[VOIPSEC] SANS paper on VoIP security

Craig craig at reswob.net
Tue Jan 8 16:05:27 EST 2008

First of all, I apologize if this paper has been posted to the list before.
For some reason, I don't get all the postings to the voipsec list and I
can't access the archives at the moment....

Anyway, the following blurb was included in the SANS NewsBites Vol. 10 Num.1
email newsletter last week.  I read the paper (it's 100+ pages) and I agree
that it is very good.  Mr Persky did a great job researching and writing.
One nit, he only references David Endler as the Author of Hacking Exposed
and it should be Mark Collier and David.  

VoIP Security Vulnerabilities
By David Persky with Joey Niem as the paper advisor.

This GIAC Gold gets off to a slow start, but hang in there. If you keep
hitting page down, I promise you will be rewarded by some serious nuggets.
Overall, great material, the author clearly knows what he is talking about.
Page 11 introduces the problem VoIP causes with perimeters. According to a
reference in the paper, 75% of the polled organizations plan to replace
their security appliance after implementing VoIP. On page 14, the author
introduces VoIP penetration testing and provides a reference to a company
that does this. The author then discusses general threats and architecture
issues. On page 24, things start to get really interesting. We see a GUI
interface for a Cisco VoIP phone and the Google search Persky used to find
it. I typed the search into Google and sure enough, Cisco phones started
appearing in my browser. We then learn how to do the same thing with the
Uniden UIP1868P VoIP phone. Next, we learn how to take advantage of
undocumented features in a Hitachi IP5000 VOIP WIFI Phone 1.5.6. On page 37,
Persky begins a list of tools that can be used to test the security of a
VoIP system. There are a number of pages that are required reading if you
run the popular Asterisk VoIP PBX. On page 85, we reach my favorite section
of the paper, a discussion on Skype. The author talks about vulnerabilities,
but there is also a great discussion on how to detect Skype and how that is
getting harder and harder to do. The final technical section is an in-depth
discussion on the Cisco IP phone. If you are running VoIP or plan to run
VoIP, or even believe you are NOT running VoIP, this is a valuable paper to
read. I give it two thumbs up!

Craig L. Bowser
AWG/S-6		Information Assurance Manager
301 - 833 - 5113
craig.bowser1 at us dot army dot mil
"Every election is a sort of advance auction sale of stolen goods." -- H. L.

More information about the Voipsec mailing list