SECURITY 540 - Day 6

Day 6 - VoIP Architecture

Saturday, October 4, 2010 : 9am - 5pm
Paul A. Henry, SANS Certified Instructor
6 CPE Credits

Laptop RequiredFree

The last day covers the most relevant VoIP infrastructure and network attacks with the goal of emphasizing how important it is to build a secure VoIP infrastructure on top of a secure network architecture. Some of the network-based attacks with a higher impact on the VoIP infrastructure are analyzed as well as the best architecture practices to protect the VoIP infrastructure against these threats.

• VoIP supporting infrastructure: VoIP-related overview, attacks and countermeasures for DNS, DHCP, TFTP, HTTP, SNMP, ARP and Man-in-the-Middle (MitM), port scanning, and banner grabbing
• The risks of unified communications and how to mitigate them through network segregation: VLAN's, the VoIP softphone paradox, VLAN's attacks, VLAN's and VoIP hardphones, VoIP hopping attacks, and network segregation countermeasures
• VoIP environment awareness: publicly available information and intelligence gathering through Google hacking VoIP, WHOIS, Netcraft, Google groups, Job boards, etc.

The VoIP security lectures are supplemented by hands-on labs focused on identifying devices on a VoIP infrastructure and complementing the initial reconnaissance results with more advanced vulnerability scanning and VoIP usernames and phone extensions enumeration techniques. Additionally, the signaling labs are rounded out with SIP-based manipulation attacks using advanced MitM tools and techniques.

VoIP media vulnerabilities are demonstrated and practiced using eavesdropping and advanced RTP manipulation attacks. Finally, the VoIP countermeasures modules contain technical security checklists aimed to evaluate the VoIP security capabilities and supported features and protocols offered by your VoIP vendor(s) or service provider(s).