Unified Communications Forensics: Anatomy of Common UC Attacks
By Nicholas Mr. Grant and Joseph II Shaw
4/5
()
About this ebook
Unified Communications Forensics: Anatomy of Common UC Attacks is the first book to explain the issues and vulnerabilities and demonstrate the attacks, forensic artifacts, and countermeasures required to establish a secure (UC) environment.
This book is written by leading UC experts Nicholas Grant and Joseph W. Shaw II and provides material never before found on the market, including:
• analysis of forensic artifacts in common UC attacks
• an in-depth look at established UC technologies and attack exploits
• hands-on understanding of UC attack vectors and associated countermeasures
• companion website http://secvoip.com giving readers access to the most up-to-date information on UC attacks.
- Provides key information for hackers and pen testers on the most current Unified Communications implementations
- The only book to explore and demonstrate how to work with digital artifacts from attacks within the UC environment
- Deals with UC security from multiple angles—less about theory and more about hands-on threat defense and forensics
Nicholas Mr. Grant
Nicholas Grant is an information security professional with over ten years of experience within the industry. He holds a CISSP and has an M.S. in Management of Information Systems Security from Colorado Technical Institute. He works as a Vulnerability Manager for a large financial institution and is a professor, teaching Bachelor’s and Associate-level courses at a nationally accredited university.
Related to Unified Communications Forensics
Related ebooks
Thor's Microsoft Security Bible: A Collection of Practical Security Techniques Rating: 0 out of 5 stars0 ratingsGIAC Certified Penetration Tester The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsPractical Digital Forensics Rating: 0 out of 5 stars0 ratingsSecurity Incident Response A Complete Guide Rating: 4 out of 5 stars4/5Digital Forensics A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsSecurity Management Program A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsForensic Analysis A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsVulnerability Assessment A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCyber Forensics A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCloud Security Compliance A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsVulnerability And Patch Management A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsGIAC Certified Forensics Examiner A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsIntrusion Detection Honeypots Rating: 3 out of 5 stars3/5Cyber Security Awareness A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCertified Ethical Hacker A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCertified Social Engineering Prevention Specialist A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsNetwork Forensics A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsSignals Intelligence A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsForensics And Incident Response A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsKali Linux Intrusion And Exploitation A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsBurp Suite A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCyber Security Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsPenetration Testing A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsOffensive Security A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCyber Security Risk Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsEC Council Certified Incident Handler A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsSecurity Intelligence A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsContemporary Digital Forensic Investigations of Cloud and Mobile Applications Rating: 0 out of 5 stars0 ratingsCybersecurity Charter Standard Requirements Rating: 0 out of 5 stars0 ratings
Information Technology For You
Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Inkscape Beginner’s Guide Rating: 5 out of 5 stars5/5Data Analytics for Beginners: Introduction to Data Analytics Rating: 4 out of 5 stars4/5Computer Science: A Concise Introduction Rating: 4 out of 5 stars4/5AWS Certified Cloud Practitioner: Study Guide with Practice Questions and Labs Rating: 5 out of 5 stars5/5How to Write Effective Emails at Work Rating: 4 out of 5 stars4/5Data Governance For Dummies Rating: 0 out of 5 stars0 ratingsSupercommunicator: Explaining the Complicated So Anyone Can Understand Rating: 3 out of 5 stars3/5The iPadOS 17: The Complete User Manual to Quick Set Up and Mastering the iPadOS 17 with New Features, Pictures, Tips, and Tricks Rating: 0 out of 5 stars0 ratingsHow To Use Chatgpt: Using Chatgpt To Make Money Online Has Never Been This Simple Rating: 0 out of 5 stars0 ratingsChatGPT: The Future of Intelligent Conversation Rating: 4 out of 5 stars4/5Health Informatics: Practical Guide Rating: 0 out of 5 stars0 ratingsCodeless Data Structures and Algorithms: Learn DSA Without Writing a Single Line of Code Rating: 0 out of 5 stars0 ratingsWindows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5CompTIA ITF+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsSpreadsheets To Cubes (Advanced Data Analytics for Small Medium Business): Data Science Rating: 0 out of 5 stars0 ratingsCompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratingsAn Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5HCISPP Study Guide Rating: 0 out of 5 stars0 ratingsCompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratingsHacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5A Mind at Play: How Claude Shannon Invented the Information Age Rating: 4 out of 5 stars4/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5Dissecting the Hack: The F0rb1dd3n Network, Revised Edition: The F0rb1dd3n Network Rating: 4 out of 5 stars4/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratings
Reviews for Unified Communications Forensics
1 rating0 reviews
Book preview
Unified Communications Forensics - Nicholas Mr. Grant
1
A Brief Introduction
Abstract
This chapter is an introduction to VoIP and Network Forensics.
Keywords
VoIP; Social engineering; Forensics; VoIP attacks; Voice over IP; VoIP PenTesting; Phishing; Vishing; SMishing; SPIT; Caller ID spoofing; Social engineering
Introduction to Unified Communications
Protocols
Signaling
Media Session
An Introduction to Network Forensics
Network Forensics and Analysis Tools
Bro
Nftracker
Snort
Tcpdump
Tcpxtract
Wireshark
Xplico System
Security Onion: All the Tools Rolled into One
Introduction to Unified Communications
Communication is a key part of our everyday lives. Today, we communicate in ways that were not possible for the average consumer just 15 years ago. Currently, there are multiple media by which communication can take place, from telephony to email to instant messaging to video conferencing. Since the first call was made on the telephone in 1876, improvements have been made on the utilization and transport of the human voice from one location to another. However, to provide lower costs and enhanced features, VoIP has been on almost everyone’s radar. However, as the voice and data networks continue to converge, there is a serious need to understand the technology and attack vectors and means to protect company sensitive information within this bleeding edge technology.
In this chapter, we discuss the primary protocols utilized for VoIP: SIP, H.323, and RTP. Additionally, we have a brief introduction to forensics and how it can be utilized within the VoIP environment.
Protocols
At the heart of VoIP, there are several key components that are required as part of the call build-up and teardown. The first of these is the protocols. VoIP protocols can be broken down into two main areas, signaling and media session. Let’s take a look at these at a high level and discuss some of the various protocols.
Signaling
Signaling is utilized for the buildup and teardown of the call. To look at this from a very basic simple point of view, this is where we are dialing the party we which to reach. There are two common protocols that are utilized for VoIP: SIP and H.323. Let’s take a look at these two protocols.
SIP is one of the most commonly utilized signaling protocols within the market. SIP stands for Session Initiation Protocol. It is utilized for the creation, modification, and termination of calls within the VoIP environment. It is a client-server protocol, in that it uses a request-response format, as we will see later. The SIP Header is 32 bits and holds information such as version, source and destination address. Let’s look at a graphical representation of the header (Figure 1.1).
Figure 1.1 SIP header format.
Now that we have seen what the header looks like, let’s review the SIP Dataflow. First, the caller sends an invite to the SIP Proxy, which then relays the call, either to the SIP proxy of the party we are calling or directly to the called party. Then, if the caller is available, it sends a Ringing command back to the caller. Once the called party answers the call, an OK command is sent back to the caller. This is where the SIP protocol, for the time being, stops for the most part.
Once the caller or called party terminates the call, or hangs up, a BYE command is sent to the callers.
SIP is also utilized for registration of VoIP endpoints. The endpoint sends a REGISTER request to the registrar or SIP proxy. The registrar or SIP proxy then validates the endpoint’s credentials. If the credentials are correct, the device registers with the system. If it is not authorized or the credentials are incorrect, it sends back an UNAUTHORIZED, and the device is unable to connect. Below we have examples of this call