Search This Blog

Thursday, July 14, 2005

VoIP books and white papers


NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
07/14/05
Today's focus: VoIP books and white papers

Dear security.world@gmail.com,

In this issue:

* VoIP security resources
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Nokia
Increase efficiency through enhanced mobility!

On-demand access - whenever and wherever. Mobilize in a way that
is secure, reliable and manageable. Learn how to implement a
secure enterprise mobility strategy. Get access to white
papers, case studies, webcast and more!
http://www.fattail.com/redir/redirect.asp?CID=107508
_______________________________________________________________
Experience Innovation at DEMOfall

Join the industry's most influential leaders September 19-21 at
the Hyatt Huntington Beach for DEMOfall 2005 - two days of
dynamic presentations showcasing the latest and most exciting
innovations in the world of technology. Get a first look at all
the hottest trends, and network with powerful journalists,
analysts, and VCs. Register now!
http://www.fattail.com/redir/redirect.asp?CID=107882
_______________________________________________________________

Today's focus: VoIP books and white papers

By M. E. Kabay

In my last column, I introduced a major document reviewing VoIP
security published by the National Institute of Standards and
Technology. In this column, I am presenting additional resources
for those of you interested in deepening your knowledge of VoIP
or in finding resources for teaching others about VoIP security.

Textbooks

* In _Voice over IP Fundamentals_ Jonathan Davidson, James
  Peters and Brian Gracely provide an overview of VoIP in a single
  short text dating back a few years.
   <http://www.amazon.com/exec/obidos/ASIN/1578701686/fusion0e/>

Similar overviews:

* Scott Keagy's _Integrating Voice and Data Networks: Practical
  solutions for the world of packetized voice over data networks_
   <http://www.amazon.com/exec/obidos/ASIN/1578701961/fusion0e/>

* Mark A. Miller's _Voice over IP Technologies: Building the
  Converged Network_
   <http://www.amazon.com/exec/obidos/ASIN/0764549073/fusion0e/>

* Gonzalo Camarillo's _SIP Demystified_ is a short text about
  Session Initiation Protocol (SIP), one of the major techniques
  used in VoIP. Chapters 4 (fundamentals of the protocol), 5
  (examples of how SIP works), and 6 (security) are the core of
  the book.
   <http://www.amazon.com/exec/obidos/ASIN/0071373403/fusion0e/>

White Papers

* "Vulnerabilities and Security Limitations of current IP
  Telephony Systems" is a 2001 paper by Ralf Ackermann, Markus
  Schumacher, Utz Roedig and Ralf Steinmetz that discussed "the
  theoretical background of certain vulnerabilities, testing and
  attacking tools" and found significant vulnerabilities in many
  VoIP technologies.
   <http://tinyurl.com/8pxya>

* A white paper by Jason Halpern of Cisco discusses security of
  VoIP in the context of Cisco's SAFE framework. The author
  begins, "This paper provides best-practice information to
  interested parties for designing and implementing secure IP
  telephony networks utilizing elements of the SAFE blueprints.
  All SAFE white papers are available at the SAFE Web site:
  <http://www.cisco.com/go/safe> These documents were written to
  provide best-practice information on network security and VPN
  designs."
   <http://tinyurl.com/dtf2h>

* Another Cisco white paper extends this framework to what the
  company calls "Integrated Network Security for Cisco IP
  Communications" and which "will provide comprehensive security
  with system-level protection, integrity, and privacy through
  tighter integration with the security capabilities of the data
  network."
   <http://tinyurl.com/cwgqm>

* A 10-page white paper from Vitel Software offers some
  practical advice on protocols, hardware, and monitoring as
  useful tools in securing VoIP.
   <http://tinyurl.com/dgf9n>

* Tom Long and Brian Boyter wrote very nice descriptions of
  sniffing attacks on VoIP and several countermeasures as part of
  their work for the GIAC Security Essentials Certification (GSEC)
  and GIAC Certified Incident Handler (GCIH) certification,
  respectively.
  Long's "Eavesdropping an IP Telephony Call":
   <http://tinyurl.com/86yo5>
  Boyter's "Voice-over-IP Sniffing Attack":
   <http://tinyurl.com/bm9bn>

* Mark Collier's "The Value of VoIP Security" has excellent
  recommendations for securing VoIP which are worth quoting
  directly here:
  - Use some form of host-based intrusion detection to detect
  attacks.
  - Deploy a voice-optimized firewall to protect the IP PBX from
  attackers on the LAN and Internet.
  - Build a switched network. This not only improves performance,
  but also makes it more difficult for an attacker to access end
  points.
  - Make use of VLANs to help segregate traffic.
  - Secure all networking components, including switches, routers,
  etc.
  - For campus VoIP, configure Internet firewalls and other
  security systems to prevent VoIP from entering or leaving the
  internal network.
  - Limit the number of calls traveling over the WAN to the media
  gateway or any shared resource that could be overloaded by a DoS
  attack.
  - Consider additional firewalls and security products to control
  or monitor traffic on the network.
   <http://tinyurl.com/dbmak>

* Frank Echezabal wrote a nine-page paper for the GIAC Security
  Essentials Certification (GSEC) on VoIP Security that provides a
  succinct summary of the issues:
   <http://tinyurl.com/dxo7w>

* Andrew Molitor of Aravox Technologies wrote a couple of short
  white papers with helpful information about firewalls for VoIP
  systems:
  "Deploying a Dynamic Voice over IP Firewall with IP Telephony
  Applications":
  <http://tinyurl.com/8tp2c>
  "Securing VoIP Networks with Specific Techniques, Comprehensive
  Policies and VoIP-Capable Firewalls":
   <http://tinyurl.com/86vr4>

In my next column, I will examine in more detail an excellent
exposition of threats to VoIP from an Austrian student's
master's thesis. For a sneak peek see:
<http://tinyurl.com/bfzez>

RELATED EDITORIAL LINKS

Users bank on managed security services
Network World, 07/11/05
http://www.networkworld.com/nlsec3280

All eyes on security management
Network World, 07/11/05
http://www.networkworld.com/news/2005/071105-sim.html?rl
_______________________________________________________________
To contact: M. E. Kabay

M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.

A Master's degree in the management of information assurance in
18 months of study online from a real university - see
<http://www.msia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by Nokia
Increase efficiency through enhanced mobility!

On-demand access - whenever and wherever. Mobilize in a way that
is secure, reliable and manageable. Learn how to implement a
secure enterprise mobility strategy. Get access to white
papers, case studies, webcast and more!
http://www.fattail.com/redir/redirect.asp?CID=107507
_______________________________________________________________
ARCHIVE LINKS

Archive of the Security newsletter:
http://www.networkworld.com/newsletters/sec/index.html

Security Research Center:
http://www.networkworld.com/topics/security.html

Instant sign-up for Security News Alert:
http://www.networkworld.com/isusecna

Instant sign-up for Virus & Bug Patch Alert:
http://www.networkworld.com/isubug
_______________________________________________________________
FEATURED READER RESOURCE
THE ROI OF VOIP

When it comes to VoIP, most network managers are satisfied that
the technology works. But there are questions: What will the new
technology cost to roll out and support, and what benefits can
companies expect to reap? Check out NW's step-by-step guide on
how to determine the true cost and benefits of VoIP. Click here:
<http://www.networkworld.com/research/2005/071105-voip.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)