encrypted and tamper-proof. –Sets should run the minimum of services required. –Connection of a set to the system must require an initial authentication and authorization. • Servers –Servers should be incorporated into appropriate patch management and anti-virus systems. –Sufficient backup power should be available to maintain operation of telephony devices (and necessary network infrastructure) in the event of a power failure. • Wireless –All wireless devices should implement WPA and/or WPA2 versus WEP. © 2007 VOIPSA and Owners as Marked p.

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
smart ms voip for lte networks
smart ms voip for lte networkssmart ms voip for lte networks
smart ms voip for lte networksStreamWIDE
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
smart ms voip for lte networks
smart ms voip for lte networkssmart ms voip for lte networks
smart ms voip for lte networksStreamWIDE
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Securityn|u - The Open Security Community
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
VOIP security
VOIP securityVOIP security
VOIP securityRohit Gurjar
 
PBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Corporation
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenFatih Ozavci
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation tofael1
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 
Sangoma SBC Training Presentation
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training PresentationEmpatiq İletişim Teknolojileri AŞ.
 
Điện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetĐiện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetNam TruongGiang
 
Voip introduction
Voip introductionVoip introduction
Voip introductiondaksh bhatt
 
Voip
VoipVoip
VoipHarry Sunarsa
 
Voip
VoipVoip
VoipZohaib Hussain
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?broadconnect
 
Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatilsMostain Billah
 
AudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateAudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateJohn D'Annunzio
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIPPaloSanto Solutions
 
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesDan York
 
Sip termination providers
Sip termination providersSip termination providers
Sip termination providerscall2customernet
 

More Related Content

What's hot

Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
PBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Corporation
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenFatih Ozavci
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation tofael1
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceFatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 
Điện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetĐiện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetNam TruongGiang
 
Voip introduction
Voip introductionVoip introduction
Voip introductiondaksh bhatt
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?broadconnect
 
Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatilsMostain Billah
 
AudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateAudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateJohn D'Annunzio
 

What's hot (20)

Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP Gateways
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Security
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
VOIP security
VOIP securityVOIP security
VOIP security
 
PBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales PresentationPBX.NET Hosted PBX | Business VOIP Sales Presentation
PBX.NET Hosted PBX | Business VOIP Sales Presentation
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers Awaken
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
 
Sangoma SBC Training Presentation
Sangoma SBC Training PresentationSangoma SBC Training Presentation
Sangoma SBC Training Presentation
 
Điện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheetĐiện thoại ip không dây Yealink w53P datasheet
Điện thoại ip không dây Yealink w53P datasheet
 
Voip introduction
Voip introductionVoip introduction
Voip introduction
 
Voip
VoipVoip
Voip
 
Voip
VoipVoip
Voip
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?
 
Concept Of VOIP in deatils
Concept Of VOIP in deatilsConcept Of VOIP in deatils
Concept Of VOIP in deatils
 
AudioCodes Session Border Controller Update
AudioCodes Session Border Controller UpdateAudioCodes Session Border Controller Update
AudioCodes Session Border Controller Update
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIP
 

Viewers also liked

E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesDan York
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.Sumutiu Marius
 
LONG_Dong_CV
LONG_Dong_CVLONG_Dong_CV
LONG_Dong_CVdong long
 
Viproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiViproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiFatih Ozavci
 
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Mostafa El-Beheiry
 
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiOzgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiFatih Ozavci
 
Security Challenges In VoIP
Security Challenges In VoIPSecurity Challenges In VoIP
Security Challenges In VoIPTomGilis
 
Risk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back DoorRisk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back DoorRisk Crew
 
Fun with Linux Telephony
Fun with Linux TelephonyFun with Linux Telephony
Fun with Linux TelephonyDonald Burr
 
Conceptos básicos de telefonía
Conceptos básicos de telefoníaConceptos básicos de telefonía
Conceptos básicos de telefoníae-Contact LATAM
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpointGW1992
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)habib_786
 
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)Olle E Johansson
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia
 

Viewers also liked (16)

E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
 
Sip termination providers
Sip termination providersSip termination providers
Sip termination providers
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
 
LONG_Dong_CV
LONG_Dong_CVLONG_Dong_CV
LONG_Dong_CV
 
Viproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik DenetimiViproy ile VoIP Güvenlik Denetimi
Viproy ile VoIP Güvenlik Denetimi
 
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
 
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik DenetimiOzgur Yazilimlar ile VoIP Guvenlik Denetimi
Ozgur Yazilimlar ile VoIP Guvenlik Denetimi
 
Security Challenges In VoIP
Security Challenges In VoIPSecurity Challenges In VoIP
Security Challenges In VoIP
 
Risk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back DoorRisk Factory: Modems the Forgotten Back Door
Risk Factory: Modems the Forgotten Back Door
 
Fun with Linux Telephony
Fun with Linux TelephonyFun with Linux Telephony
Fun with Linux Telephony
 
Conceptos básicos de telefonía
Conceptos básicos de telefoníaConceptos básicos de telefonía
Conceptos básicos de telefonía
 
Migration to FreePBX
Migration to FreePBXMigration to FreePBX
Migration to FreePBX
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpoint
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)
 
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
Reboot the Open Realtime Revolution - #MoreCrypto (Fall 2014)
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, English
 

Similar to Hacking VoIP Systems: What You Need to Worry About

SIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkSIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkDan York
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...SSA KPI
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...IMEX Research
 
Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa Data
 
Explanation of voip
Explanation of voipExplanation of voip
Explanation of voiphuntysen
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 PraesentationSophan_Pheng
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centersscarisbrick
 
Solving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsSolving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsChristina Inge
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technicalImranD1
 
Introduction To Xener Systems
Introduction To Xener SystemsIntroduction To Xener Systems
Introduction To Xener SystemsGuisun Han
 
Network Storage: State of the Industry
Network Storage: State of the IndustryNetwork Storage: State of the Industry
Network Storage: State of the IndustryIMEX Research
 
3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_DempseyFOMS011
 
Ultima - Mobile Data Security
Ultima - Mobile Data SecurityUltima - Mobile Data Security
Ultima - Mobile Data Securitytrickey270
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Newlink
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Newlink
 
Core Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondCore Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondRadisys Corporation
 

Similar to Hacking VoIP Systems: What You Need to Worry About (20)

SIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkSIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise Network
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
 
Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013Kappa data corporate preso v2 luxembourg 2013
Kappa data corporate preso v2 luxembourg 2013
 
Explanation of voip
Explanation of voipExplanation of voip
Explanation of voip
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
 
Solving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsSolving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open Standards
 
Cisco switching technical
Cisco switching technicalCisco switching technical
Cisco switching technical
 
Introduction To Xener Systems
Introduction To Xener SystemsIntroduction To Xener Systems
Introduction To Xener Systems
 
S series presentation
S series presentationS series presentation
S series presentation
 
Hosted Contact Centre Security
Hosted Contact Centre SecurityHosted Contact Centre Security
Hosted Contact Centre Security
 
Network Storage: State of the Industry
Network Storage: State of the IndustryNetwork Storage: State of the Industry
Network Storage: State of the Industry
 
3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey3. FOMS_ IMS services_Shane_Dempsey
3. FOMS_ IMS services_Shane_Dempsey
 
Ultima - Mobile Data Security
Ultima - Mobile Data SecurityUltima - Mobile Data Security
Ultima - Mobile Data Security
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02
 
Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02Avaya sipwithinyourenterprise-090629022848-phpapp02
Avaya sipwithinyourenterprise-090629022848-phpapp02
 
Core Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & BeyondCore Network Optimization: The Control Plane, Data Plane & Beyond
Core Network Optimization: The Control Plane, Data Plane & Beyond
 
Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008
 

More from Dan York

Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Dan York
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?Dan York
 
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?Dan York
 
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Dan York
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDan York
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
 
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...Dan York
 
How IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItHow IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItDan York
 
SIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and SecuritySIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and SecurityDan York
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveDan York
 
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLOSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLDan York
 
IP Telephony Security 101
IP Telephony Security 101IP Telephony Security 101
IP Telephony Security 101Dan York
 
Recording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeRecording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeDan York
 
BLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationBLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationDan York
 
ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)Dan York
 

More from Dan York (15)

Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
 
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
 
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
 
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
 
How IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItHow IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About It
 
SIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and SecuritySIP, Unified Communications (UC) and Security
SIP, Unified Communications (UC) and Security
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin Steve
 
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLOSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
 
IP Telephony Security 101
IP Telephony Security 101IP Telephony Security 101
IP Telephony Security 101
 
Recording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeRecording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/Skype
 
BLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationBLISS Problem Statement and Motivation
BLISS Problem Statement and Motivation
 
ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)
 

Recently uploaded

Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdftbatkhuu1
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 

Recently uploaded (20)

Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdf
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 

Hacking VoIP Systems: What You Need to Worry About

  • 1. Hacking and Attacking VoIP Systems What You Need To Worry About Dan York, CISSP VOIPSA Best Practices Chair September 27, 2007
  • 2. Privacy Availability Compliance Confidence Mobility Cost Avoidance Business Continuity © 2007 VOIPSA and Owners as Marked p.
  • 3. © 2007 VOIPSA and Owners as Marked p.
  • 4. © 2007 VOIPSA and Owners as Marked p.
  • 5. © 2007 VOIPSA and Owners as Marked p.
  • 6. TDM security is relatively simple... PSTN Gateways TDM Switch Physical Wiring Voicemail © 2007 VOIPSA and Owners as Marked p.
  • 7. VoIP security is more complex Desktop Operating PSTN E-mail PCs Systems Gateways Systems Network Web Firewalls Switches Servers Standards PDAs Voice over Wireless IP Devices Instant Messaging Directories Internet Databases Physical Voicemail Wiring © 2007 VOIPSA and Owners as Marked p.
  • 8. What is the Industry Doing to Help? Security Vendors VoIP Vendors “The Sky Is Falling!” “Don’t Worry, Trust Us!” (Buy our products!) (Buy our products!) © 2007 VOIPSA and Owners as Marked p.
  • 9. Voice Over IP Security Alliance (VOIPSA) • www.voipsa.org – 100 members from VoIP and security industries • VOIPSEC mailing list – www.voipsa.org/VOIPSEC/ • “Voice of VOIPSA” Blog – www.voipsa.org/blog • Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com • VoIP Security Threat Taxonomy • Best Practices Project underway now Security Research Market and Social Classification Best Practices Outreach Objectives and Taxonomy of for VoIP Communication Constraints Security Threats Security of Findings Security System Testing Published Active Now Ongoing LEGEND © 2007 VOIPSA and Owners as Marked p.
  • 11. Security concerns in telephony are not new… Image courtesy of the Computer History Museum © 2007 VOIPSA and Owners as Marked p.
  • 12. Nor are our attempts to protect against threats… Image courtesy of Mike Sandman – http://www.sandman.com/ © 2007 VOIPSA and Owners as Marked p.
  • 13. Security Aspects of IP Telephony Media / Voice Manage TCP/IP Call ment Network Control PSTN Policy © 2007 VOIPSA and Owners as Marked p.
  • 14. Media Eavesdropping Degraded Voice Quality Encryption Virtual LANs (VLANs) Packet Filtering © 2007 VOIPSA and Owners as Marked p.
  • 15. Signaling Denial of Service Impersonation Toll Fraud Encryption Encrypted Phone Software Proper Programming © 2007 VOIPSA and Owners as Marked p.
  • 16. Management Web Interfaces APIs! Phones! Encryption Change Default Passwords! Patches? We don’t need... © 2007 VOIPSA and Owners as Marked p.
  • 17. PSTN © 2007 VOIPSA and Owners as Marked p.
  • 18. LAN Internet © 2007 VOIPSA and Owners as Marked p.
  • 19. What about SPIT? (“SPam over Internet Telephony”) • Makes for great headlines, but not yet a significant threat • Fear is script/tool that: –Iterates through calling SIP addresses: • 111@sip.company.com, 112@sip.company.com, … • Opens an audio stream if call is answered (by person or voicemail) –Steals VoIP credentials and uses account to make calls SPAM • Reality is that today such direct connections are generally not allowed • This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls from any other IP endpoint) • Until that time, Telemarketers have to initiate unsolicited calls through the PSTN to reach their primary market: slows them down and adds cost © 2007 VOIPSA and Owners as Marked p.
  • 20. The Challenge of SIP Trunking PSTN SIP Service Provider Internet IP-PBX LAN © 2007 VOIPSA and Owners as Marked p.
  • 22. www.voipsa.org/Resources/tools.php www.hackingvoip.com © 2007 VOIPSA and Owners as Marked p.
  • 23. © 2007 VOIPSA and Owners as Marked p.
  • 24. Tools, tools, tools... • UDP Flooder • Asteroid • IAX Flooder • enumIAX • IAX Enumerator • iWar • ohrwurm RTP Fuzzer • StegRTP • RTP Flooder • VoiPong • INVITE Flooder • Web Interface for SIP Trace • AuthTool • SIPScan • BYE Teardown • SIPCrack • Redirect Poison • SiVuS • Registration Hijacker • SIPVicious Tool Suite • Registration Eraser • SIPBomber • RTP InsertSound • SIPsak • RTP MixSound • SIP bot • SPITTER © 2007 VOIPSA and Owners as Marked p.
  • 27. Security Suggestions for Asterisk 1. TLS-encrypted SIP • needs SIP over TCP first... 2. Secure RTP (SRTP) • there’s a patch 3. SRTP Key Exchange • sdescriptions now, DTLS or potentially ZRTP in the future If Asterisk is configured to use 4. Figure out the phone configuration mess IMAP as its backend storage for • so that the web servers on the phones can be disabled voicemail, then an e-mail sent to a • auto configuration is a start, but how secure are the config files? user with an invalid/corrupted MIME body will cause Asterisk to crash 5. Identity when the user listens to their • RFC 4474 (SIP Identity) voicemail using the phone. 6. Watch out for the APIs and the apps • always fun when a rolodex app can crash your phone system! 7. Toll fraud?? 8. Testing with tools? © 2007 VOIPSA and Owners as Marked p.
  • 29. Security Links • VoIP Security Alliance - http://www.voipsa.org/ –Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php –VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ –Weblog - http://www.voipsa.org/blog/ –Security Tools list - http://www.voipsa.org/Resources/tools.php –Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com • NIST SP800-58, “Security Considerations for VoIP Systems” – http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf • Network Security Tools – http://sectools.org/ • Hacking Exposed VoIP site and tools – http://www.hackingvoip.com/ © 2007 VOIPSA and Owners as Marked p.
  • 31. Speaker Introduction – Dan York Dan York, CISSP, is the Best Practices Chair for the VOIP Security Alliance where he leads the project to develop and document a concise set of industry-wide best practices for security VoIP systems. He is also heading up VOIPSA's move into quot;social mediaquot; with the launch of the Voice of VOIPSA group weblog. Additionally, York is the producer of Blue Box: The VoIP Security Podcast where each week he and co-host Jonathan Zar discuss VoIP security news and interview people involved in the field. Most recently he served as Director of IP Technology reporting to the CTO of Mitel Corporation and focused on emerging VoIP technology and VoIP security. As chair of Mitel's Product Security Team, he coordinates the efforts of a cross-functional group to communicate both externally and internally on VoIP security issues, respond to customer inquiries related to security, investigate security vulnerability reports, and monitor security standards and trends. Previously, York served in Mitel Product Management bringing multiple products to market including Mitel's secure VoIP Teleworker Solution in 2003. His writing can also be found online at his weblog, Disruptive Telephony. © 2007 VOIPSA and Owners as Marked p.
  • 32. Other Best Practices Media / Voice TCP/IP Manage Call Network • Network ment Control Policy PSTN –Networks should be evaluated for readiness to carry VoIP traffic. –Secure mechanisms should be used for traversal of firewalls. • Phone Sets –Set software loads should be encrypted and tamper-proof. –Sets should run the minimum of services required. –Connection of a set to the system must require an initial authentication and authorization. • Servers –Servers should be incorporated into appropriate patch management and anti-virus systems. –Sufficient backup power should be available to maintain operation of telephony devices (and necessary network infrastructure) in the event of a power failure. • Wireless –All wireless devices should implement WPA and/or WPA2 versus WEP. © 2007 VOIPSA and Owners as Marked p.