Seven Deadliest Unified Communications Attacks

Seven Deadliest Unified Communications Attacks, 1st Edition

Seven Deadliest Unified Communications Attacks, 1st Edition,Dan York,ISBN9781597495479






235 X 191

Know what you are up against; discover what the deadliest UC attacks are and how to defend against them!

Print Book + eBook

USD 31.14
USD 51.90

Buy both together and save 40%

Print Book


In Stock

Estimated Delivery Time
USD 26.95

eBook Overview

VST format:

DRM Free included formats: EPub, Mobi, PDF

USD 24.95
Add to Cart

Key Features

  • Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally
  • Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how
  • Institute countermeasures, don’t be caught defenseless again, and learn techniques to make your computer and network impenetrable


Seven Deadliest Unified Communications Attacks provides a comprehensive view of the seven deadliest attacks against a unified communications (UC) infrastructure. It looks at the intersection of the various communication technologies that make up UC, including Voice over IP (VoIP), instant message (IM), and other collaboration technologies. The book consists of seven chapters that cover the following: attacks against the UC ecosystem and UC endpoints; eavesdropping and modification attacks; control channel attacks; attacks on Session Initiation Protocol (SIP) trunks and public switched telephone network (PSTN) interconnection; attacks on identity; and attacks against distributed systems. Each chapter begins with an introduction to the threat along with some examples of the problem. This is followed by discussions of the anatomy, dangers, and future outlook of the threat as well as specific strategies on how to defend systems against the threat. The discussions of each threat are also organized around the themes of confidentiality, integrity, and availability.


Information security professionals of all levels; recreational hackers

Dan York

Dan York (CISSP) is the Best Practices Chair for the VOIP Security Alliance (VOIPSA) as well as the producer of "Blue Box: The VoIP Security Podcast" where since October 2005 he and co-host Jonathan Zar have discussed VOIP security news and interviewed people involved in the field. Dan is employed as the Director of Conversations at Voxeo Corporation heading up the company's communication through both traditional and new/social media. Previously, Dan served in Voxeo's Office of the CTO focused on analyzing/evaluating emerging technology, participating in industry standards bodies and addressing VoIP security issues. Since the mid-1980s Dan has been working with online communication technologies and helping businesses and organizations understand how to use and participate in those new media. Dan frequently presents at conferences, has authored multiple books on Linux and networking and writes extensively online at sites such as www.voipsa.org/blog and www.disruptivetelephony.com.

Affiliations and Expertise


Seven Deadliest Unified Communications Attacks, 1st Edition

Acknowledgments About the Author Introduction Chapter 1 The Unified Communications Ecosystem     Anatomy of Attacks against the UC Ecosystem     Dangers Associated with the UC Ecosystem          DoS/Availability          Toll Fraud          Exposure of Information     Future of Attacks against the UC Ecosystem          Social Software and Services          Public Versus Private Information          Federation          Mashups and APIs          It’s All about the Cloud          Bright Shiny Objects     How to Defend Your UC Ecosystem          Strategy #1: Identify All Ecosystem Components          Strategy #2: Develop Security Plans for All Components          Strategy #3: Engage in Holistic Ecosystem Testing     Summary Chapter 2 Insecure Endpoints     Anatomy of Attacks against UC Endpoints          General DoS Attacks          Finding Endpoints to Attack          Default Passwords          Hidden Accounts          Undocumented Services          Web Exploits          Protocol Fuzzing          Local Files     Dangers of Attacks on Endpoints          Denial of Service or Availability          Toll Fraud          Eavesdropping or Exposure of Information          Annoyance     The Future of Attacks against UC Endpoints          More Powerful Endpoints          Migration into Software          Commodity Operating Systems          Heterogeneous Deployments          Mobility          Massively Distributed Endpoints     How to Defend Your Endpoints          Strategy #1: Identify All Connected Endpoints          Strategy #2: Change Default Passwords!          Strategy #3: Turn off Unnecessary Services          Strategy #4: Develop Patch Plans for All Endpoints          Strategy #5: Understand How to Update and Secure Remote Endpoints     Summary Chapter 3 Eavesdropping and Modification     Anatomy of Eavesdropping and Modification Attacks          Getting between the Endpoints          Using Wireshark to Capture Voice          Using Wireshark to Capture IM Traffic          Capturing Audio, Video, and IM using Other Tools          Modification Attacks          Ettercap     Dangers of Eavesdropping and Modification Attacks          Exposure of Confidential Information          Business Disruption          Annoyance          Loss of Trust     The Future of Eavesdropping and Modification Attacks          Increasing Market Size          All-IP Enterprise Networks          Cloud and Hosted Systems          Federation between UC Systems          Continued Endpoint Distribution     How to Defend against Eavesdropping and Modification Attacks          Strategy #1: Encryption of Voice and Video          Strategy #2: Encryption of IM     Summary Chapter 4 Control Channel Attacks: Fuzzing, DoS, SPIT, and Toll Fraud     Anatomy of Control Channel Attacks          Eavesdropping Attacks          Modification Attacks          Denial-of-Service Attacks          Elevation of Authority or Password Cracking          Fuzzing          Spam for Internet Telephony     Dangers of Control Channel Attacks          Toll Fraud          Denial of Service          Exposure of Confidential Information          Patterns in Aggregation          Annoyance          Loss of Trust     Future of Control Channel Attacks          Integration with Social Networks and Services          PSTN Bypass     How to Defend against Control Channel Attacks          Strategy #1: Encrypting the Control Channel          Strategy #2: Limit and Secure Interconnection Points          Strategy #3: Use Strong Authentication          Strategy #4: Deploy SBCs or SIP-Aware Firewalls          Strategy #5: Auditing or Monitoring     Summary Chapter 5 SIP Trunking and PSTN Interconnection     Anatomy of Attacks on SIP Trunks and PSTN Interconnection          Understanding SIP Trunking          Attacks against SIP Trunking     Dangers of Attacks on SIP Trunks and PSTN Interconnection          Toll Fraud          DoS          Corporate Espionage/Exposure of Confidential Information          Modification          Spam for Internet Telephony     The Future of Attacks on SIP Trunks and PSTN Interconnection          Reasons for Growth          Increased Market Size          More ITSP Entrants with Few Cares about Security          Expansion of the PSTN Trust Boundary     How to Defend against Attacks on SIP Trunks and PSTN Interconnection          Strategy #1: Understand Your ITSP          Strategy #2: Establish a Secure Transport Layer          Strategy #3: Ensure Strong Authentication Is in Place          Strategy #4: Consider the Same Service Provider as Your Data/Internet Provider          Strategy #5: Establish a Business Continuity/DR Plan     Summary Chapter 6 Identity, Spoofing, and Vishing     Anatomy of Attacks on Identity          Caller ID Spoofing on the PSTN          Identity Modification at the Originating Endpoint          Identity Modification at Source System          Identity Modification in Transit          Vishing     Dangers of Attacks on Identity          Fraud          Identity Theft          Social Engineering          Reputation Damage          Annoyance          Erosion of Trust          Deceiving Automated Systems     The Future of Attacks on Identity          Interconnection and Federation          RFC 4474 SIP Identity and Whatever Comes Next          Social Identity Systems     How to Defend against Attacks on Identity          Strategy #1: Educate Your Users about Potential Threats and What Not to Trust          Strategy #2: Understand and Lock Down Holes that Allow Spoofing          Strategy #3: Evaluate Strong Identity Solutions          Strategy #4: Monitor and Participate in Ongoing Identity Discussions     Summary Chapter 7 The End of Geography     Anatomy of Attacks against Distributed Systems          Attacks against Remote Workers          Attacks against Branch Offices          Attacks against Distributed Systems          Attacks against Cloud-based Services          Attacks against Federation     Dangers of Attacks against Distributed Systems          DoS/Availability          Eavesdropping          Modification          Fraud     The Future of Attacks against Distributed Systems          Mobility          Social Networks          New Collaboration Technologies          Movement into the Cloud     Geography Does Matter     How to Defend against Attacks against Distributed Systems          Strategy #1: Deploy Secure Firewall Traversal Mechanisms          Strategy #2: Ensure Understanding of Security at Fixed Locations          Strategy #3: Understand Security Ramifications of Federation          Strategy #4: Ensure Secure Authentication          Strategy #5: Secure Your Connections to Services in the Cloud     Summary Index     

Quotes and reviews

York’s The Seven Deadliest Unified Communications Attacks mentioned in article on UnifiedCommunicationsEdge.com

Cyber Monday SALE Upto 50 Percent OFF | Use Code CYBER14
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy

Contact Us