Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Securing VoIP Networks", Peter Thermos/Ari Takanen

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Securing VoIP Networks", Peter Thermos/Ari Takanen
Date: Mon, 05 Nov 2007 08:15:33 -0800 
BKSVOIPN.RVW   20070913

"Securing VoIP Networks", Peter Thermos/Ari Takanen, 2008,
0-321-43734-9, U$44.99/C$51.99
%A   Peter Thermos
%A   Ari Takanen
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2008
%G   978-0-321-43734-1 0-321-43734-9
%I   Addison-Wesley Publishing Co.
%O   U$44.99/C$51.99 fax: 416-443-0948 800-822-6339 bkexpress@aw.com
%O  http://www.amazon.com/exec/obidos/ASIN/0321437349/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0321437349/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321437349/robsladesin03-20
%O   Audience s- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   359 p.
%T   "Securing VoIP Networks"

The foreword and preface both stress that the principles used to
secure VoIP (Voice over Internet Protocol) systems are suitable for
any multimedia application over the Internet.  While this may be true
in terms of the technology, the perspective indicates that the authors
fail to recognize how many naive users are experimenting with the
technology, and managing their own systems.  The large number of
novices in this technology space is a major threat in itself.  It is a
truism that there are social controls for technical problems, but no
technical controls for social problems.  That Thermos and Takanen
disregard this situation is disturbing.

Chapter one is a generic overview of telephony and VoIP related
topics.  The discussion of security is also vague.  There is, for
example, mention of the difficulty of node identification, but no
follow up deliberation on resultant problems such as fraud.  VoIP
architectures and protocols are listed in chapter two.  A structure,
and the relationship of the protocols to each other, would have been
an improvement.  Threats are examined in chapter three: some
nebulously and others in excruciating detail.  Chapter four outlines
two lists of vulnerabilities, and then presents a taxonomy of VoIP
hazards based upon those previously presented.  There doesn't seem to
be much practical application to the material, although it may be of
interest to researchers.  Signalling protection mechanisms, listed in
chapter five, are primarily based on existing Internet encryption and
authentication protocols, except for the specialized subset of the
H.323 suite.  The Secure Real Time Protocol (SRTP) is outlined in
chapter six.  Chapter seven deals with key management, which is an
important issue in regard to almost all the security conventions
associated with VoIP.  General network security concerns are discussed
with some emphasis on VoIP in chapters eight and nine.  Chapter ten
examines overall Internet Service Provider (ISP) architectures in
terms of VoIP issues.  Chapter eleven revisits some topics from the
previous three chapters.

The text is turgid and verbose, and the use of idioms is often quite
clumsy and annoying.  While "Practical VoIP Security" (cf.
BKPVOIPS.RVW) is older, and the current work lists some of the more
recent protocols, it is difficult to say that Thermos and Takanen have
provided a more useful text.

copyright Robert M. Slade, 2007   BKSVOIPN.RVW   20070913


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
Puritanism: The haunting fear that someone, somewhere may be
happy.                                               - H. L. Mencken
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Securing VoIP Networks", Peter Thermos/Ari Takanen, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Date:  [CISSP-D] REVIEW: "Network Security Hacks", Andrew Lockart, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Thread:  [CISSP-D] REVIEW: "Network Security Hacks", Andrew Lockart, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]