5
1
Hardcover(1ST)
$123.00
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
123.0
In Stock
Overview
This authoritative and practical book offers a current and comprehensive understanding of VoIP (Voice over IP) security. Professionals learn how to design and implement secure VoIP networks and services, and how to integrate VoIP securely in existing data networks. The authors explain how IETF SIP and media security standards affect VoIP deployment, and how end-to-end encryption can be deployed to protect all VoIP calls. For readers unfamiliar with Internet security, the book explains security basics and attack types and methods and details all the key security aspects of data and VoIP systems and networks, including identity, authentication, signaling, and media encryption.
Product Details
ISBN-13: | 9781596930506 |
---|---|
Publisher: | Artech House, Incorporated |
Publication date: | 03/31/2006 |
Series: | Artech House Telecommunications Library |
Edition description: | 1ST |
Pages: | 288 |
Product dimensions: | 6.14(w) x 9.21(h) x 0.69(d) |
Table of Contents
Foreword | xiii | |
Acknowledgments | xvii | |
1 | Introduction | 1 |
1.1 | VoIP: A Green Field for Attackers | 2 |
1.2 | Why VoIP Security Is Important | 3 |
1.3 | The Audience for This Book | 4 |
1.4 | Organization | 4 |
2 | Basic Security Concepts: Cryptography | 7 |
2.1 | Introduction | 7 |
2.2 | Cryptography Fundamentals | 7 |
2.2.1 | Secret Key (Symmetric) Cryptography | 10 |
2.2.2 | Asymmetric (Public Key) Cryptography | 12 |
2.2.3 | Integrity Protection | 13 |
2.2.4 | Authenticated and Secure Key Exchange | 17 |
2.3 | Digital Certificates and Public Key Infrastructures | 20 |
2.3.1 | Certificate Assertions | 22 |
2.3.2 | Certificate Authorities | 24 |
References | 27 | |
3 | VoIP Systems | 29 |
3.1 | Introduction | 29 |
3.1.2 | VoIP Architectures | 29 |
3.2 | Components | 31 |
3.3 | Protocols | 32 |
3.3.1 | Session Initiation Protocol | 32 |
3.3.2 | Session Description Protocol | 39 |
3.3.3 | H.323 | 42 |
3.3.4 | Media Gateway Control Protocols | 44 |
3.3.5 | Real Time Transport Protocol | 46 |
3.3.6 | Proprietary Protocols | 46 |
3.4 | Security Analysis of SIP | 48 |
References | 49 | |
4 | Internet Threats and Attacks | 51 |
4.1 | Introduction | 51 |
4.2 | Attack Types | 51 |
4.2.1 | Denial of Service (DoS) | 51 |
4.2.2 | Man-in-the-Middle | 56 |
4.2.3 | Replay and Cut-and-Paste Attacks | 57 |
4.2.4 | Theft of Service | 58 |
4.2.5 | Eavesdropping | 59 |
4.2.6 | Impersonation | 60 |
4.2.7 | Poisoning Attacks (DNS and ARP) | 60 |
4.2.8 | Credential and Identity Theft | 61 |
4.2.9 | Redirection/Hijacking | 62 |
4.2.10 | Session Disruption | 63 |
4.3 | Attack Methods | 64 |
4.3.1 | Port Scans | 64 |
4.3.2 | Malicious Code | 65 |
4.3.3 | Buffer Overflow | 67 |
4.3.5 | Password Theft/Guessing | 69 |
4.3.6 | Tunneling | 69 |
4.3.7 | Bid Down | 69 |
4.4 | Summary | 70 |
References | 70 | |
5 | Internet Security Architectures | 73 |
5.1 | Introduction | 73 |
5.1.1 | Origins of Internet Security Terminology | 73 |
5.1.2 | Castle Building in the Virtual World | 74 |
5.2 | Security Policy | 75 |
5.3 | Risk, Threat, and Vulnerability Assessment | 77 |
5.4 | Implementing Security | 79 |
5.5 | Authentication | 80 |
5.6 | Authorization (Access Control) | 82 |
5.7 | Auditing | 82 |
5.8 | Monitoring and Logging | 84 |
5.9 | Policy Enforcement: Perimeter Security | 85 |
5.9.1 | Firewalls | 86 |
5.9.2 | Session Border Controller | 90 |
5.9.3 | Firewalls and VoIP | 92 |
5.10 | Network Address Translation | 93 |
5.11 | Intrusion Detection and Prevention | 95 |
5.12 | Honeypots and Honeynets | 97 |
5.13 | Conclusions | 97 |
References | 98 | |
6 | Security Protocols | 101 |
6.1 | Introduction | 101 |
6.2 | IP Security (IPSec) | 103 |
6.2.1 | Internet Key Exchange | 105 |
6.3 | Transport Layer Security (TLS) | 107 |
6.4 | Datagram Transport Layer Security (DTLS) | 111 |
6.5 | Secure Shell (SecSH, SSH) | 112 |
6.6 | Pretty Good Privacy (PGP) | 115 |
6.7 | DNS Security (DNSSEC) | 116 |
References | 119 | |
7 | General Client and Server Security Principles | 121 |
7.1 | Introduction | 121 |
7.2 | Physical Security | 122 |
7.3 | System Security | 122 |
7.3.1 | Server Security | 122 |
7.3.2 | Client OS Security | 124 |
7.4 | LAN Security | 126 |
7.4.1 | Policy-Based Network Admission | 127 |
7.4.2 | Endpoint Control | 128 |
7.4.3 | LAN Segmentation Strategies | 129 |
7.4.4 | LAN Segmentation and Defense in Depth | 130 |
7.5 | Secure Administration | 131 |
7.6 | Real-Time Monitoring of VoIP Activity | 132 |
7.7 | Federation Security | 132 |
7.8 | Summary | 132 |
References | 133 | |
8 | Authentication | 135 |
8.1 | Introduction | 135 |
8.2 | Port-Based Network Access Control (IEEE 802.1x) | 137 |
8.3 | Remote Authentication Dial-In User Service | 140 |
8.4 | Conclusions | 143 |
References | 143 | |
9 | Signaling Security | 145 |
9.1 | Introduction | 145 |
9.2 | SIP Signaling Security | 146 |
9.2.1 | Basic Authentication | 146 |
9.2.2 | Digest Authentication | 147 |
9.2.3 | Pretty Good Privacy | 152 |
9.2.4 | S/MIME | 153 |
9.2.5 | Transport Layer Security | 155 |
9.2.6 | Secure SIP | 159 |
9.3 | H.323 Signaling Security with H.235 | 160 |
References | 161 | |
10 | Media Security | 163 |
10.1 | Introduction | 163 |
10.2 | Secure RTP | 164 |
10.3 | Media Encryption Keying | 168 |
10.3.1 | Preshared Keys | 168 |
10.3.2 | Public Key Encryption | 169 |
10.3.3 | Authenticated Key Management and Exchange | 170 |
10.4 | Security Descriptions in SDP | 172 |
10.5 | Multimedia Internet Keying (MIKEY) | 173 |
10.5.1 | Generation of MIKEY Message by Initiator | 177 |
10.5.2 | Responder Processing of a MIKEY Message | 183 |
10.6 | Failure and Fallback Scenarios | 186 |
10.7 | Alternative Key Management Protocol-ZRTP | 188 |
10.8 | Future Work | 190 |
References | 190 | |
11 | Identity | 193 |
11.1 | Introduction | 193 |
11.2 | Names, Addresses, Numbers, and Communication | 193 |
11.2.1 | E.164 Telephone Numbers | 194 |
11.2.2 | Internet Names | 195 |
11.3 | Namespace Management in SIP | 196 |
11.3.1 | URI Authentication | 196 |
11.4 | Trust Domains for Asserted Identity | 199 |
11.5 | Interdomain SIP Identity | 202 |
11.5.1 | SIP Authenticated Identity Body (AIB) | 203 |
11.5.2 | Enhanced SIP Identity | 204 |
11.6 | SIP Certificates Service | 209 |
11.7 | Other Asserted Identity Methods | 217 |
11.7.1 | Secure Assertion Markup Language | 217 |
11.7.2 | Open Settlements Protocol and VoIP | 219 |
11.7.3 | H.323 Identity | 219 |
11.7.4 | Third Party Identity and Referred-By | 219 |
11.8 | Privacy | 220 |
References | 223 | |
12 | PSTN Gateway Security | 225 |
12.1 | Introduction | 225 |
12.2 | PSTN Security Model | 225 |
12.3 | Gateway Security | 227 |
12.3.1 | Gateway Security Architecture | 228 |
12.3.2 | Gateway Types | 229 |
12.3.3 | Gateways and Caller ID | 230 |
12.3.4 | Caller ID and Privacy | 231 |
12.3.5 | Gateway Decomposition | 231 |
12.3.6 | SIP/ISUP Interworking | 232 |
12.4 | Telephone Number Mapping in the DNS | 233 |
References | 236 | |
13 | Spam and Spit | 237 |
13.1 | Introduction | 237 |
13.2 | Is VoIP Spam Inevitable? | 238 |
13.3 | Technical Approaches to Combat E-Mail Spam | 240 |
13.3.1 | Filtering Spam Using Identity Information | 240 |
13.3.2 | Grey Listing | 241 |
13.3.3 | Challenge/Response (Sender Verification) | 242 |
13.3.4 | Distributed Checksum Filtering (DCF) | 242 |
13.3.5 | Content Filtering | 243 |
13.3.6 | Summary of Antispam Approaches | 243 |
13.4 | VoIP and Spit | 243 |
13.5 | Summary | 245 |
References | 246 | |
14 | Conclusions | 247 |
14.1 | Summary | 247 |
14.2 | VoIP Is Still New | 248 |
14.3 | VoIP Endpoints Are New | 248 |
14.4 | VoIP Standards Are Not Complete | 249 |
14.5 | Base VoIP Security on Best Current Security Practices for Data | 249 |
14.6 | VoIP Is a QoS-Sensitive Data Application | 250 |
14.7 | Merging Public and Private VoIP Services Will Be Problematic | 250 |
14.8 | Concluding Remarks | 251 |
Index | 255 |
From the B&N Reads Blog
Page 1 of