Product Description

Voice over Internet Protocol (VoIP) networks have freed users from the tyranny of big telecom, allowing people to make phone calls over the Internet at very low or no cost. But while VoIP is easy and cheap, it's notoriously lacking in security. With minimal effort, hackers can eavesdrop on conversations, disrupt phone calls, change caller IDs, insert unwanted audio into existing phone calls, and access sensitive information. "Hacking VoIP" takes a dual approach to VoIP security, explaining its many security holes to hackers and administrators. If you're serious about security, and you either use or administer VoIP, you should know where VoIP's biggest weaknesses lie and how to shore up your security. And if your intellectual curiosity is leading you to explore the boundaries of VoIP, "Hacking VoIP" is your map and guidebook. "Hacking VoIP" will introduce you to every aspect of VoIP security, both in home and enterprise implementations. You'll learn about popular security assessment tools, the inherent vulnerabilities of common hardware and software packages, and how to: Identify and defend against VoIP security attacks such as eavesdropping, audio injection, caller ID spoofing, and VoIP phishing Audit VoIP network security Assess the security of enterprise-level VoIP networks such as Cisco, Avaya, and Asterisk, and home VoIP solutions like Yahoo! and Vonage Use common VoIP protocols like H.323, SIP, and RTP as well as unique protocols like IAX Identify the many vulnerabilities in any VoIP network Whether you're setting up and defending your VoIP network against attacks or just having sick fun testing the limits of VoIP networks, "Hacking VoIP" is your go-to source for everyaspect of VoIP security and defense.

Product Details

• Amazon Sales Rank: #260177 in Books
• Published on: 2008-10-15
• Original language: English
• Number of items: 1
• Binding: Paperback
• 211 pages

About the Author

Himanshu Dwivedi is a leading security expert and researcher. He has published four books, Hacking Exposed: Web 2.0 (McGraw-Hill), Securing Storage (Addison Wesley), Hacker's Challenge 3 (McGraw-Hill), and Implementing SSH (Wiley). A founder of iSEC Partners, Himanshu manages iSEC's product development and engineering, specialized security solutions, and the creation of security testing tools for customers.

Customer Reviews

Practical and useful book that will get you started Hacking VoIP
This is a very short book, so I will try to keep the review short too.

I have tried to stay clear of VoIP networks, phones, software, hacking - while keeping an eye out for major problems. The monster called VoIP includes just to many protocols and I have a lot of work doing internet security as it is.

During the last few years though, people are moving even more into VoIP phones and thus I have read a few resources about VoIP, attended a few conference presentations about VoIP security - but not really gotten dirty with hacker tools for VoIP. I asked for a review copy of this book and one was provided by the nice people of No Starch.

This has changed and this book is the reason, because Hacking VoIP is a very practical book that will get you started hacking VoIP networks.

The book is very short, which is great, I like books that you can actually read from cover to cover. The content is also presented clearly with excellent wording and just enough detail to get me started. The book also list precise tools, programs and even allows you to download configurations and special tools.

The problems described are very real and the scenarios are precisely what is found in real life. The target audience for this book is specified as VoIP administrators, but being a security consultant myself I think the actual target audience is a bit wider. The level needed to do the lab exercises is consistent with a VoIP administrator, which have had some experience using Asterisk/BackTrack.

This book also present a VoIP Security Audit Program (VSAP) which I think is a great idea and resource for people to audit their own systems.

To summarize the Good stuff:
Short - this book is short, so you can actually finish it
Practical - using the tools described you will be able to get a VoIP network running quickly
Contents - Specific VoIP stuff, not generic hacker stuff
Writing style - excellent

The Bad stuff about this book:
Repeated content - chapter 8 contains some sniffing and injection which is repeated from chapter 4, including half page screen shoots :-( This might be more of an editorial problem, but having a 200 page book which repeats itself?!

More content would be interesting, for example fuzzing is introduced but more could have been described. Clearly the author has a lot of knowledge about hacking VoIP, so I think he could have easily added another 50-100 pages more.

Conclusion
The book does whet my appetite and lets me get started Hacking VoIP immediately which is the goal. Having obtained that goal I will be able to continue working with VoIP security and understand the new attacks being published. I recommend it for people getting into this area.