Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Practical VoIP Security", Thomas Porter et al

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKPVOIPS.RVW 2060602 Practical VoIP Security , Thomas Porter et al, 2006, 1-59749-060-1, U$49.95/C$69.95 %A Thomas Porter %C 800 Hingham Street,
    Message 1 of 1 , Jul 3, 2006
      BKPVOIPS.RVW 2060602

      "Practical VoIP Security", Thomas Porter et al, 2006, 1-59749-060-1,
      %A Thomas Porter
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2006
      %G 1-59749-060-1
      %I Syngress Media, Inc.
      %O U$49.95/C$69.95 781-681-5151 fax: 781-681-3585 amy@...
      %O http://www.amazon.com/exec/obidos/ASIN/1597490601/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1597490601/robsladesin03-20
      %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 563 p.
      %T "Practical VoIP Security"

      VoIP (Voice over Internet Protocol) is something of the new kid on the
      technology block, and computer folks may have limited experience with
      telephony. It therefore seems a bit strange that chapter one, as an
      introduction to VoIP security, starts out by talking about computer
      security and attacks. However, the structure of the book is rather
      odd in any case. The basics of telephony, and the Public Switched
      Telephone Network (PSTN), are not covered until chapter four. Even
      then, while there is some useful trivia, most of the content is a list
      of telephony protocols. Chapter three covers some of the basic
      hardware and element information, discussing PBX (Private Branch
      eXchange) systems, VoIP components, and even power supplies. That
      material, in turn, would be helpful to those who try to understand
      chapter two, which is supposed to be about the Asterisk PBX software
      package. Although the text purports to deal with configuration and
      features of Asterisk, most of the section's content covers PBX
      operations and functions, dial plans, telephony numbering plans, and
      even a terse piece on the vital aspect of circuit versus packet

      With chapter five, the book moves into some of the specifics of VoIP,
      discussing H.323, a protocol to specify data formats that is used
      extensively in commercial IP telephony products. SIP, the Session
      Initiation Protocol (used to negotiate interactive sessions over the
      net), gets a more detailed treatment (along with examination of
      related protocols) in chapter six. Other IP telephony architectures
      are briefly listed in chapter seven: the very popular Skype, H.248,
      IAX (Inter Asterisk eXchange), and Microsoft's Live Communications
      Server 2005 (MLCS). Diverse protocols used in support of VoIP are
      discussed in chapter eight. Most of these are commonly used in other
      Internet applications: some; such as RSVP (Resource reSerVation
      Protocol), SDP (Session Description Protocol), and Skinny; are more
      specialized. All the listed protocols have some review of security
      implications, which marks the first time in the book that security
      seems to be a major issue.

      Chapter nine examines specific threats and attacks, mostly related to
      denial of service and hijacking. Securing the infrastructure used for
      VoIP is important, although the material in chapter ten is fairly
      standard information security. Chapter eleven reviews a number of
      ordinary authentication tools that are frequently used in VoIP.
      "Active Security Monitoring," in chapter twelve, is the traditional
      intrusion detection and penetration testing, and has nothing specific
      to IP telephony applications. Similarly, chapter thirteen examines
      normal traffic management and LAN segregation issues: the only
      telephony related content is in regard to VoIP aware firewalls. The
      IETF (Internet Engineering Task Force) has recommended certain
      existing security protocols in regard to IP telephony, and one
      addition (SRTP, Secure Real-time Transfer Protocol): these are
      outlined in chapter fourteen. Chapter fifteen lists various (United
      States) data security related regulations and the European Union
      privacy directive. The IP Multimedia Subsystem (IMS) structure is
      reviewed in chapter sixteen. Chapter seventeen repeats the
      recommendations made in chapters ten through fourteen.

      It is handy to have a number of the issues related to VoIP addressed
      in one work. There is some depth to the content of the text as well,
      and those dealing with system internals may find that useful.
      However, for those who need to manage or make policy or purchasing
      decisions in regard to VoIP, this book may not have the forcefulness
      of complete analysis, or a structure that would assist in learning the
      background. While there is a considerable amount of helpful
      information, it reads more like an accumulation of miscellaneous facts
      than a directed study.

      copyright Robert M. Slade, 2006 BKPVOIPS.RVW 2060602

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Do I dare/Disturb the universe?
      `The Love Song of J. Alfred Prufrock,' T. S. Eliot
      Dictionary Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.