Monthly Archives: November 2010

VoIP Honeypot GeoIP data

Hey, Jason Ostrom here.  In the spirit of some of the valuable information being shared on the rising trend of SIP scanning activity and toll fraud, I’ve created a Perl script that does GeoIP lookups of potential attackers, sorting them based on scanning activity and country origination.  The script is free to anyone, and currently only works with Asterisk logging for an Asterisk based VoIP Honeypot.  Feel free to re-use this script as you see fit.  The idea behind it is to quickly view hit counts and percentages of failure activity based on country codes using geolocation technology.  You can roll this script into your cron and see the number of hits and where they are coming from on a daily basis.  Details on how to install and use the script are here, and the script itself can be downloaded from the UCSniff downloads section.

Note that you can run the script in debug mode to lookup IP addresses based on city origination.  Hope this script helps you and let us know how it goes.

 

Slides: SIP, UC and Security Talk at ITEXPO in October 2010

Back on October 4, 2010, I spoke at Ingate Systems “SIP Trunking and Unified Communications” section of TMC’s ITEXPO event in Los Angeles. I gave an overall summary of issues around VoIP/UC security and then joined a large panel of others answering questions from the moderator and the audience. The slides I used are now available online from my SlideShare account:

ISC2 Blog on Security Issues

isc2.jpgGiven that I hold a CISSP certification, I naturally remain connected to the Information Systems Security Certification Consortium (ISC2) organization in order to maintain my credentials. I hadn’t paid much attention to the actual website for a while and only recently noted that there is a ISC2 blog and it’s been updated periodically for a while now:

http://blog.isc2.org/

Some of you may find it a useful resource. The ISC2 also is on Twitter, of course. 🙂


If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.


Sipera Systems Relaunches Their Online Presence

Sipera Systems Inc. | Unified Communications Unleashed - Security for IP PBXs, SIP Trunks, VoIP remote users, IMS & UMA-1.jpgWhile I wouldn’t normally write about simply an updated website for a company, this particular company is Sipera Systems, one of the small number of companies focused pretty much entirely on VoIP security… er… “Unified Communications Security”. (And hey, “UC Security” sounds a whole lot better to say!)

Given that part of my regular work is working with web sites, I commend them on their new nice, clean look. They’ve also revamped their blog, as well.

Good to see, and I wish them continued success in this space.


If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.


Whither VOIPSA? (And How Are YOU Willing To Help?)

spyglass

Flickr credit: mhartford

What do you think “VOIPSA 2.0” should be? And perhaps more importantly, how are you willing to help?

As Dave Endler wrote in his post last week, five years ago the need for an organization like VOIPSA was very clear. As I’ve often said in my talks, at that time there were security vendors running around saying “VoIP is incredibly insecure… but if you buy our box/service/whatever you’ll be safe! Trust us!” And there were some communications vendors running around effectively saying “All those VoIP security concerns are overblown by paranoid security people… if you just buy our box/service/whatever you’ll be safe! Trust us!

The truth, as we know, is somewhere in between.

And that is the prime value that VOIPSA brings, in my opinion… being an “industry neutral” place were we can lay out that there are very real threats to IP communications security – but that there are also very real solutions.

Over the past 5 years, we’ve started that process with the VoIP Security Threat Taxonomy, the VoiP Security Tools List, the VOIPSEC mailing list, this Voice of VOIPSA blog, the talks and webinars we’ve given, the Ingate SIP Trunking Seminars we’ve participated in, the Blue Box podcasts we created – and so many other ways.

There is a great bit more to do. The original need that spawned VOIPSA is very much alive today. If anything, the need is greater as we’ve moved from being concerned not just with “Voice Over IP”, but even more with the broader “Unified Communications” picture that includes video, chat, presence and other forms of collaboration. The threats, the tools and the solutions all keep evolving.

We all owe Dave Endler a great amount of thanks for all the work he did to bring us together, launch VOIPSA and get it moving. I certainly wish him all the best with his new endeavors and I expect we’ll still see him lurking around watching what’s going on.

Jonathan Zar and I will be posting some thoughts soon on next steps for the organization, but in the meantime I thought I’d just write this post and let you all know that I’d very much like to hear from you all who are reading this. While not formally a “membership” organization (i.e. you can’t become a “member” of VOIPSA), we do have a “community” of people who read and participate in the various mailing lists and other areas.

To all of you who have participated in and/or promoted VOIPSA (or have wanted to do so), what would you like to see the organization do next? How would you like to help?

Please feel free to leave a comment here or send me an email. I’m listening.

The NSA’s Crypto Museum

Enigma Machine

I was interested last week to discover that the USA has its own Museum of Cryptography. The National Cryptologic Museum is run by the National Security Agency in Fort Meade, Maryland. Curiously, the building used to be a motel, quite literally in Fort Meade’s backyard, but was annexed by the NSA when it came up for sale.

Over the last few years I have been a regular visitor to our own British equivalent, Bletchley Park, which is both a cryptography museum and also houses a historical collection of computers. If you’re in the UK, or visiting (Bletchley is about an hour North of London), then I would highly recommend a visit. Bletchley Park is an estate with a victorian manor house, and during World War II it was the scene of operations of the UK’s codebreakers, including computer pioneer Alan Turing.

It sounds like Bletchley and the NSA’s museum have many things in common, both exhibiting the (in)famous German Enigma coding machine, and both having Cray supercomputers on display. I will certainly put the National Cryptologic Museum on my list of places to visit the next time I’m in the Washington area.