Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: Data and Voice Security by Gregory B. White, David Dicenso, Dwayne Williams, Travis Good, Kevin Archer, Gregory White, Chuck Cothren, Roger Davis ISBN: 0-672-32150-5 Publisher: SAMS Pub. Date: 06 July, 2001 Format: Paperback Volumes: 1 List Price(USD): $49.99 |
Average Customer Rating: 3.5 (2 reviews)
Rating: 4
Summary: Finally a book that addresses telephone security
Comment: I am a senior engineer for network security operations. I read "Voice and Data Security" (VaDS) to learn more about vulnerabilities in the voice world. A search for "voice security" here yields four results, of which VaDS is the only in-print title. Although I would have preferred VaDS to focus solely on voice security issues, I still recommend it as the only modern published reference for this critical topic.
When reading VaDS, it's important to remember that all of the authors have some sort of relationship with San Antonio-based voice security company SecureLogix. That's ok, as Foundstone is the powerhouse behind the successful "Hacking Exposed" book series. Some parts of the book read like commercials for SecureLogix products like TeleSweep and TeleWall, but the authors largely focus on non-proprietary solutions to voice security.
VaDS is strongest when it speaks solely to voice security issues, and, to a lesser degree, network infrastructure. I learned quite a bit about tapping phones (ch. 11), voice mail abuse (ch. 14), and voice-data convergence (ch. 5). Chapters on broadband infrastructure and exploitation were helpful. Even though the final chapter seemed out of place, its intriguing coverage of cyber law kept my attention.
Less helpful were the chapters covering general security issues, such as cryptography (ch. 18), malware (ch. 19), sniffing (ch. 20), scanning (ch. 21), passwords (ch. 22), firewalls (ch. 23), IDS (ch. 24), and denial of service (ch. 26). This material is so well-covered elsewhere that its appearance did little to help VaDS distinguish itself. Chapter 27 was an exception, with its succinct discussions of popular Microsoft IIS web server vulnerabilities.
Aside from including well-worn material, VaDS suffered slightly from a few technical mistakes. Explanations of buffer overflows in chapter 4 needlessly associated them with TCP-based sessions. UDP-based buffer overflows are exploited regularly. The author of this chapter also seems to believe that buffer overflows are a problem because they overwrite "user ID and privilege information" on the stack. That's rarely the case; subverting return pointers is the problem. Chapters 8 and 15, describing voice protocols like H.323, were difficult to understand, and ch. 18 (p. 283) makes an unsubstantiated claim that "a well-known Mid-East terrorist was discovered to be using steganography." Typos on pp. 155-156 appeared, and port 443 was replaced by 444 on p. 69.
Overall, VaDS marks a welcome contribution to the information security community. I plan to include it in my tier two security analyst reading list, with recommendations to concentrate on its voice-related content. Hopefully the second edition will strip out the unnecessary network security coverage found elsewhere, and include more excellent explanations of voice security issues.
(Disclaimer: I received a free review copy from the publisher.)
Rating: 3
Summary: Good intro to the core ideas of voice and data security
Comment: Not so long ago, the thought of running a corporate PBX on a client/server network was unthinkable, almost ludicrous. Now many companies have a VoIP (Voice Over IP) PBX via their Cisco routers. Some organizations have separate VON (Voice Over Network) systems. While the benefits of convergence are many, their security implications are often ignored or, when they are considered, are addressed too far along into the development process.
That convergence is the focus of Voice and Data Security. About a third of the book addresses the fundamentals of voice and data security, covering topics such as cryptography, sniffing, and spoofing. The rest of the book deals with securing digital and voice assets.
As an example, PBX and mail fraud are huge problems facing corporate America. Yet while most companies are aware of the situation, many organizations don't do all they can to secure their voice systems. This book contains an excellent policy and audit checklist on how to set up a corporate PBX policy. Items such as protection management, standards and procedures, technical safeguards, and incident response are discussed in the checklist, which alone is worth the cost of the book.
A single unauthorized modem in a corporate network will undermine firewalls, cryptography, and all other protection mechanisms. Thus, the authors cover how war dialers and telephone line scanners can be used to ensure that the back doors that unauthorized corporate modems create are closed.
Voice and Data Security is valuable to those needing a good introduction to the core ideas and security repercussions involved with the convergence of voice and data systems. It speaks volumes.
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
