Unified Communications Forensics: Anatomy of Common UC Attacks
By Nicholas Mr. Grant and Joseph II Shaw
4/5
()
About this ebook
Unified Communications Forensics: Anatomy of Common UC Attacks is the first book to explain the issues and vulnerabilities and demonstrate the attacks, forensic artifacts, and countermeasures required to establish a secure (UC) environment.
This book is written by leading UC experts Nicholas Grant and Joseph W. Shaw II and provides material never before found on the market, including:
• analysis of forensic artifacts in common UC attacks
• an in-depth look at established UC technologies and attack exploits
• hands-on understanding of UC attack vectors and associated countermeasures
• companion website http://secvoip.com giving readers access to the most up-to-date information on UC attacks.
- Provides key information for hackers and pen testers on the most current Unified Communications implementations
- The only book to explore and demonstrate how to work with digital artifacts from attacks within the UC environment
- Deals with UC security from multiple angles—less about theory and more about hands-on threat defense and forensics
Nicholas Mr. Grant
Nicholas Grant is an information security professional with over ten years of experience within the industry. He holds a CISSP and has an M.S. in Management of Information Systems Security from Colorado Technical Institute. He works as a Vulnerability Manager for a large financial institution and is a professor, teaching Bachelor’s and Associate-level courses at a nationally accredited university.
Related to Unified Communications Forensics
Related ebooks
Securing Social Media in the Enterprise Rating: 0 out of 5 stars0 ratingsImplementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsSeven Deadliest Social Network Attacks Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5Cloud Storage Forensics Rating: 4 out of 5 stars4/5Seven Deadliest Wireless Technologies Attacks Rating: 0 out of 5 stars0 ratingsHands-on Incident Response and Digital Forensics Rating: 0 out of 5 stars0 ratingsMalware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization Rating: 1 out of 5 stars1/5Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats Rating: 3 out of 5 stars3/5Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols Rating: 5 out of 5 stars5/5Placing the Suspect Behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects Rating: 0 out of 5 stars0 ratingsDigital Forensics: Threatscape and Best Practices Rating: 0 out of 5 stars0 ratingsBuilding a Digital Forensic Laboratory: Establishing and Managing a Successful Facility Rating: 3 out of 5 stars3/5Botnets: The Killer Web Applications Rating: 5 out of 5 stars5/5Managing Information Security Rating: 0 out of 5 stars0 ratingsInvestigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace Rating: 0 out of 5 stars0 ratingsAttribution of Advanced Persistent Threats: How to Identify the Actors Behind Cyber-Espionage Rating: 5 out of 5 stars5/5Combating Spyware in the Enterprise: Discover, Detect, and Eradicate the Internet's Greatest Threat Rating: 4 out of 5 stars4/5Nmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsProfessional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab Rating: 4 out of 5 stars4/5Data Breach Preparation and Response: Breaches are Certain, Impact is Not Rating: 0 out of 5 stars0 ratingsCybercrime Case Presentation: An Excerpt from Placing The Suspect Behind The Keyboard Rating: 0 out of 5 stars0 ratingsOffensive Security A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsDigital Forensics A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsForensic Analysis A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsAVIEN Malware Defense Guide for the Enterprise Rating: 0 out of 5 stars0 ratingsCyber Threat Hunting A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsContemporary Digital Forensic Investigations of Cloud and Mobile Applications Rating: 0 out of 5 stars0 ratingsMalware Detection Second Edition Rating: 0 out of 5 stars0 ratings
Information Technology For You
How to Write Effective Emails at Work Rating: 4 out of 5 stars4/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Summary of Super-Intelligence From Nick Bostrom Rating: 5 out of 5 stars5/5An Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5How To Use Chatgpt: Using Chatgpt To Make Money Online Has Never Been This Simple Rating: 0 out of 5 stars0 ratingsHandbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Computer Science: A Concise Introduction Rating: 4 out of 5 stars4/5CompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratingsChatGPT: The Future of Intelligent Conversation Rating: 4 out of 5 stars4/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Panda3d 1.7 Game Developer's Cookbook Rating: 0 out of 5 stars0 ratingsSupercommunicator: Explaining the Complicated So Anyone Can Understand Rating: 3 out of 5 stars3/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsHow to Find a Wolf in Siberia (or, How to Troubleshoot Almost Anything) Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Health Informatics: Practical Guide Rating: 0 out of 5 stars0 ratingsCompTIA ITF+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam FC0-U61 Rating: 0 out of 5 stars0 ratingsWindows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Visual Studio Code for Python Programmers Rating: 0 out of 5 stars0 ratingsBeginner's Guide to Information Security Rating: 0 out of 5 stars0 ratingsData Governance For Dummies Rating: 0 out of 5 stars0 ratingsEleventh Hour Linux+: Exam XK0-003 Study Guide Rating: 4 out of 5 stars4/5Data Analytics for Beginners: Introduction to Data Analytics Rating: 4 out of 5 stars4/5AWS Certified Cloud Practitioner: Study Guide with Practice Questions and Labs Rating: 5 out of 5 stars5/5The Programmer's Brain: What every programmer needs to know about cognition Rating: 5 out of 5 stars5/5Information Security Best Practices: 205 Basic Rules Rating: 0 out of 5 stars0 ratings
Reviews for Unified Communications Forensics
1 rating0 reviews
Book preview
Unified Communications Forensics - Nicholas Mr. Grant
1
A Brief Introduction
Abstract
This chapter is an introduction to VoIP and Network Forensics.
Keywords
VoIP; Social engineering; Forensics; VoIP attacks; Voice over IP; VoIP PenTesting; Phishing; Vishing; SMishing; SPIT; Caller ID spoofing; Social engineering
Introduction to Unified Communications
Protocols
Signaling
Media Session
An Introduction to Network Forensics
Network Forensics and Analysis Tools
Bro
Nftracker
Snort
Tcpdump
Tcpxtract
Wireshark
Xplico System
Security Onion: All the Tools Rolled into One
Introduction to Unified Communications
Communication is a key part of our everyday lives. Today, we communicate in ways that were not possible for the average consumer just 15 years ago. Currently, there are multiple media by which communication can take place, from telephony to email to instant messaging to video conferencing. Since the first call was made on the telephone in 1876, improvements have been made on the utilization and transport of the human voice from one location to another. However, to provide lower costs and enhanced features, VoIP has been on almost everyone’s radar. However, as the voice and data networks continue to converge, there is a serious need to understand the technology and attack vectors and means to protect company sensitive information within this bleeding edge technology.
In this chapter, we discuss the primary protocols utilized for VoIP: SIP, H.323, and RTP. Additionally, we have a brief introduction to forensics and how it can be utilized within the VoIP environment.
Protocols
At the heart of VoIP, there are several key components that are required as part of the call build-up and teardown. The first of these is the protocols. VoIP protocols can be broken down into two main areas, signaling and media session. Let’s take a look at these at a high level and discuss some of the various protocols.
Signaling
Signaling is utilized for the buildup and teardown of the call. To look at this from a very basic simple point of view, this is where we are dialing the party we which to reach. There are two common protocols that are utilized for VoIP: SIP and H.323. Let’s take a look at these two protocols.
SIP is one of the most commonly utilized signaling protocols within the market. SIP stands for Session Initiation Protocol. It is utilized for the creation, modification, and termination of calls within the VoIP environment. It is a client-server protocol, in that it uses a request-response format, as we will see later. The SIP Header is 32 bits and holds information such as version, source and destination address. Let’s look at a graphical representation of the header (Figure 1.1).
Figure 1.1 SIP header format.
Now that we have seen what the header looks like, let’s review the SIP Dataflow. First, the caller sends an invite to the SIP Proxy, which then relays the call, either to the SIP proxy of the party we are calling or directly to the called party. Then, if the caller is available, it sends a Ringing command back to the caller. Once the called party answers the call, an OK command is sent back to the caller. This is where the SIP protocol, for the time being, stops for the most part.
Once the caller or called party terminates the call, or hangs up, a BYE command is sent to the callers.
SIP is also utilized for registration of VoIP endpoints. The endpoint sends a REGISTER request to the registrar or SIP proxy. The registrar or SIP proxy then validates the endpoint’s credentials. If the credentials are correct, the device registers with the system. If it is not authorized or the credentials are incorrect, it sends back an UNAUTHORIZED, and the device is unable to connect. Below we have examples of this call