CHANNELS

Subscribe to the InfoTech eNewsletter

infoTECH News

TMCNet:  SecureLogix CTO Releases Second Edition of Landmark Security Book,

[March 04, 2014]

SecureLogix CTO Releases Second Edition of Landmark Security Book, "Hacking Exposed: Unified Communications & VoIP"

SAN ANTONIO --(Business Wire)--

SecureLogix today announced that the second edition of CTO Mark Collier's landmark book, "Hacking ExposedTM: Unified Communications & Voice Over IP Security Secrets and Solutions, Second Edition," has just been published by McGraw-Hill and is now available. Editor's Note: View video interview with author, Mark Collier, here: http://youtu.be/4Nmsop8UNos.

This new edition to the Hacking ExposedTM network security book series focuses on "voice" or unified communication (UC) application security issues, with real-life scenarios of current attacks on enterprise networks, along with detailed recommendations for preventing these attacks. At least half of the material for this revised edition is entirely new and reflects the evolution of UC and VoIP security threats, with an emphasis on real-world attacks affecting enterprise networks. The remaining material was heavily revised to reflect changes since the previous edition.

UC and VoIP security threats have evolved, with the primary issue being the increased threat of malicious calls from the Public Voice Network (PVN). Attacks are easy to create, through the use of free PBX software such as Asterisk, calling number spoofing, call generators, and call origination through the Session Initiation Protocol (News - Alert) (SIP). Attackers can easily create "robocalls," used for Telephony Denial of Service (TDoS), harassing calls such as voice SPAM, new forms of toll fraud and service abuse, voice phishing or vishing, and social engineering for the purposes of financial fraud.

Subject matter covered in the book include

  • Foot printing
  • Scanning
  • Enumeration required to plan for attacks
  • Attacks against UC and VoIP networks to include eavesdropping
  • Infrastructure DoS
  • Man-In-The-Middle (MITM) attacks
  • Attacks unique to Cisco Systems (News - Alert)
    • Application level attacks such as SIP and RTP fuzzing
    • Flooding
    • Manipulation

The book also includes a survey of issues with emerging technologies such as Microsoft (News - Alert) Lync, other forms of communications, Over-The-Top (OTT) softphones, Cloud, new UC deployment models, and WebRTC.

"The Public Voice Network has become much more hostile and both enabled new attacks and made traditional voice attacks easier and cheaper to execute. While UC and VoIP add much new vulnerability, what they primarily do is allow the same attacks occurring in the past much more prevalent and disruptive," commented Collier. "This includes attacks such as TDoS, which were never practical in the past, but are now rapidly increasing. The Public Voice Network will continue to get more and more hostile, eventually merging with the Internet. The attacks described in this book have a financial incentive behind them and can be expected to become more and more disruptive to enterprises."

Insights and Guidelines from The Voice of Authority in UC and VoIP Security

Owning this book is like having published author, acclaimed speaker and renowned UC and VoIP expert Mark Collier guide you through the steps of designing, deploying, and securing enterprise UC systems.

If you're part of the IT staff responsible for enterprise voice systems and contact centers, you will also greatly benefit from Mark's in-depth experience and expertise in helping you understand how most attacks occur and what to do to mitigate them.

Mark provides you with all the helpful tips and best practices that include attack/counter measures, risk ratings, case studies, self-assessment tips, and check lists, all to help you take these strategies into action. This book is a must-read for security practitioners and information security professionals who are required to guard against the newest, most severe, and threatening attacks out there today.

Review Copies Available

Members of the media who are interested in a review copy, should reach out to Katherine Casares - kcasares@securelogix.com

The New York Times recently cited SecureLogix in an article, citing the pervasiveness of what it called Internet-inspired fraud tactics that try to use telephone calls to dupe millions of people or to overwhelm switchboards for essential public services, causing deep concern among law enforcement and other groups.

About Mark Collier

In his role as CTO and Vice President of Engineering at SecureLogix, Mark Collier leads hardware and software product engineering, development, testing and manufacturing. Mark has been performing research into UC and VoIP security for over 15 years. He leads the definition of the SecureLogix UC and VoIP security system which mitigates many of the attacks described in the book, and is a co-author of SecureLogix Annual State of Voice/UC Security Report. Prior to joining SecureLogix, Mark was with the Southwest Research Institute for 14 years, where he contributed to and managed software research and development projects in the network security field. He holds a B.S. degree in Computer Science from St. Mary's University. Mark publishes on his site: VoIPSecurityBlog.com, and is a frequent speaker at many industry trade shows and conferences on the subject of voice security.

About SecureLogix

SecureLogix, a Gartner designated "Cool Vendor," is the leader in enterprise voice/UC policy enforcement and ROI intelligence. SecureLogix 7th generation solutions enable customers to save money through securing and optimizing UC/Voice networks, allowing cost efficient and confident migration to SIP Trunking and Unified Communications (News - Alert). SecureLogix solutions are currently protecting and managing over five-and-a-half million enterprise phone lines. For more information, visit SecureLogix on the Web at www.securelogix.com and www.voipsecurityblog.com.

Reader Contact Information

SecureLogix Corporation (News - Alert), 13750 San Pedro, Suite 820, San Antonio, Texas, 78232, 210-402-9669, fax 210-402-6996, info@securelogix.com, www.securelogix.com.

© Copyright 2014 SecureLogix Corporation. All Rights Reserved. ETM, TeleWatch Secure, TWSA, We See Your Voice, SecureLogix, SecureLogix Corporation, the SecureLogix Emblem and the SecureLogix Diamond Emblem are trademarks and/or service marks or registered trademarks and/or service marks of SecureLogix Corporation in the U.S.A. and other countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.

SecureLogix technologies are protected by one or more of the following patents: US 6,226,372 B1, US 6,249,575 B1, US 6,320,948 B1, US 6,687,353 B1, US 6,718,024 B1, US 6,760,420 B2, US 6,760,421 B2, US 6,879,671 B1, US 7,133,511 B2, US 7,231,027 B2, US 7,440,558 B2, US 8,150,013 B2, CA 2,354,149, DE 1,415,459 B1, FR 1,415,459 B1, and GB 1,415,459 B1.

Recommended Social Tags: Internet Security, Voice Security, Hacking, IP Communications, VoIP, VoIP Security, TDOS, Unified Communications, Telecom Fraud


[ InfoTech Spotlight's Homepage ]


blog comments powered by Disqus

FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter