Unified Communication - Security Secrets and Solutions (2nd edition)

    Mark Collier and David Endler

    Published by

    McGraw Hill

    ISBN

    9780071798761

    RRP

    £32.99

    Reviewed by

    Jim McGhie CEng MBCS CITP

    Score

    9 out of 10

    Unified Communications (UC) is regarded as the next step in fully integrating voice telephony with other communications methods and business processes. With the advent of unified communications, businesses will be exposed to a multitude of threats, many of which they are not even aware of yet.

    As with any form of new technology solution there are issues to consider and be addressed. At the forefront of these is the need to employ effective security measures.

    This publication is one of a number of ‘Hacking Exposed’ topics the authors have written in the past few years. Mark Collier and David Endler are recognised leaders in the field of IT security.

    The book is split into four stand-alone parts. Each part is sufficiently self-contained to be read on its own. Part I starts by considering Voice over IP targets and threats, along with foot printing, scanning and network enumerating techniques. Using real-life examples it is set out in a manner reminiscent of how a thief could ‘case’ a property before breaking in.

    Part II moves on to consider what are regarded as the most common group of attacks on applications, namely toll fraud, Telephony Denial of Service (TDoS), voice spam, call spoofing and phishing.

    Part III deals with the various network attacks that can target a business’s communications, rather than just the telephone system per se. The anonymity offered by the internet makes it easy for a skilled hacker to intercept sessions, impersonate, eavesdrop on calls, redirect messages, track call patterns and scan personal data. A resolute hacker could launch network-based DoS attacks in order to bring the entire organisation to a standstill.

    Finally, Part IV considers direct attacks on the signalling protocol of a UC network. When voice services use the same communications paths as other data serving the business it can provide determined hackers the opportunity for even deeper penetration of the organisation, putting all of an organisation’s information at risk.  

    Individual threats to security move from minor disruptions of individual voice calls up to invasions of privacy, where accessing, financial data, customer information and possibly even trade secrets become real threats. This is where hackers can do the most damage to the business operation as a whole.

    The book contains numerous illustrative examples, explanatory text, screen shots, as well as code snippets, and explains practical security tools that can be deployed. Identified risks are rated on a ten-point scale based on three attributes: popularity, simplicity and impact. An overall rating of each risk is then derived from the mean of the three values.

    I consider the book to be essential for any security professional needing to assess exploitable vulnerabilities in an UC eco system, as well as a must-have book for UC network owners. I award the book nine out of ten in terms of its readability and value for money.

    Further information: MCGraw Hill

    June 2014