et plus d'un million d'autres livres sont disponibles pour le Kindle d'Amazon. En savoir plus

Identifiez-vous pour activer la commande 1-Click.
en essayant gratuitement Amazon Premium pendant 30 jours. Votre inscription aura lieu lors du passage de la commande. En savoir plus.
Amazon Rachète votre article
Recevez un chèque-cadeau de EUR 7,84
Amazon Rachète cet article
Plus de choix
Vous l'avez déjà ? Vendez votre exemplaire ici
Désolé, cet article n'est pas disponible en
Image non disponible pour la
couleur :
Image non disponible

Commencez à lire Hacking Exposed Unified Communications & VoIP Security Se... sur votre Kindle en moins d'une minute.

Vous n'avez pas encore de Kindle ? Achetez-le ici ou téléchargez une application de lecture gratuite.

Hacking Exposed: Unified Communications & Voip Security Secrets & Solutions [Anglais] [Broché]

Mark Collier , David Endler

Prix : EUR 38,80 Livraison à EUR 0,01 En savoir plus.
  Tous les prix incluent la TVA
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Il ne reste plus que 1 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon. Emballage cadeau disponible.
Voulez-vous le faire livrer le mardi 2 septembre ? Choisissez la livraison en 1 jour ouvré sur votre bon de commande. En savoir plus.


Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 27,22  
Broché EUR 38,80  
Vendez cet article - Prix de rachat jusqu'à EUR 7,84
Vendez Hacking Exposed: Unified Communications & Voip Security Secrets & Solutions contre un chèque-cadeau d'une valeur pouvant aller jusqu'à EUR 7,84, que vous pourrez ensuite utiliser sur tout le site Les valeurs de rachat peuvent varier (voir les critères d'éligibilité des produits). En savoir plus sur notre programme de reprise Amazon Rachète.

Description de l'ouvrage

1 janvier 2014 Hacking Exposed

In-depth explanations of over a dozen ways that unified communications systems can be hacked and exactly how to protect them from attack, based wholly on actual real-world scenarios.

Hacking Exposed Unified Communications, Second Edition includes five all-new chapters, as well as massive updates throughout. The #1 threat to enterprise networks, toll fraud and service abuse, is the focus of one of the new chapters; other new chapters will cover harassing calls and TDoS, social engineering and information harvesting, Microsoft Lync server, and VoIP components and targets.

The Hacking Exposed brand is synonymous with practical, get-the-job-done tips for security practitioners. Threats to network security are more virulent today than ever before--Hacking Exposed Unified Communications, Second Edition is an essential read for information security professionals who must successfully troubleshoot the newest, toughest hacks ever seen.

  • Features five completely new chapters as well as thoroughly updated content throughout the book: new chapters on VoIP components and targets, toll fraud, social engineering, harassment, and Microsoft Lync server
  • Internationally recognized, the Hacking Exposed series has an accessible style and format with its original, bulletproof pedagogy that includes attack/countermeasures, risk ratings, case studies, self-assessment tips, check lists, and organizational strategies
  • Every case study in the book has been updated with the latest enterprise hacking scenarios
  • Specific, technical, and proven strategies to prevent, detect, and remediate common technology and architecture weaknesses and maintain tight security controls permanently
  • Access within a single volume to informed insights into core security issues across the leading Unified Communications technologies and architectures today

Offres spéciales et liens associés

Descriptions du produit

Biographie de l'auteur

Mark Collier, CTO for SecureLogix Corporation, is responsible for research and related intellectual property. He was with the Southwest Research Institute for 14 years, where he contributed to and managed software research and development projects in a wide variety of fields, including information warfare. Collier regularly teaches a six-day course on Unified Communications & VoIP Security for the SANS Institute.

David Endler is the director of security research for 3Com's security division, TippingPoint. He founded an industry-wide group called the Voice over IP Security Alliance (VOIPSA) in 2005 ( David spent many years in cutting-edge security research roles with Xerox Corporation, the National Security Agency, and Massachusetts Institute of Technology. He is a frequent speaker at major industry conferences and has been quoted and featured in the Wall Street Journal, USA Today, BusinessWeek, Wired, the Washington Post, CNET, Tech TV, and CNN. David was named one of the Top 100 voices in IP Communications by IP Telephony magazine.

Détails sur le produit

En savoir plus sur les auteurs

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Dans ce livre (En savoir plus)
Parcourir les pages échantillon
Couverture | Copyright | Table des matières | Extrait | Index
Rechercher dans ce livre:

Commentaires en ligne 

Il n'y a pas encore de commentaires clients sur
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles
Commentaires client les plus utiles sur (beta) 5.0 étoiles sur 5  7 commentaires
2 internautes sur 2 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 What you don't know about UC and VoIP security CAN hurt you - my review 3 avril 2014
Par Jon Arnold - Publié sur
Having followed VoIP as an Industry Analyst since 2001, I have seen a few cycles come and go, and now that Unified Communications is the next big thing, the transition from legacy telephony is almost complete. When businesses adopt VoIP, whether they know it or not, UC will be the next step for fully integrating voice with other communications modes as well as business processes. This opens up lots of opportunities to better leverage investments in IT, and from there enable employees to collaborate more effectively and improve their personal productivity.

UC comes with a hefty product promise, but when it delivers, the results can truly be transformational. However, as with any form of new technology, there are many risks to consider. The most obvious is performance risk, whereby the technology is properly implemented, but for whatever reason, the expected benefits don’t materialize.

Less obvious is a whole class of risk related to IT security. In the course of my ongoing research to help vendors with their business strategy and go-to-market plans, I am acutely aware of what this entails. I recently authored a White Paper on this topic, with the main message being that these risks are poorly understood by enterprises. More importantly, in the absence of taking the right security measures with UC, my research concludes that businesses will be vulnerable to a multitude of threats, many of which they are not even aware of.

After coming across this book, I was very happy to see that I’m not alone in voicing these concerns. The authors, Mark Collier and David Endler, are true thought leaders in the IT security space, with this book being the most recent in a series of Hacking Exposed books they have been writing for years. Their analysis is quite technical and granular, but there are plenty of valuable insights for business-level decision makers. I’m just going to give you the high level takeaways here, and hopefully that’s enough for you to determine if you need the full treatment.

Before providing my summary, it’s important to approach VoIP security from the right perspective. Viewing it from where IT sits is too after-the-fact; by the time you discover a breach, the damage has already been done. It’s much better to go on the offensive, and look at the topic from a hacker’s point of view. That’s exactly how the authors have laid out the book, and it’s akin to how a burglar would size up a house before breaking in.

Part I is titled “Casing the Establishment”, and this is what a hacker does with your network. The various chapters in this section outline the process, starting with an overview of new technologies such as the cloud and SIP trunking, and how they create vulnerabilities for the network. From there, the analysis moves on to the various techniques hackers use to “footprint” the network and scan for weak points of entry such as the IP PBX. So far, this doesn’t sound very insidious, but once this work is done, things can escalate very quickly.

Attacks usually start with VoIP, especially where calls are being routed over the public Internet. Some of these threats are known to legacy phone systems, while others are completely rooted in the IP world. Part II breaks down the most common applications-based attacks, including toll fraud, Telephony Denial of Service (TDoS), voice spam, call spoofing and phishing. Toll fraud can be a costly breach, but most of these attacks are simply annoying and mildly disruptive. If this was the extent of your risk exposure, there probably isn’t too much to be worried about.

This book wouldn’t be over 500 pages long if the story ended there, but it’s really just the beginning. Part III takes things to the next level by explaining the various attacks that target your network rather than the phone system. Now your UC platform can be exploited for more serious breaches such as privacy attacks and session modification in the form of man-in-the-middle attacks. The Internet may be a very efficient network for moving around packets, but it’s also natively anonymous. This makes it easy for a skilled hacker to intercept sessions and do things like impersonate others, eavesdrop on calls, redirect messages, track call patterns, and skim personal data. On a broader level, they can readily launch network-based DoS attacks, and bring your entire operation to a standstill.

The last section, Part IV goes into greater depth by examining attacks on the signaling protocol of your network. This is the real nerve center for IT and where hackers can do the most damage, not just to the network but the business operations as a whole. Voice may seem like an unlikely risk factor, but with VoIP, telephony becomes another data application. This means that it traverses the same streams as your business data, and once hackers are in this deep, all of your information is at risk. Now the threats escalate from minor telephony disruptions to privacy incursions, and finally to exploiting trade secrets, financial data, customer information, etc.

Across the book’s 17 chapters, the various examples are broken down in great detail, with an easy-to-follow mix of narrative and diagrams. For the lay reader, the authors complement this by summarizing each attack with a Risk Rating analysis. They do this by rating each attack on a 10 point scale for three attributes. First is “Popularity” – how common the attack is. Next is “Simplicity”, which measures how much skill is needed by the hacker for the attack. Third is “Impact” – basically, how damaging the attack would be if successful. Then, they take a simple mean of the three ratings and that tells you the overall risk rating for each attack. It’s simple but effective.

To conclude, if the content is too dense and you just want to know what you really need to focus on, fast forward to Chapter 17. This is my favorite part of the book, and is closest to what I see in my everyday research. Titled Emerging Technologies, the analysis goes beyond the security issues related to VoIP and UC in their commonly-used forms.

Things are changing so fast in IT, and it’s simply not enough to define security risk around these applications. New layers are being added all the time, and in this chapter, several are addressed that you surely must be wondering about. Prime examples include WebRTC, Microsoft Lync, the impact of over-the-top applications (OTT), smart phones and BYOD, video, the cloud and the shape-shifting world of social media. There is plenty here to keep you up at night, and if you’re ready to tackle IT security head-on, this book is an excellent resource to ensure your company gets full value from VoIP and UC.
2 internautes sur 2 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Valuable UC tools and defense mitigations 10 mars 2014
Par Jason Ostrom - Publié sur
This book is essential for any security professional wishing to assess exploitable vulnerabilities in a UC infrastructure. It is a must have book for UC network owners. The book explains practical security tools with screen shots and code snippets. It also explains the defensive security protection controls that can be applied by UC network/application owners in order to manage the risks. In particular, I really enjoyed how the authors explained some of the real attacks taking place which gave greater context to explaining the tools and defense. The TDoS section will be valuable to many.
2 internautes sur 2 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 This book is a next generation VoIP hacking guide from beginners to experts. 11 février 2014
Par Fatih Ozavci - Publié sur
Format:Format Kindle
Many security professionals see the only one face of the VoIP security; such as denial of service attacks, voice spam, exploiting the service software, eavesdropping or service level vulnerabilities, not all of them. This book covers all the important topics of the VoIP security with a good brief and real life examples. Description of the vulnerabilities are very clear to beginners, also experts will find detailed usage of the vulnerabilities at same sections. Furthermore, it helps to create a modern security checklist for VoIP testing as well.

Denial of service attacks are an increasing threat for the VoIP systems. Hacking Exposed UC explains many vectors of these attacks as well. Telephony DOS, voice spamming, voice phishing, infrastructure based DOS attacks and useful tools to test these vulnerabilities are described in depth. Moreover, this book helps to understand Unified Communications systems and their infrastructure. You can find UC related different attack vectors, new security testing tools, service level vulnerabilities and network analysis in it.

As a summary, this book will help you to understand and improve the security of your VoIP/UC systems. It contains new security checklists for IT auditors, new testing tools for security engineers and remediations for VoIP specialists. You should keep this book close if you’re interested in with the VoIP/UC systems.
2 internautes sur 2 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 "The Book" for UC/VOIP and IT Security professionals and learners 4 février 2014
Par CP Slaby - Publié sur
This is the 2nd edition of the Collier/Endler original pioneering work published in 2007. After 6-7 years of constant technology progress, this edition is a welcome update bringing it up to date. The major extensions in the content (which is reflected in the slightly modified title of the book) go from the VoIP communication security issues (originally pioneered by companies such as VoIPshield Systems and Sipera at the time) towards all types of real-time communication over IP networks such as voice, video, messaging, presence, etc. These modalities are collectively referred to as Unified Communications (US) in today's industry parlance.

The book is an exhaustive and detailed textbook style exploration of security issues related to UC/VoIP. It's very much hands on and lends itself to self-learning or a classroom training. There are numerous examples, pieces of code, and illustrations which make reading and studying enjoyable for technical readers.

Many of the UC/VoIP specific security issues require some familiarity with telecommunication networks with their somewhat arcane and obscure industry know-how. For that reason historically they were not well known among most of the IT security professionals. This book helps to fill that gap in knowledge.

With the growing importance of securing real-time communication on IP networks, overall, this book is a very much welcome update destined to become the classic text in this field.
2 internautes sur 2 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Defacto MUST HAVE VoIP Security Book PERIOD 18 décembre 2013
Par Jesus Oquendo - Publié sur
Hacking VoIP barely describes this book however, "How to Save Yourself Thousands, While Securiing Your VoIP Infrastructure, by Learning How to Hack VoIP" is too long. There is only so many good things to say about this book.

Hacking VoIP is one of those rare books you WILL keep around for reference time and time again. If you're in the VoIP business, it will likely save you a lot of time, money, and headaches as the book illustrates the mechanisms that attackers use to compromise IP phone systems. My current employer is a Managed Services Provider, where ITSP (Internet Telephony Service Provider) is one of our realms. I wish I would have had this version of the book years ago as I would have saved thousands.

Now to be fair about the above statement: "Saving thousands" feel free to Google me up under the terms: "VoIP" and "Fraud." I have been around the block for some time and I cannot emphasize the statement: "It will save you time, money, and headaches..."

Subject matter is broken down easily for the beginner, right up to the experienced reader. My biggest qualm was where would I classify this book: someone looking to certify? (CCVP, etc.), someone looking to learn, someone in the industry? There are a lot of benefits for anyone dealing with VoIP in any capacity. I look at the book as an investment in the VoIP infrastructure. It is money well spent.

Again, whether you're a penetration tester, someone performing incident response or forensics with relevance to VoIP, someone studying the fundamentals of security with relevance to VoIP; you must have this book period.
Ces commentaires ont-ils été utiles ?   Dites-le-nous

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Première publication:
Aller s'identifier

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon

Rechercher des articles similaires par rubrique


Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?