Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby.

Slides:



Advertisements
Similar presentations
Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
Advertisements

Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.
BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Copyright Security-Assessment.com 2005 Voice over IP What You Don’t Know Can Hurt You by Darren Bilby.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky.
Web server security Dr Jim Briggs WEBP security1.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.
Virtual Private Network
1 Enabling Secure Internet Access with ISA Server.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.
VoIP Security Assessment Service Mark D. Collier Chief Technology Officer
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Copyright Security-Assessment.com 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.
Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Copyright Security-Assessment.com 2005 Exposing Web Vulnerabilities The State of Web Application Security by Nick von Dadelszen.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
By Will Peeden.  Voice over Internet Protocol  A way to make phone calls over the internet.  A way to bypass the standard phone company and their charges.
Software Security Testing Vinay Srinivasan cell:
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Computer Emergency Notification System (CENS)
Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.
Linux Networking and Security
COMP1321 Networks in Organisations Richard Henson March 2014.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Remote Connectivity and VoIP Hacking
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
TCP/IP (Transmission Control Protocol / Internet Protocol)
Topic 5: Basic Security.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Copyright Security-Assessment.com 2004 Security-Assessment.com Advances in Web Application Hacking by Nick von Dadelszen.
Sniffer, tcpdump, Ethereal, ntop
MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.
Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.
Security fundamentals Topic 9 Securing internet messaging.
Advanced Eligible Services Helping You Succeed Schools and Libraries Division Washington, DC Newark Atlanta Chicago Orlando Los Angeles Portland.
Chapter 6 Remote Connectivity and VoIP Hacking Last modified
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
HOW TO GUIDE: INEXPENSIVE INTERNET PROTOCOL TELEPHONY SOLUTION Created by: Cameron Adkisson Eastern Kentucky University
A Listener Among the Static: Christian Prescott Gabriel Fair Security and Voice over IP.
Working at a Small-to-Medium Business or ISP – Chapter 8
Network Security (the Internet Security)
100% Exam Passing Guarantee & Money Back Assurance
Wireless Network Security
Introduction to Networking
Introduction to Networking
Introduction to Networking
What’s New in Fireware v12.1.1
Remote Connectivity and VoIP Hacking
Microsoft Dumps PDF CompTIA SY0-501 Dumps PDF CompTIA Security+ Certification RealExamCollection.com.
Topic 5: Communication and the Internet
IP Addresses & Ports IP Addresses – identify a device on a network
Introduction to Networking Security
Presentation transcript:

Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby

Copyright Security-Assessment.com 2004 Security-Assessment.com VoIP Trends VOIP becoming more popular and will increase in future Many ISPs and Teleco’s starting to offer VoIP services Like most other phone calls, it is presumed to be confidential

Copyright Security-Assessment.com 2004 Security-Assessment.com Types of Phones SoftPhone HardPhone

Copyright Security-Assessment.com 2004 Security-Assessment.com Typical VoIP Architecture

Copyright Security-Assessment.com 2004 Security-Assessment.com Attacks Against VoIP Multiple attack avenues: –Standard traffic capture attacks –Bootp attacks –Phone-based vulnerabilities –Management interface attacks

Copyright Security-Assessment.com 2004 Security-Assessment.com Consequences of Attacks Consequences of VoIP attacks include: –Listening or recording phone calls –Injecting content into phone calls –Spoofing caller ID –Crashing phones –Denying phone service –VoIP Spamming

Copyright Security-Assessment.com 2004 Security-Assessment.com VoIP Protocols H.323 –Earlier protocol used, though still used today –Provides for encryption and authentication of data SIP –Digest authentication based on HTTP, but many times not enabled –No encryption MGCP –Relies on IPSEC for security, but most current phones don’t support IPSEC

Copyright Security-Assessment.com 2004 Security-Assessment.com Use of VLANS Cisco recommends separate VLANs for data and voice traffic To ease implementation, many phones allow sharing of network connections with desktop PCs VoIP allows the use of SoftPhones installed on desktop PCs Therefore cannot separate voice traffic from the rest of the network

Copyright Security-Assessment.com 2004 Security-Assessment.com Capturing VoIP Data Ethereal has built-in support for some VoIP protocols Has the ability to capture VoIP traffic Can dump some forms of VoIP traffic directly to WAV files.

Copyright Security-Assessment.com 2004 Security-Assessment.com

Copyright Security-Assessment.com 2004 Security-Assessment.com

Copyright Security-Assessment.com 2004 Security-Assessment.com Audio Capture

Copyright Security-Assessment.com 2004 Security-Assessment.com Other Tools Vomit –Injects wave files into VoIP conversations Tourettes –Written by a staff member of a customer for fun –Injects random swear words into a conversation

Copyright Security-Assessment.com 2004 Security-Assessment.com Example Phone Exploit CAN Cisco ATA-186 Web interface could reveal sensitive information Sending a POST request consisting of one byte to the HTTP interface of the adapter reveals the full configuration of the phone, including administrator password IP Phones – Another thing to patch!

Copyright Security-Assessment.com 2004 Security-Assessment.com Caller ID Spoofing Caller ID is based on a Calling Party Number (CPN) This is always sent when a call is placed A privacy flag tells the receiver whether to show the number or not Have always been able to spoof Caller ID but needed expensive PBX equipment to do so. With VoIP PBX software, spoofing is easier Has repercussions for phone authentication

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.