CanSecWest Vancouver 2011

Site menu:

Register | Conference | Dojo | Speakers | Agenda | Past Events | Hotel & Travel | Contact

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

Course: Voice over IP (VoIP) Security

Instructor
Nicolas Fischbach

Register For This Course

Description

You think you know what VoIP really is, and moreover you can say what the real security risks are and how to mitigate them ? Then this course isn't for you :)

We'll first go through the basics: signaling protocols (SIP, H.323, MGCP, H.248), the media stream side (RTP, CODECs, etc) and how voice really works on the telco side.

Then we'll discuss what a full VoIP architecture looks like (on the carrier and the entreprise side): devices it's made of, protocols, operating systems and applications, etc. This will provide the students with the basics on the IMS core, Session Border Controllers, VoIP firewalls, Applications Servers and web front-ends.

Once the scene is set, we'll discuss the architecture's security: attack vs defense, what's exposed and at risk, how to secure it (is encryption of signaling and/or media really the answer ?), etc. How do Skype, ZRTP, and other protocols fit into the overall picture. What problem do they solve and which risks do they introduce ?

On the practical side of things, we'll play with a sniffer, listen into signaling and media, analyze the exchanges, etc. i.e. learn how VoIP "really" works. We will also use some of the VoIP "hacking" tools, to show you what they are good at and what kind of vulnerabilities they really expose.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Prerequisites

• Laptop with an Ethernet NIC and working network
• Either Win32 or Linux (or MacOS, but don't expect me to help if something isn't working properly :)
• Wireshark (Ethereal), version 0.99.4 or higher
• Counterpath X-Lite Free, version 3.0 or higher
• A headset (without mike is fine if you have one integrated)

Sponsors:

More Information:

Sponsorship Information | Valid XHTML | Valid CSS

Wise words:

"Sen Sen No Waza - to strike the opponent after he has formed the intention to attack and has committed to a specific motion."

Copyright © dragostech.com inc. All Rights Reserved.