Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby.

Published byAdam Johnston Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby."— Presentation transcript:

1

2 Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby

3 Copyright Security-Assessment.com 2004 Security-Assessment.com VoIP Trends VOIP becoming more popular and will increase in future Many ISPs and Teleco’s starting to offer VoIP services Like most other phone calls, it is presumed to be confidential

4 Copyright Security-Assessment.com 2004 Security-Assessment.com Types of Phones SoftPhone HardPhone

5 Copyright Security-Assessment.com 2004 Security-Assessment.com Typical VoIP Architecture

6 Copyright Security-Assessment.com 2004 Security-Assessment.com Attacks Against VoIP Multiple attack avenues: –Standard traffic capture attacks –Bootp attacks –Phone-based vulnerabilities –Management interface attacks

7 Copyright Security-Assessment.com 2004 Security-Assessment.com Consequences of Attacks Consequences of VoIP attacks include: –Listening or recording phone calls –Injecting content into phone calls –Spoofing caller ID –Crashing phones –Denying phone service –VoIP Spamming

8 Copyright Security-Assessment.com 2004 Security-Assessment.com VoIP Protocols H.323 –Earlier protocol used, though still used today –Provides for encryption and authentication of data SIP –Digest authentication based on HTTP, but many times not enabled –No encryption MGCP –Relies on IPSEC for security, but most current phones don’t support IPSEC

9 Copyright Security-Assessment.com 2004 Security-Assessment.com Use of VLANS Cisco recommends separate VLANs for data and voice traffic To ease implementation, many phones allow sharing of network connections with desktop PCs VoIP allows the use of SoftPhones installed on desktop PCs Therefore cannot separate voice traffic from the rest of the network

10 Copyright Security-Assessment.com 2004 Security-Assessment.com Capturing VoIP Data Ethereal has built-in support for some VoIP protocols Has the ability to capture VoIP traffic Can dump some forms of VoIP traffic directly to WAV files.

11 Copyright Security-Assessment.com 2004 Security-Assessment.com

12 Copyright Security-Assessment.com 2004 Security-Assessment.com

13 Copyright Security-Assessment.com 2004 Security-Assessment.com Audio Capture

14 Copyright Security-Assessment.com 2004 Security-Assessment.com Other Tools Vomit –Injects wave files into VoIP conversations Tourettes –Written by a staff member of a customer for fun –Injects random swear words into a conversation

15 Copyright Security-Assessment.com 2004 Security-Assessment.com Example Phone Exploit CAN-2002-0769 Cisco ATA-186 Web interface could reveal sensitive information Sending a POST request consisting of one byte to the HTTP interface of the adapter reveals the full configuration of the phone, including administrator password IP Phones – Another thing to patch!

16 Copyright Security-Assessment.com 2004 Security-Assessment.com Caller ID Spoofing Caller ID is based on a Calling Party Number (CPN) This is always sent when a call is placed A privacy flag tells the receiver whether to show the number or not Have always been able to spoof Caller ID but needed expensive PBX equipment to do so. With VoIP PBX software, spoofing is easier Has repercussions for phone authentication

Download ppt "Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby."

Similar presentations

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation

Voice Security Interop 2009 Mark D. Collier SecureLogix Corporation
Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.

Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.
BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.

BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, 2008 ~ndk/apanSIP.pdf.

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Copyright Security-Assessment.com 2005 Voice over IP What You Don’t Know Can Hurt You by Darren Bilby.

Copyright Security-Assessment.com 2005 Voice over IP What You Don’t Know Can Hurt You by Darren Bilby.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky.

Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California www.ITEXPO.com 3 VoIP Issues.

VoIP Security Sanjay Kalra Juniper Networks September 10-12, 2007 Los Angeles Convention Center Los Angeles, California 3 VoIP Issues.
Virtual Private Network

Virtual Private Network
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
VoIP Security Assessment Service Mark D. Collier Chief Technology Officer

VoIP Security Assessment Service Mark D. Collier Chief Technology Officer
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Copyright Security-Assessment.com 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005.

Copyright Security-Assessment.com 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005.

Similar presentations

Ads by Google