did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781596930506

Understanding Voice over Ip Security

by ;
  • ISBN13:

    9781596930506

  • ISBN10:

    1596930500

  • Edition: 1st
  • Format: Hardcover
  • Copyright: 2006-03-31
  • Publisher: Artech House on Demand
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $123.00 Save up to $11.62
  • Digital
    $111.38
    Add to Cart

    DURATION
    PRICE

Supplemental Materials

What is included with this book?

Summary

VoIP (voice over IP) networks are currently being deployed by enterprises, governments, and service providers around the globe and are used by millions of individuals each day. Today, the hottest topic with engineers in the field is how to secure these networks. Understanding Voice over IP Security offers this critical knowledge. The book teaches practitioners how to design a highly secure VoIP network, explains Internet security basics, such as attack types and methods, and details all the key security aspects of a VoIP system, including identity, authentication, signaling, and media encryption. What's more, the book presents techniques used to combat spam and covers the future problems of spim (spam over instant messaging) and spim (spam over internet telephony).

Author Biography

Alan B. Johnston is a coauthor of the SIP specification RFC 3261 and several other SIP-related RFCs and serves on the board of directors of the SIP Forum David M. Piscitello is the president and principal consultant of Core Competence, Inc. He is a Fellow with the Internet Corporation for Assigned Names and Numbers on the Security and Stability Advisory Committee

Table of Contents

Foreword xiii
Acknowledgments xvii
1 Introduction
1(6)
1.1 VoIP: A Green Field for Attackers
2(1)
1.2 Why VoIP Security Is Important
3(1)
1.3 The Audience for This Book
4(1)
1.4 Organization
4(3)
2 Basic Security Concepts: Cryptography
7(22)
2.1 Introduction
7(1)
2.2 Cryptography Fundamentals
7(13)
2.2.1 Secret Key (Symmetric) Cryptography
10(2)
2.2.2 Asymmetric (Public Key) Cryptography
12(1)
2.2.3 Integrity Protection
13(4)
2.2.4 Authenticated and Secure Key Exchange
17(3)
2.3 Digital Certificates and Public Key Infrastructures
20(7)
2.3.1 Certificate Assertions
22(2)
2.3.2 Certificate Authorities
24(3)
References
27(2)
3 VoIP Systems
29(22)
3.1 Introduction
29(2)
3.1.2 VoIP Architectures
29(2)
3.2 Components
31(1)
3.3 Protocols
32(16)
3.3.1 Session Initiation Protocol
32(7)
3.3.2 Session Description Protocol
39(3)
3.3.3 H.323
42(2)
3.3.4 Media Gateway Control Protocols
44(2)
3.3.5 Real Time Transport Protocol
46(1)
3.3.6 Proprietary Protocols
46(2)
3.4 Security Analysis of SIP
48(1)
References
49(2)
4 Internet Threats and Attacks
51(22)
4.1 Introduction
51(1)
4.2 Attack Types
51(13)
4.2.1 Denial of Service (DoS)
51(5)
4.2.2 Man-in-the-Middle
56(1)
4.2.3 Replay and Cut-and-Paste Attacks
57(1)
4.2.4 Theft of Service
58(1)
4.2.5 Eavesdropping
59(1)
4.2.6 Impersonation
60(1)
4.2.7 Poisoning Attacks (DNS and ARP)
60(1)
4.2.8 Credential and Identity Theft
61(1)
4.2.9 Redirection/Hijacking
62(1)
4.2.10 Session Disruption
63(1)
4.3 Attack Methods
64(6)
4.3.1 Port Scans
64(1)
4.3.2 Malicious Code
65(2)
4.3.3 Buffer Overflow
67(2)
4.3.5 Password Theft/Guessing
69(1)
4.3.6 Tunneling
69(1)
4.3.7 Bid Down
69(1)
4.4 Summary
70(1)
References
70(3)
5 Internet Security Architectures
73(28)
5.1 Introduction
73(2)
5.1.1 Origins of Internet Security Terminology
73(1)
5.1.2 Castle Building in the Virtual World
74(1)
5.2 Security Policy
75(2)
5.3 Risk, Threat, and Vulnerability Assessment
77(2)
5.4 Implementing Security
79(1)
5.5 Authentication
80(2)
5.6 Authorization (Access Control)
82(1)
5.7 Auditing
82(2)
5.8 Monitoring and Logging
84(1)
5.9 Policy Enforcement: Perimeter Security
85(8)
5.9.1 Firewalls
86(4)
5.9.2 Session Border Controller
90(2)
5.9.3 Firewalls and VoIP
92(1)
5.10 Network Address Translation
93(2)
5.11 Intrusion Detection and Prevention
95(2)
5.12 Honeypots and Honeynets
97(1)
5.13 Conclusions
97(1)
References
98(3)
6 Security Protocols
101(20)
6.1 Introduction
101(2)
6.2 IP Security (IPSec)
103(2)
6.2.1 Internet Key Exchange
105(2)
6.3 Transport Layer Security (TLS)
107(4)
6.4 Datagram Transport Layer Security (DTLS)
111(1)
6.5 Secure Shell (SecSH, SSH)
112(3)
6.6 Pretty Good Privacy (PGP)
115(1)
6.7 DNS Security (DNSSEC)
116(3)
References
119(2)
7 General Client and Server Security Principles
121(14)
7.1 Introduction
121(1)
7.2 Physical Security
122(1)
7.3 System Security
122(4)
7.3.1 Server Security
122(2)
7.3.2 Client OS Security
124(2)
7.4 LAN Security
126(5)
7.4.1 Policy-Based Network Admission
127(1)
7.4.2 Endpoint Control
128(1)
7.4.3 LAN Segmentation Strategies
129(1)
7.4.4 LAN Segmentation and Defense in Depth
130(1)
7.5 Secure Administration
131(1)
7.6 Real-Time Monitoring of VoIP Activity
132(1)
7.7 Federation Security
132(1)
7.8 Summary
132(1)
References
133(2)
8 Authentication
135(10)
8.1 Introduction
135(2)
8.2 Port-Based Network Access Control (IEEE 802.1x)
137(3)
8.3 Remote Authentication Dial-In User Service
140(3)
8.4 Conclusions
143(1)
References
143(2)
9 Signaling Security
145(18)
9.1 Introduction
145(1)
9.2 SIP Signaling Security
146(14)
9.2.1 Basic Authentication
146(1)
9.2.2 Digest Authentication
147(5)
9.2.3 Pretty Good Privacy
152(1)
9.2.4 S/MIME
153(2)
9.2.5 Transport Layer Security
155(4)
9.2.6 Secure SIP
159(1)
9.3 H.323 Signaling Security with H.235
160(1)
References
161(2)
10 Media Security 163(30)
10.1 Introduction
163(1)
10.2 Secure RTP
164(4)
10.3 Media Encryption Keying
168(4)
10.3.1 Preshared Keys
168(1)
10.3.2 Public Key Encryption
169(1)
10.3.3 Authenticated Key Management and Exchange
170(2)
10.4 Security Descriptions in SDP
172(1)
10.5 Multimedia Internet Keying (MIKEY)
173(13)
10.5.1 Generation of MIKEY Message by Initiator
177(6)
10.5.2 Responder Processing of a MIKEY Message
183(3)
10.6 Failure and Fallback Scenarios
186(2)
10.7 Alternative Key Management Protocol—ZRTP
188(2)
10.8 Future Work
190(1)
References
190(3)
11 Identity 193(32)
11.1 Introduction
193(1)
11.2 Names, Addresses, Numbers, and Communication
193(3)
11.2.1 E.164 Telephone Numbers
194(1)
11.2.2 Internet Names
195(1)
11.3 Namespace Management in SIP
196(3)
11.3.1 URI Authentication
196(3)
11.4 Trust Domains for Asserted Identity
199(3)
11.5 Interdomain SIP Identity
202(7)
11.5.1 SIP Authenticated Identity Body (AIB)
203(1)
11.5.2 Enhanced SIP Identity
204(5)
11.6 SIP Certificates Service
209(8)
11.7 Other Asserted Identity Methods
217(3)
11.7.1 Secure Assertion Markup Language
217(2)
11.7.2 Open Settlements Protocol and VoIP
219(1)
11.7.3 H.323 Identity
219(1)
11.7.4 Third Party Identity and Referred-By
219(1)
11.8 Privacy
220(3)
References
223(2)
12 PSTN Gateway Security 225(12)
12.1 Introduction
225(1)
12.2 PSTN Security Model
225(2)
12.3 Gateway Security
227(6)
12.3.1 Gateway Security Architecture
228(1)
12.3.2 Gateway Types
229(1)
12.3.3 Gateways and Caller ID
230(1)
12.3.4 Caller ID and Privacy
231(1)
12.3.5 Gateway Decomposition
231(1)
12.3.6 SIP/ISUP Interworking
232(1)
12.4 Telephone Number Mapping in the DNS
233(3)
References
236(1)
13 Spam and Spit 237(10)
13.1 Introduction
237(1)
13.2 Is VoIP Spam Inevitable?
238(2)
13.3 Technical Approaches to Combat E-Mail Spam
240(3)
13.3.1 Filtering Spam Using Identity Information
240(1)
13.3.2 Grey Listing
241(1)
13.3.3 Challenge/Response (Sender Verification)
242(1)
13.3.4 Distributed Checksum Filtering (DCF)
242(1)
13.3.5 Content Filtering
243(1)
13.3.6 Summary of Antispam Approaches
243(1)
13.4 VoIP and Spit
243(2)
13.5 Summary
245(1)
References
246(1)
14 Conclusions 247(8)
14.1 Summary
247(1)
14.2 VoIP Is Still New
248(1)
14.3 VoIP Endpoints Are New
248(1)
14.4 VoIP Standards Are Not Complete
249(1)
14.5 Base VoIP Security on Best Current Security Practices for Data
249(1)
14.6 VoIP Is a QoS-Sensitive Data Application
250(1)
14.7 Merging Public and Private VoIP Services Will Be Problematic
250(1)
14.8 Concluding Remarks
251(4)
Index 255

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program