SlideShare una empresa de Scribd logo

SIP, Unified Communications (UC) and Security

Dan York
Dan York

This document discusses VoIP security best practices. It notes that the VoIP Security Alliance (VOIPSA) is working to develop a taxonomy of security threats and best practice recommendations. It provides several resources for information on VoIP security including the VOIPSA website, NIST guidelines, security tool repositories, and publications on VoIP hacking techniques and attacks. The conclusion is that VoIP can be made secure if properly deployed following best practices.

Tecnología
1 de 29
Descargar para leer sin conexión
Dan York, CISSP VOIPSA Best Practices Chair October 4, 2010
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA andOwners as Marked
© 2010 VOIPSA and Owners as Marked PBX Voicemail Physical Wiring PSTN Gateways
© 2010 VOIPSA and Owners as Marked Physical Wiring IP Network IP-PBX Voicemail PSTN Gateways Mobile Devices IM Networks Web Servers Email Servers Desktop PCs Operating Systems Firewalls Internet Directory Servers VoIP CRM Systems Social Networks Database Servers Application Servers
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Geography
© 2010 VOIPSA and Owners as Marked UC System Corp  HQ   InternetFirewal l Home Firewal l IP Phone PC Home  
© 2010 VOIPSA and Owners as Marked UC System Corp  HQ   InternetFirewall WiFi Café Router Mobile UC client Laptop UC client Mobile Data Network
© 2010 VOIPSA and Owners as Marked IM Corp  HQ   Corporate Network Presence Call Control IVR IM Office  A   Presence Call Control Voicemail IM Office  B   Presence Call Control PSTN Conferencing Internet
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Internet LAN
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Can you trust “the Cloud” to be there?
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Carrier PSTN Carrier Carrier Carrier Carrier CarrierCarrier
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked ITSP PSTN ITSP ITSP ITSP ITSP ITSPITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked •  What does a traditional telemarketer need? •  Makes for great headlines, but not yet a significant threat •  Fear is script/tool that: – Iterates through calling SIP addresses: •  111@sip.company.com, 112@sip.company.com, … •  Opens an audio stream if call is answered (by person or voicemail) – Steals VoIP credentials and uses account to make calls •  Reality is that today such direct connections are generally not allowed •  This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls from any other IP endpoint) •  Until that time, PSTN is de facto firewall SPAM
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Security Vendors “The Sky Is Falling!” (Buy our products!) VoIP Vendors “Don’t Worry, Trust Us!” (Buy our products!)
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Classification! Taxonomy of! Security Threats! Security! Research! Best Practices! for VoIP! Security! Security! System! Testing! Outreach! Communication! of Findings! Market and Social! Objectives and! Constraints! Published Active Now OngoingLEGEND •  www.voipsa.org – 100 members from VoIP and security industries •  VOIPSEC mailing list – www.voipsa.org/VOIPSEC/ •  “Voice of VOIPSA” Blog – www.voipsa.org/blog •  Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com •  VoIP Security Threat Taxonomy •  Best Practices Project underway now
© 2010 VOIPSA and Owners as Marked www.voipsa.org/Resources/tools.php © 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked •  VoIP Security Alliance - http://www.voipsa.org/ – Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php – VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ – Weblog - http://www.voipsa.org/blog/ – Security Tools list - http://www.voipsa.org/Resources/tools.php – Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com •  NIST SP800-58, “Security Considerations for VoIP Systems” –  http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf •  Network Security Tools –  http://sectools.org/ •  Hacking Exposed VoIP site and tools –  http://www.hackingvoip.com/ •  Seven Deadliest Unified Communications Attacks –  http://www.7ducattacks.com/
© 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked VoIP can be more secure than the PSTN if it is properly deployed.
www.voipsa.org Dan York - dan.york@voipsa.org

Recomendados

MinistryTech: Asterisk
MinistryTech: AsteriskMinistryTech: Asterisk
MinistryTech: Asteriskamitry
 
VIOP , SKYPE and OOVOO
VIOP , SKYPE and OOVOOVIOP , SKYPE and OOVOO
VIOP , SKYPE and OOVOOUniversity of Central Punjab
 
Wifi
WifiWifi
WifiSanchay Gumber
 
3
33
3Jyoti Shah
 
Wifi
WifiWifi
WifiInderdeep Singh
 
VoIP Security for Dummies
VoIP Security for DummiesVoIP Security for Dummies
VoIP Security for DummiesAvaya Inc.
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowDan York
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 

Recomendados

MinistryTech: Asterisk
MinistryTech: AsteriskMinistryTech: Asterisk
MinistryTech: Asteriskamitry
 
VIOP , SKYPE and OOVOO
VIOP , SKYPE and OOVOOVIOP , SKYPE and OOVOO
VIOP , SKYPE and OOVOOUniversity of Central Punjab
 
Wifi
WifiWifi
WifiSanchay Gumber
 
3
33
3Jyoti Shah
 
Wifi
WifiWifi
WifiInderdeep Singh
 
VoIP Security for Dummies
VoIP Security for DummiesVoIP Security for Dummies
VoIP Security for DummiesAvaya Inc.
 
Hacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowHacking and Attacking VoIP Systems - What You Need To Know
Hacking and Attacking VoIP Systems - What You Need To KnowDan York
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
IPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication ApplicationsIPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication ApplicationsVoxeo Corp
 
Cost efficient business phone system
Cost efficient business phone systemCost efficient business phone system
Cost efficient business phone systemc2mtech
 
Crystal Clear Eng1
Crystal Clear Eng1Crystal Clear Eng1
Crystal Clear Eng1argova
 
Ip pabx-presentation
Ip pabx-presentationIp pabx-presentation
Ip pabx-presentationsumit tayal
 
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)SI3D systems
 
Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi Technologyashubhardwaj03
 
Voip
VoipVoip
VoipHardik Kakadiya
 
Why MiFi 2372?
Why MiFi 2372?Why MiFi 2372?
Why MiFi 2372?Donald Silva
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
how wifi has changed our life
how wifi has changed our lifehow wifi has changed our life
how wifi has changed our lifeaqsattiq
 
Web3000: Hayes modem deal release
Web3000: Hayes modem deal releaseWeb3000: Hayes modem deal release
Web3000: Hayes modem deal releaseSteven Spenser
 
SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...
SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...
SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...SIPfoundry
 
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...Dan York
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overviewBAKOTECH
 
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Voxeo Corp
 
SIP - The Basics
SIP - The BasicsSIP - The Basics
SIP - The BasicsJonas Borjesson
 
SIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolSIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolLivePerson
 
3 Tier Architecture
3 Tier Architecture3 Tier Architecture
3 Tier Architectureguestd0cc01
 
VoIP Presentation
VoIP PresentationVoIP Presentation
VoIP PresentationJamJin
 

Más contenido relacionado

La actualidad más candente

IPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication ApplicationsIPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication ApplicationsVoxeo Corp
 
Cost efficient business phone system
Cost efficient business phone systemCost efficient business phone system
Cost efficient business phone systemc2mtech
 
Crystal Clear Eng1
Crystal Clear Eng1Crystal Clear Eng1
Crystal Clear Eng1argova
 
Ip pabx-presentation
Ip pabx-presentationIp pabx-presentation
Ip pabx-presentationsumit tayal
 
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)SI3D systems
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
how wifi has changed our life
how wifi has changed our lifehow wifi has changed our life
how wifi has changed our lifeaqsattiq
 
Web3000: Hayes modem deal release
Web3000: Hayes modem deal releaseWeb3000: Hayes modem deal release
Web3000: Hayes modem deal releaseSteven Spenser
 
SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...
SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...
SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...SIPfoundry
 

La actualidad más candente (15)

IPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication ApplicationsIPv6 and How It Impacts Communication Applications
IPv6 and How It Impacts Communication Applications
 
Cost efficient business phone system
Cost efficient business phone systemCost efficient business phone system
Cost efficient business phone system
 
Crystal Clear Eng1
Crystal Clear Eng1Crystal Clear Eng1
Crystal Clear Eng1
 
Ip pabx-presentation
Ip pabx-presentationIp pabx-presentation
Ip pabx-presentation
 
Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)Product Overview: April 2015 (Si3D)
Product Overview: April 2015 (Si3D)
 
Voip security
Voip securityVoip security
Voip security
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi Technology
 
Voip
VoipVoip
Voip
 
Why MiFi 2372?
Why MiFi 2372?Why MiFi 2372?
Why MiFi 2372?
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problems
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacks
 
how wifi has changed our life
how wifi has changed our lifehow wifi has changed our life
how wifi has changed our life
 
Web3000: Hayes modem deal release
Web3000: Hayes modem deal releaseWeb3000: Hayes modem deal release
Web3000: Hayes modem deal release
 
SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...
SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...
SIPfoundry CoLab 2013 - Solving the Bring Your Own Device BYOD problem with o...
 

Destacado

The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...Dan York
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overviewBAKOTECH
 
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Voxeo Corp
 
SIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolSIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolLivePerson
 
3 Tier Architecture
3 Tier Architecture3 Tier Architecture
3 Tier Architectureguestd0cc01
 

Destacado (6)

The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoI...
 
NetScout nGeniusONE overview
NetScout nGeniusONE overviewNetScout nGeniusONE overview
NetScout nGeniusONE overview
 
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
 
SIP - The Basics
SIP - The BasicsSIP - The Basics
SIP - The Basics
 
SIP - Introduction to SIP Protocol
SIP - Introduction to SIP ProtocolSIP - Introduction to SIP Protocol
SIP - Introduction to SIP Protocol
 
3 Tier Architecture
3 Tier Architecture3 Tier Architecture
3 Tier Architecture
 

Similar a SIP, Unified Communications (UC) and Security

VoIP Presentation
VoIP PresentationVoIP Presentation
VoIP PresentationJamJin
 
TeleVerus Business Opportunity
TeleVerus Business OpportunityTeleVerus Business Opportunity
TeleVerus Business OpportunityMark Goldberg
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.pptSATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.pptNasir152222
 
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.pptSATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.pptAlKir1
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation tofael1
 
Ultimate guide to voIP
Ultimate guide to voIPUltimate guide to voIP
Ultimate guide to voIPStephen Dize
 
VoIP altanai bisht , 1st sem _ Anna University , Symposium presentation paper
VoIP altanai bisht , 1st sem _ Anna University , Symposium presentation paperVoIP altanai bisht , 1st sem _ Anna University , Symposium presentation paper
VoIP altanai bisht , 1st sem _ Anna University , Symposium presentation paperALTANAI BISHT
 
A study on voice over internet protocol
A study on voice over internet protocolA study on voice over internet protocol
A study on voice over internet protocolNeelesh verma
 
MeetXO_CorpCapabilities_2015
MeetXO_CorpCapabilities_2015MeetXO_CorpCapabilities_2015
MeetXO_CorpCapabilities_2015Ramon F. La Torre
 
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?XO Communications
 
Anup Bootstrapping Feb9th
Anup Bootstrapping Feb9thAnup Bootstrapping Feb9th
Anup Bootstrapping Feb9thClubExpress
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpointGW1992
 
What Is a VoIP Phone System_.pdf
What Is a VoIP Phone System_.pdfWhat Is a VoIP Phone System_.pdf
What Is a VoIP Phone System_.pdfjallavattan0901
 
Sip vs. VoIP – Which one should your business choose
Sip vs. VoIP – Which one should your business chooseSip vs. VoIP – Which one should your business choose
Sip vs. VoIP – Which one should your business chooseAxVoice
 

Similar a SIP, Unified Communications (UC) and Security (20)

VoIP Presentation
VoIP PresentationVoIP Presentation
VoIP Presentation
 
TeleVerus Business Opportunity
TeleVerus Business OpportunityTeleVerus Business Opportunity
TeleVerus Business Opportunity
 
TeleVerus
TeleVerusTeleVerus
TeleVerus
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
 
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.pptSATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
 
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.pptSATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
SATRC-WG-PR01-10_Afghanistan-Introduction_to_Voice_over_Internet_Protocol.ppt
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation
 
Ultimate guide to voIP
Ultimate guide to voIPUltimate guide to voIP
Ultimate guide to voIP
 
VoIP altanai bisht , 1st sem _ Anna University , Symposium presentation paper
VoIP altanai bisht , 1st sem _ Anna University , Symposium presentation paperVoIP altanai bisht , 1st sem _ Anna University , Symposium presentation paper
VoIP altanai bisht , 1st sem _ Anna University , Symposium presentation paper
 
Tele Verusv1
Tele Verusv1Tele Verusv1
Tele Verusv1
 
Tele Verusv1
Tele Verusv1Tele Verusv1
Tele Verusv1
 
Tele Verusv1
Tele Verusv1Tele Verusv1
Tele Verusv1
 
A study on voice over internet protocol
A study on voice over internet protocolA study on voice over internet protocol
A study on voice over internet protocol
 
MeetXO_CorpCapabilities_2015
MeetXO_CorpCapabilities_2015MeetXO_CorpCapabilities_2015
MeetXO_CorpCapabilities_2015
 
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
 
Anup Bootstrapping Feb9th
Anup Bootstrapping Feb9thAnup Bootstrapping Feb9th
Anup Bootstrapping Feb9th
 
Pugetsoundtelecom V3.5
Pugetsoundtelecom V3.5Pugetsoundtelecom V3.5
Pugetsoundtelecom V3.5
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpoint
 
What Is a VoIP Phone System_.pdf
What Is a VoIP Phone System_.pdfWhat Is a VoIP Phone System_.pdf
What Is a VoIP Phone System_.pdf
 
Sip vs. VoIP – Which one should your business choose
Sip vs. VoIP – Which one should your business chooseSip vs. VoIP – Which one should your business choose
Sip vs. VoIP – Which one should your business choose
 

Más de Dan York

Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Dan York
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?Dan York
 
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?Dan York
 
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Dan York
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDan York
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
 
How IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItHow IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItDan York
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveDan York
 
SIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkSIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkDan York
 
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLOSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLDan York
 
IP Telephony Security 101
IP Telephony Security 101IP Telephony Security 101
IP Telephony Security 101Dan York
 
Recording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeRecording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeDan York
 
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesDan York
 
BLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationBLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationDan York
 
ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)Dan York
 

Más de Dan York (15)

Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible) Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
Yes, IPv6 is Real! How To Make Your Apps Work (And Be As Fast As Possible)
 
SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?SIPNOC 2014 - Is It Time For TLS for SIP?
SIPNOC 2014 - Is It Time For TLS for SIP?
 
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
A Choice Of Internet Futures: Will Nonprofits Be Stuck In The Slow Lane?
 
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
Open Source and The Global Disruption Of Telecom: What Choices Will We Make?
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
 
How IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About ItHow IPv6 Will Kill Telecom - And What We Need To Do About It
How IPv6 Will Kill Telecom - And What We Need To Do About It
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin Steve
 
SIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise NetworkSIP Trunking & Security in an Enterprise Network
SIP Trunking & Security in an Enterprise Network
 
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XMLOSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML
 
IP Telephony Security 101
IP Telephony Security 101IP Telephony Security 101
IP Telephony Security 101
 
Recording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/SkypeRecording Remote Hosts/Interviews with VoIP/Skype
Recording Remote Hosts/Interviews with VoIP/Skype
 
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
 
BLISS Problem Statement and Motivation
BLISS Problem Statement and MotivationBLISS Problem Statement and Motivation
BLISS Problem Statement and Motivation
 
ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)ETel2007: The Black Bag Security Review (VoIP Security)
ETel2007: The Black Bag Security Review (VoIP Security)
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

SIP, Unified Communications (UC) and Security

  • 1. Dan York, CISSP VOIPSA Best Practices Chair October 4, 2010
  • 2. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA andOwners as Marked
  • 3. © 2010 VOIPSA and Owners as Marked PBX Voicemail Physical Wiring PSTN Gateways
  • 4. © 2010 VOIPSA and Owners as Marked Physical Wiring IP Network IP-PBX Voicemail PSTN Gateways Mobile Devices IM Networks Web Servers Email Servers Desktop PCs Operating Systems Firewalls Internet Directory Servers VoIP CRM Systems Social Networks Database Servers Application Servers
  • 5. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 6. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 7. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 8. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 9. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Geography
  • 10. © 2010 VOIPSA and Owners as Marked UC System Corp  HQ   InternetFirewal l Home Firewal l IP Phone PC Home  
  • 11. © 2010 VOIPSA and Owners as Marked UC System Corp  HQ   InternetFirewall WiFi Café Router Mobile UC client Laptop UC client Mobile Data Network
  • 12. © 2010 VOIPSA and Owners as Marked IM Corp  HQ   Corporate Network Presence Call Control IVR IM Office  A   Presence Call Control Voicemail IM Office  B   Presence Call Control PSTN Conferencing Internet
  • 13. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Internet LAN
  • 14. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Can you trust “the Cloud” to be there?
  • 15. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Carrier PSTN Carrier Carrier Carrier Carrier CarrierCarrier
  • 16. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked ITSP PSTN ITSP ITSP ITSP ITSP ITSPITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP ITSP
  • 17. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 18. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 19. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 20. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 21. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 22. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked •  What does a traditional telemarketer need? •  Makes for great headlines, but not yet a significant threat •  Fear is script/tool that: – Iterates through calling SIP addresses: •  111@sip.company.com, 112@sip.company.com, … •  Opens an audio stream if call is answered (by person or voicemail) – Steals VoIP credentials and uses account to make calls •  Reality is that today such direct connections are generally not allowed •  This will change as companies make greater use of SIP trunking and/or directly connect IP-PBX systems to the Internet (and allow incoming calls from any other IP endpoint) •  Until that time, PSTN is de facto firewall SPAM
  • 23. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Security Vendors “The Sky Is Falling!” (Buy our products!) VoIP Vendors “Don’t Worry, Trust Us!” (Buy our products!)
  • 24. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked Classification! Taxonomy of! Security Threats! Security! Research! Best Practices! for VoIP! Security! Security! System! Testing! Outreach! Communication! of Findings! Market and Social! Objectives and! Constraints! Published Active Now OngoingLEGEND •  www.voipsa.org – 100 members from VoIP and security industries •  VOIPSEC mailing list – www.voipsa.org/VOIPSEC/ •  “Voice of VOIPSA” Blog – www.voipsa.org/blog •  Blue Box: The VoIP Security Podcast – www.blueboxpodcast.com •  VoIP Security Threat Taxonomy •  Best Practices Project underway now
  • 25. © 2010 VOIPSA and Owners as Marked www.voipsa.org/Resources/tools.php © 2010 VOIPSA and Owners as Marked
  • 26. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked
  • 27. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked •  VoIP Security Alliance - http://www.voipsa.org/ – Threat Taxonomy - http://www.voipsa.org/Activities/taxonomy.php – VOIPSEC email list - http://www.voipsa.org/VOIPSEC/ – Weblog - http://www.voipsa.org/blog/ – Security Tools list - http://www.voipsa.org/Resources/tools.php – Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com •  NIST SP800-58, “Security Considerations for VoIP Systems” –  http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf •  Network Security Tools –  http://sectools.org/ •  Hacking Exposed VoIP site and tools –  http://www.hackingvoip.com/ •  Seven Deadliest Unified Communications Attacks –  http://www.7ducattacks.com/
  • 28. © 2010 VOIPSA and Owners as Marked© 2010 VOIPSA and Owners as Marked VoIP can be more secure than the PSTN if it is properly deployed.
  • 29. www.voipsa.org Dan York - dan.york@voipsa.org