summersale2015 Hier klicken Jetzt Mitglied werden Liebeserklärung Cloud Drive Photos SonyRX100 Learn More Dyson DC52 gratis Zubehör Fire HD 6 Shop Kindle Sparpaket SummerSale

An Ihren Kindle oder ein anderes Gerät senden


Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Keine Abbildung vorhanden

Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, Second Edition [Kindle Edition]

Mark Collier , David Endler

Kindle-Preis: EUR 34,53 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

  • Länge: 531 Seiten
  • Sprache: Englisch
  • Aufgrund der Dateigröße dauert der Download dieses Buchs möglicherweise länger.
  • Sie haben noch keinen Kindle? Hier kaufen oder mit einer unserer kostenlosen Kindle Lese-Apps sofort zu lesen anfangen.
Kostenlose Kindle-Leseanwendung Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.

Geben Sie Ihre E-Mail-Adresse oder Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 34,53  
Taschenbuch EUR 46,04  

Kunden, die diesen Artikel gekauft haben, kauften auch

Seite von Zum Anfang
Diese Einkaufsfunktion wird weiterhin Artikel laden. Um aus diesem Karussell zu navigieren, benutzen Sie bitte Ihre Überschrift-Tastenkombination, um zur nächsten oder vorherigen Überschrift zu navigieren.



The latest techniques for averting UC disaster

Establish a holistic security stance by learning to view your unified communications infrastructure through the eyes of the nefarious cyber-criminal. Hacking Exposed Unified Communications & VoIP, Second Edition offers thoroughly expanded coverage of today’s rampant threats alongside ready-to deploy countermeasures. Find out how to block TDoS, toll fraud, voice SPAM, voice social engineering and phishing, eavesdropping, and man-in-the-middle exploits. This comprehensive guide features all-new chapters, case studies, and examples.

  • See how hackers target vulnerable UC devices and entire networks
  • Defend against TDoS, toll fraud, and service abuse
  • Block calling number hacks and calling number spoofing
  • Thwart voice social engineering and phishing exploits
  • Employ voice spam mitigation products and filters
  • Fortify Cisco Unified Communications Manager
  • Use encryption to prevent eavesdropping and MITM attacks
  • Avoid injection of malicious audio, video, and media files
  • Use fuzzers to test and buttress your VoIP applications
  • Learn about emerging technologies such as Microsoft Lync, OTT UC, other forms of UC, and cloud and WebRTC

Über den Autor

Mark Collier, CTO for SecureLogix Corporation, is responsible for research and related intellectual property. He was with the Southwest Research Institute for 14 years, where he contributed to and managed software research and development projects in a wide variety of fields, including information warfare. Collier regularly teaches a six-day course on Unified Communications & VoIP Security for the SANS Institute. David Endler is the director of security research for 3Com's security division, TippingPoint. He founded an industry-wide group called the Voice over IP Security Alliance (VOIPSA) in 2005 ( David spent many years in cutting-edge security research roles with Xerox Corporation, the National Security Agency, and Massachusetts Institute of Technology. He is a frequent speaker at major industry conferences and has been quoted and featured in the Wall Street Journal, USA Today, BusinessWeek, Wired, the Washington Post, CNET, Tech TV, and CNN. David was named one of the Top 100 voices in IP Communications by IP Telephony magazine.


  • Format: Kindle Edition
  • Dateigröße: 78409 KB
  • Seitenzahl der Print-Ausgabe: 560 Seiten
  • Verlag: McGraw-Hill Education; Auflage: 2 (20. Dezember 2013)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Word Wise: Nicht aktiviert
  • Erweiterte Schriftfunktion: Aktiviert
  • Amazon Bestseller-Rang: #475.346 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Mehr über die Autoren

Entdecken Sie Bücher, lesen Sie über Autoren und mehr


Es gibt noch keine Kundenrezensionen auf
5 Sterne
4 Sterne
3 Sterne
2 Sterne
1 Sterne
Die hilfreichsten Kundenrezensionen auf (beta) 5.0 von 5 Sternen  8 Rezensionen
3 von 3 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen What you don't know about UC and VoIP security CAN hurt you - my review 3. April 2014
Von Jon Arnold - Veröffentlicht auf
Having followed VoIP as an Industry Analyst since 2001, I have seen a few cycles come and go, and now that Unified Communications is the next big thing, the transition from legacy telephony is almost complete. When businesses adopt VoIP, whether they know it or not, UC will be the next step for fully integrating voice with other communications modes as well as business processes. This opens up lots of opportunities to better leverage investments in IT, and from there enable employees to collaborate more effectively and improve their personal productivity.

UC comes with a hefty product promise, but when it delivers, the results can truly be transformational. However, as with any form of new technology, there are many risks to consider. The most obvious is performance risk, whereby the technology is properly implemented, but for whatever reason, the expected benefits don’t materialize.

Less obvious is a whole class of risk related to IT security. In the course of my ongoing research to help vendors with their business strategy and go-to-market plans, I am acutely aware of what this entails. I recently authored a White Paper on this topic, with the main message being that these risks are poorly understood by enterprises. More importantly, in the absence of taking the right security measures with UC, my research concludes that businesses will be vulnerable to a multitude of threats, many of which they are not even aware of.

After coming across this book, I was very happy to see that I’m not alone in voicing these concerns. The authors, Mark Collier and David Endler, are true thought leaders in the IT security space, with this book being the most recent in a series of Hacking Exposed books they have been writing for years. Their analysis is quite technical and granular, but there are plenty of valuable insights for business-level decision makers. I’m just going to give you the high level takeaways here, and hopefully that’s enough for you to determine if you need the full treatment.

Before providing my summary, it’s important to approach VoIP security from the right perspective. Viewing it from where IT sits is too after-the-fact; by the time you discover a breach, the damage has already been done. It’s much better to go on the offensive, and look at the topic from a hacker’s point of view. That’s exactly how the authors have laid out the book, and it’s akin to how a burglar would size up a house before breaking in.

Part I is titled “Casing the Establishment”, and this is what a hacker does with your network. The various chapters in this section outline the process, starting with an overview of new technologies such as the cloud and SIP trunking, and how they create vulnerabilities for the network. From there, the analysis moves on to the various techniques hackers use to “footprint” the network and scan for weak points of entry such as the IP PBX. So far, this doesn’t sound very insidious, but once this work is done, things can escalate very quickly.

Attacks usually start with VoIP, especially where calls are being routed over the public Internet. Some of these threats are known to legacy phone systems, while others are completely rooted in the IP world. Part II breaks down the most common applications-based attacks, including toll fraud, Telephony Denial of Service (TDoS), voice spam, call spoofing and phishing. Toll fraud can be a costly breach, but most of these attacks are simply annoying and mildly disruptive. If this was the extent of your risk exposure, there probably isn’t too much to be worried about.

This book wouldn’t be over 500 pages long if the story ended there, but it’s really just the beginning. Part III takes things to the next level by explaining the various attacks that target your network rather than the phone system. Now your UC platform can be exploited for more serious breaches such as privacy attacks and session modification in the form of man-in-the-middle attacks. The Internet may be a very efficient network for moving around packets, but it’s also natively anonymous. This makes it easy for a skilled hacker to intercept sessions and do things like impersonate others, eavesdrop on calls, redirect messages, track call patterns, and skim personal data. On a broader level, they can readily launch network-based DoS attacks, and bring your entire operation to a standstill.

The last section, Part IV goes into greater depth by examining attacks on the signaling protocol of your network. This is the real nerve center for IT and where hackers can do the most damage, not just to the network but the business operations as a whole. Voice may seem like an unlikely risk factor, but with VoIP, telephony becomes another data application. This means that it traverses the same streams as your business data, and once hackers are in this deep, all of your information is at risk. Now the threats escalate from minor telephony disruptions to privacy incursions, and finally to exploiting trade secrets, financial data, customer information, etc.

Across the book’s 17 chapters, the various examples are broken down in great detail, with an easy-to-follow mix of narrative and diagrams. For the lay reader, the authors complement this by summarizing each attack with a Risk Rating analysis. They do this by rating each attack on a 10 point scale for three attributes. First is “Popularity” – how common the attack is. Next is “Simplicity”, which measures how much skill is needed by the hacker for the attack. Third is “Impact” – basically, how damaging the attack would be if successful. Then, they take a simple mean of the three ratings and that tells you the overall risk rating for each attack. It’s simple but effective.

To conclude, if the content is too dense and you just want to know what you really need to focus on, fast forward to Chapter 17. This is my favorite part of the book, and is closest to what I see in my everyday research. Titled Emerging Technologies, the analysis goes beyond the security issues related to VoIP and UC in their commonly-used forms.

Things are changing so fast in IT, and it’s simply not enough to define security risk around these applications. New layers are being added all the time, and in this chapter, several are addressed that you surely must be wondering about. Prime examples include WebRTC, Microsoft Lync, the impact of over-the-top applications (OTT), smart phones and BYOD, video, the cloud and the shape-shifting world of social media. There is plenty here to keep you up at night, and if you’re ready to tackle IT security head-on, this book is an excellent resource to ensure your company gets full value from VoIP and UC.
2 von 2 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Valuable UC tools and defense mitigations 10. März 2014
Von Jason Ostrom - Veröffentlicht auf
This book is essential for any security professional wishing to assess exploitable vulnerabilities in a UC infrastructure. It is a must have book for UC network owners. The book explains practical security tools with screen shots and code snippets. It also explains the defensive security protection controls that can be applied by UC network/application owners in order to manage the risks. In particular, I really enjoyed how the authors explained some of the real attacks taking place which gave greater context to explaining the tools and defense. The TDoS section will be valuable to many.
2 von 2 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen This book is a next generation VoIP hacking guide from beginners to experts. 11. Februar 2014
Von Fatih Ozavci - Veröffentlicht auf
Format:Kindle Edition
Many security professionals see the only one face of the VoIP security; such as denial of service attacks, voice spam, exploiting the service software, eavesdropping or service level vulnerabilities, not all of them. This book covers all the important topics of the VoIP security with a good brief and real life examples. Description of the vulnerabilities are very clear to beginners, also experts will find detailed usage of the vulnerabilities at same sections. Furthermore, it helps to create a modern security checklist for VoIP testing as well.

Denial of service attacks are an increasing threat for the VoIP systems. Hacking Exposed UC explains many vectors of these attacks as well. Telephony DOS, voice spamming, voice phishing, infrastructure based DOS attacks and useful tools to test these vulnerabilities are described in depth. Moreover, this book helps to understand Unified Communications systems and their infrastructure. You can find UC related different attack vectors, new security testing tools, service level vulnerabilities and network analysis in it.

As a summary, this book will help you to understand and improve the security of your VoIP/UC systems. It contains new security checklists for IT auditors, new testing tools for security engineers and remediations for VoIP specialists. You should keep this book close if you’re interested in with the VoIP/UC systems.
2 von 2 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen "The Book" for UC/VOIP and IT Security professionals and learners 4. Februar 2014
Von CP Slaby - Veröffentlicht auf
This is the 2nd edition of the Collier/Endler original pioneering work published in 2007. After 6-7 years of constant technology progress, this edition is a welcome update bringing it up to date. The major extensions in the content (which is reflected in the slightly modified title of the book) go from the VoIP communication security issues (originally pioneered by companies such as VoIPshield Systems and Sipera at the time) towards all types of real-time communication over IP networks such as voice, video, messaging, presence, etc. These modalities are collectively referred to as Unified Communications (US) in today's industry parlance.

The book is an exhaustive and detailed textbook style exploration of security issues related to UC/VoIP. It's very much hands on and lends itself to self-learning or a classroom training. There are numerous examples, pieces of code, and illustrations which make reading and studying enjoyable for technical readers.

Many of the UC/VoIP specific security issues require some familiarity with telecommunication networks with their somewhat arcane and obscure industry know-how. For that reason historically they were not well known among most of the IT security professionals. This book helps to fill that gap in knowledge.

With the growing importance of securing real-time communication on IP networks, overall, this book is a very much welcome update destined to become the classic text in this field.
2 von 2 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Defacto MUST HAVE VoIP Security Book PERIOD 18. Dezember 2013
Von Jesus Oquendo - Veröffentlicht auf
Hacking VoIP barely describes this book however, "How to Save Yourself Thousands, While Securiing Your VoIP Infrastructure, by Learning How to Hack VoIP" is too long. There is only so many good things to say about this book.

Hacking VoIP is one of those rare books you WILL keep around for reference time and time again. If you're in the VoIP business, it will likely save you a lot of time, money, and headaches as the book illustrates the mechanisms that attackers use to compromise IP phone systems. My current employer is a Managed Services Provider, where ITSP (Internet Telephony Service Provider) is one of our realms. I wish I would have had this version of the book years ago as I would have saved thousands.

Now to be fair about the above statement: "Saving thousands" feel free to Google me up under the terms: "VoIP" and "Fraud." I have been around the block for some time and I cannot emphasize the statement: "It will save you time, money, and headaches..."

Subject matter is broken down easily for the beginner, right up to the experienced reader. My biggest qualm was where would I classify this book: someone looking to certify? (CCVP, etc.), someone looking to learn, someone in the industry? There are a lot of benefits for anyone dealing with VoIP in any capacity. I look at the book as an investment in the VoIP infrastructure. It is money well spent.

Again, whether you're a penetration tester, someone performing incident response or forensics with relevance to VoIP, someone studying the fundamentals of security with relevance to VoIP; you must have this book period.
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Erster Beitrag:
Eingabe des Log-ins

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen

Ähnliche Artikel finden