 | | |
| Voice and Data Security | 
| Authors: David Dicenso, Dwayne Williams, Travis Good, Kevin Archer, Gregory White, Chuck Cothren, Roger Davis
Creator: Gregory B. White
Publisher: Sams
Category: Book
List Price: $49.99
Buy New: $2.99
You Save: $47.00 (94%)
Buy New/Used from $1.78
Avg. Customer Rating:  (2 reviews)
Sales Rank: 2355544
Media: Paperback
Edition: 1st
Number Of Items: 1
Pages: 504
Shipping Weight (lbs): 1.8
Dimensions (in): 9 x 7.3 x 1.1
ISBN: 0672321505
Dewey Decimal Number: 005.8
UPC: 652063321501
EAN: 9780672321504
ASIN: 0672321505
Publication Date: July 6, 2001
Availability: Usually ships in 1-2 business days
|
| Editorial Reviews:
Product Description
This book addresses a need in the computer technology market where there are no books covering security on Voice Over Internet Protocol (VoIP) and networks. There are many books about security, but none that deal in telephony technologies. Voice and Data Security will enable readers to: protect data networks from the most common threats; learn what security vulnerabilities currently exist in data networks become aware of the threats the telephone network poses to the data network; use updated information to protect the data network from the telephone network; useful ways to AVOID telephone network intrusions and attacks; and learn VoIP and the security implications of this transmission technique.
|
| Customer Reviews:
 Finally a book that addresses telephone security December 31, 2001
4 out of 4 found this review helpful
I am a senior engineer for network security operations. I read "Voice and Data Security" (VaDS) to learn more about vulnerabilities in the voice world. A search for "voice security" here yields four results, of which VaDS is the only in-print title. Although I would have preferred VaDS to focus solely on voice security issues, I still recommend it as the only modern published reference for this critical topic.
When reading VaDS, it's important to remember that all of the authors have some sort of relationship with San Antonio-based voice security company SecureLogix. That's ok, as Foundstone is the powerhouse behind the successful "Hacking Exposed" book series. Some parts of the book read like commercials for SecureLogix products like TeleSweep and TeleWall, but the authors largely focus on non-proprietary solutions to voice security.
VaDS is strongest when it speaks solely to voice security issues, and, to a lesser degree, network infrastructure. I learned quite a bit about tapping phones (ch. 11), voice mail abuse (ch. 14), and voice-data convergence (ch. 5). Chapters on broadband infrastructure and exploitation were helpful. Even though the final chapter seemed out of place, its intriguing coverage of cyber law kept my attention.
Less helpful were the chapters covering general security issues, such as cryptography (ch. 18), malware (ch. 19), sniffing (ch. 20), scanning (ch. 21), passwords (ch. 22), firewalls (ch. 23), IDS (ch. 24), and denial of service (ch. 26). This material is so well-covered elsewhere that its appearance did little to help VaDS distinguish itself. Chapter 27 was an exception, with its succinct discussions of popular Microsoft IIS web server vulnerabilities.
Aside from including well-worn material, VaDS suffered slightly from a few technical mistakes. Explanations of buffer overflows in chapter 4 needlessly associated them with TCP-based sessions. UDP-based buffer overflows are exploited regularly. The author of this chapter also seems to believe that buffer overflows are a problem because they overwrite "user ID and privilege information" on the stack. That's rarely the case; subverting return pointers is the problem. Chapters 8 and 15, describing voice protocols like H.323, were difficult to understand, and ch. 18 (p. 283) makes an unsubstantiated claim that "a well-known Mid-East terrorist was discovered to be using steganography." Typos on pp. 155-156 appeared, and port 443 was replaced by 444 on p. 69.
Overall, VaDS marks a welcome contribution to the information security community. I plan to include it in my tier two security analyst reading list, with recommendations to concentrate on its voice-related content. Hopefully the second edition will strip out the unnecessary network security coverage found elsewhere, and include more excellent explanations of voice security issues.
(Disclaimer: I received a free review copy from the publisher.)
 Good intro to the core ideas of voice and data security November 20, 2001
2 out of 2 found this review helpful
Not so long ago, the thought of running a corporate PBX on a client/server network was unthinkable, almost ludicrous. Now many companies have a VoIP (Voice Over IP) PBX via their Cisco routers. Some organizations have separate VON (Voice Over Network) systems. While the benefits of convergence are many, their security implications are often ignored or, when they are considered, are addressed too far along into the development process. That convergence is the focus of Voice and Data Security. About a third of the book addresses the fundamentals of voice and data security, covering topics such as cryptography, sniffing, and spoofing. The rest of the book deals with securing digital and voice assets. As an example, PBX and mail fraud are huge problems facing corporate America. Yet while most companies are aware of the situation, many organizations don't do all they can to secure their voice systems. This book contains an excellent policy and audit checklist on how to set up a corporate PBX policy. Items such as protection management, standards and procedures, technical safeguards, and incident response are discussed in the checklist, which alone is worth the cost of the book. A single unauthorized modem in a corporate network will undermine firewalls, cryptography, and all other protection mechanisms. Thus, the authors cover how war dialers and telephone line scanners can be used to ensure that the back doors that unauthorized corporate modems create are closed. Voice and Data Security is valuable to those needing a good introduction to the core ideas and security repercussions involved with the convergence of voice and data systems. It speaks volumes.
|
|
|
Powered by: Dknc, inc. and Amazon.com | | 
For your safety and security, orders are processed through amazon.com
|
|
|
|