Discover millions of ebooks, audiobooks, and so much more with a free trial

Only $11.99/month after trial. Cancel anytime.

Unified Communications Forensics: Anatomy of Common UC Attacks
Unified Communications Forensics: Anatomy of Common UC Attacks
Unified Communications Forensics: Anatomy of Common UC Attacks
Ebook273 pages2 hours

Unified Communications Forensics: Anatomy of Common UC Attacks

Rating: 4 out of 5 stars

4/5

()

Read preview

About this ebook

Unified Communications Forensics: Anatomy of Common UC Attacks is the first book to explain the issues and vulnerabilities and demonstrate the attacks, forensic artifacts, and countermeasures required to establish a secure (UC) environment.

This book is written by leading UC experts Nicholas Grant and Joseph W. Shaw II and provides material never before found on the market, including:

• analysis of forensic artifacts in common UC attacks

• an in-depth look at established UC technologies and attack exploits

• hands-on understanding of UC attack vectors and associated countermeasures

• companion website http://secvoip.com giving readers access to the most up-to-date information on UC attacks.

  • Provides key information for hackers and pen testers on the most current Unified Communications implementations
  • The only book to explore and demonstrate how to work with digital artifacts from attacks within the UC environment
  • Deals with UC security from multiple angles—less about theory and more about hands-on threat defense and forensics
LanguageEnglish
Release dateOct 7, 2013
ISBN9780124046054
Unified Communications Forensics: Anatomy of Common UC Attacks
Author

Nicholas Mr. Grant

Nicholas Grant is an information security professional with over ten years of experience within the industry. He holds a CISSP and has an M.S. in Management of Information Systems Security from Colorado Technical Institute. He works as a Vulnerability Manager for a large financial institution and is a professor, teaching Bachelor’s and Associate-level courses at a nationally accredited university.

Related to Unified Communications Forensics

Related ebooks

Information Technology For You

View More

Related articles

Reviews for Unified Communications Forensics

Rating: 4 out of 5 stars
4/5

1 rating0 reviews

What did you think?

Tap to rate

Review must be at least 10 words

    Book preview

    Unified Communications Forensics - Nicholas Mr. Grant

    1

    A Brief Introduction

    Abstract

    This chapter is an introduction to VoIP and Network Forensics.

    Keywords

    VoIP; Social engineering; Forensics; VoIP attacks; Voice over IP; VoIP PenTesting; Phishing; Vishing; SMishing; SPIT; Caller ID spoofing; Social ­engineering

    Introduction to Unified Communications

    Protocols

    Signaling

    Media Session

    An Introduction to Network Forensics

    Network Forensics and Analysis Tools

    Bro

    Nftracker

    Snort

    Tcpdump

    Tcpxtract

    Wireshark

    Xplico System

    Security Onion: All the Tools Rolled into One

    Introduction to Unified Communications

    Communication is a key part of our everyday lives. Today, we communicate in ways that were not possible for the average consumer just 15 years ago. Currently, there are multiple media by which communication can take place, from telephony to email to instant messaging to video conferencing. Since the first call was made on the telephone in 1876, improvements have been made on the utilization and transport of the human voice from one location to another. However, to provide lower costs and enhanced features, VoIP has been on almost everyone’s radar. However, as the voice and data networks continue to converge, there is a serious need to understand the technology and attack vectors and means to protect company sensitive information within this bleeding edge technology.

    In this chapter, we discuss the primary protocols utilized for VoIP: SIP, H.323, and RTP. Additionally, we have a brief introduction to forensics and how it can be utilized within the VoIP environment.

    Protocols

    At the heart of VoIP, there are several key components that are required as part of the call build-up and teardown. The first of these is the protocols. VoIP protocols can be broken down into two main areas, signaling and media session. Let’s take a look at these at a high level and discuss some of the various protocols.

    Signaling

    Signaling is utilized for the buildup and teardown of the call. To look at this from a very basic simple point of view, this is where we are dialing the party we which to reach. There are two common protocols that are utilized for VoIP: SIP and H.323. Let’s take a look at these two protocols.

    SIP is one of the most commonly utilized signaling protocols within the market. SIP stands for Session Initiation Protocol. It is utilized for the creation, modification, and termination of calls within the VoIP environment. It is a client-server protocol, in that it uses a request-response format, as we will see later. The SIP Header is 32 bits and holds information such as version, source and destination address. Let’s look at a graphical representation of the header (Figure 1.1).

    Figure 1.1 SIP header format.

    Now that we have seen what the header looks like, let’s review the SIP Dataflow. First, the caller sends an invite to the SIP Proxy, which then relays the call, either to the SIP proxy of the party we are calling or directly to the called party. Then, if the caller is available, it sends a Ringing command back to the caller. Once the called party answers the call, an OK command is sent back to the caller. This is where the SIP protocol, for the time being, stops for the most part.

    Once the caller or called party terminates the call, or hangs up, a BYE command is sent to the callers.

    SIP is also utilized for registration of VoIP endpoints. The endpoint sends a REGISTER request to the registrar or SIP proxy. The registrar or SIP proxy then validates the endpoint’s credentials. If the credentials are correct, the device registers with the system. If it is not authorized or the credentials are incorrect, it sends back an UNAUTHORIZED, and the device is unable to connect. Below we have examples of this call

    Enjoying the preview?
    Page 1 of 1