2012 Symposium - São Paulo

VoIP Security

Hands On Training

Friday — March 30th, 2012 09:00

Considering the growing number of organizations that has adopted VoIP technology in their phone systems and the increase of security incidents involving these infrastructures, this course aims to familiarize students with major security concerns related to VoIP infrastructures and the major threats that these infrastructures are exposed, as well as existing mechanisms to make these environments safer.

The course will address techniques used by miscreants ranging from hide and/or change the origin of a call, to problems related to information leakage through the so-called "digital eavesdropping."

Content

Intro & Review
- VoIP: Architecture and Protocols
- VoIP: Common Threats
Vulnerability Assessement
- Information gathering
- Authentication flaws
- Call Manipulation & Eavesdropping
- (T)DoS
- SPIT
Risk Analisys
- Toll Fraud
- Information leakage
- Service Unavailability
Mitigations and Countermeasures
- Servers/Service Hardening
- VPN's and VLAN's
- Encryption (signaling and media)

Students will need

a laptop with:
- at least 4GB RAM
- at least 30GB free disk space
- at least VMWare Player 3.0 installed (or newest version)

Reminder - VoIP Security hands-on requirements

Bring a headset microphone, some labs will need this. A simple headset will work fine;
Check version of your VMWare player, if you have one installed. All labs require VMWare Player 3.1 or newer;
The total disk space needed for VM's is around 15Gb, but it's recommended to have at least 20GB
We'll provide a DVD with all VM's, support programs and course material, so don't worry about download the material;
Make sure that your laptop can run 3 VM's simultaneously, if you have at least a 2Ghz CPU (32bit or 64bit) and 3GB of RAM you won't have problems;

Presenters

André Ricardo Landim (CAIS/RNP)
Frederico R. C. Costa (CAIS/RNP — Information Security Coordinator at CAIS/RNP, BR)