Unified Communications Forensics

Authors: Nicholas Grant and Joseph Shaw
Pages: 156
Publisher: Syngress
ISBN: 1597499927


“Unified Communications is the integration of real-time communication services such as instant messaging, presence information, telephony (including IP telephony), video conferencing, data sharing, call control and speech recognition with non-real-time communication services such as unified messaging (integrated voicemail, e-mail, SMS and fax),” Wikipedia explains. This book concentrates on VoIP and the attacks leveraged against it.

About the authors

Nicholas Grant works as a vulnerability manager for a large financial institution, and is a professor at a nationally accredited university. His experience includes IT governance, security policy development, information assurance engineering, VoIP implementation, and penetration testing.

Joseph Shaw has been working in the information security industry for 18 years. He is now a consultant for a large worldwide professional services company, where he provides expertise in digital forensics. He is also a SANS Lethal Forensicator.

Inside the book

The book starts with an introduction to VoIP, its protocols, and network forensics and the tools most often used for network analysis. It also teaches you how to install Security Onion, the Linux installation that contains all of them and more, on a Virtual Machine.

Next, the authors delve directly into the common VoIP social engineering attacks such as vishing and SMishing, and Spam over IT. They have provided realistic scenarios for each, giving insight into how they usually go and into the motivations of the attackers. They point out that most of these attacks rely on compromising the human link of the security chain, and give some very good advice on best practices for setting up security awareness trainings for employees.

Typical VoIP implementation configuration flaws and mistakes are addressed next, and this chapter can serve as a checklist for those who are tasked with making sure everything is set up as it should be. The authors have again used the actions of an imaginary hacker as a way to show how a typical hacker would think when testing the ways to get in, and have shared best practices to avoid VoIP infrastructure misconfiguration.

VoIP signalling and session attacks are, naturally, also tackled, and these chapters are the best yet. With a ton of helpful diagrams, screenshots, code, and explanations devoid of superfluous clutter (something that I appreciate above all things in technical books), even someone like me who is not that knowledgeable about VoIP in general can easily follow the subject matter.

VoIP networks can be breached by leveraging a targeted social engineering attack, or employing exploits for present vulnerabilities (the authors make the hacker “go” through a few). VoIP’s Real-time Transport Protocol can also be used as a covert communication channel for data exfiltration and C&C of botnets.

Before ending up with a chapter that sums up all the best practices for VoIP implementation, the authors did a short one on digital forensics as it concerns this particular field.

Final thoughts

Despite being a relatively short book, it addresses a wide variety of issues. The authors have gone deep enough to make the book relevant, but haven’t lost themselves and their readers in unnecessary details.

There aren’t a lot of books out there that deal with UC attacks, so this is one will help you get a good overview of the matter, and teach you a thing or two (or ten) about protecting your VoIP installation.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss