If your organization utilizes voice communications or is thinking of migrating to VoIP (Voice over IP), you need to master VoIP security best practices and technologies in order to design, deploy, and audit trusted VoIP infrastructures. The best way to secure a VoIP network is to incorporate security in the design right from the beginning. However, even if you have security concerns about an existing VoIP network, this course will teach you all of the tips and tricks to protect your critical VoIP networks. You will learn practical tasks that you can directly apply when you go back to work.
VoIP has become a widely adopted technology, and it's here to stay. VoIP protocols and technologies, and especially VoIP security, are among the most complex fields in IT today. This course offers the in-depth knowledge required to understand how VoIP technologies work at the protocol level (mainly focusing on SIP and RTP). A detailed in-class analysis of infrastructure, signaling, and media attacks will reveal the security risks of VoIP networks for service providers, carriers, and enterprises, and students will be shown how to mitigate these risks.
By helping you understand how VoIP protocols work and giving you hands-on experience with attack mechanisms that impact your VoIP environment, this challenging course helps you design, build, and assess a secure VoIP architecture.
We will cover various VoIP attacks from VoIP signaling and media eavesdropping, caller ID impersonation, and VoIP authentication cracking to man-in-the-middle call manipulation and media injection. We will then examine multiple cutting-edge solutions, security devices, standards, and countermeasures that can be used to alleviate these vulnerabilities and threats, detailing the strengths and weaknesses of each, while guiding you through the best tools for securing your VoIP network.
As part of the course, you will receive a software VoIP PBX based on Trixbox (Asterisk), an audio headset, and several VoIP analysis and attack tools. This toolkit will help you build your own VoIP infrastructure, gain hands-on experience, and learn the attack tools used to exploit VoIP vulnerabilities from the attacker perspective. You'll learn to understand the insight gained from VoIP penetration testing, which you will be able to apply to protect your VoIP infrastructure from attacks. The extensive hands-on labs, plus the instruction from industry VoIP security experts, provide you with the skills needed to architect and evaluate your VoIP infrastructure.
The course includes an extensive list of references for each module for further analysis and staying up to date in future VoIP security trends.
Students should have a working knowledge of TCP/IP networks and protocols, general security attacks and defenses, and VoIP concepts and experience in the design or deployment of network and security technologies.
The SANS SEC540 VoIP class is quite technical, but I would highly recommend it for any manager considering the implementation of VoIP in their network. Many are simply blinded by the huge potential savings from VoIP and fail to understand or recognize the inherent risks associated with it. SANS clearly outlines the risks literally hands-on that every manager must be aware of when implementing VoIP.
Paul A. Henry