***** Hacking VoIP: Protocols, Attacks, and Countermeasures. By Himanshu Dwivedi, published by No Starch Press, nostarch.com (Web); 211 pages; $44.95.
In Hacking VoIP (voice over Internet Protocol), author Himanshu Dwivedi delves into the protocol elements of the technology, clearly defining how they work, and thoroughly explaining the various known threats and corresponding countermeasures.
VoIP is still evolving and so is its security. Dwivedi clearly explains weaknesses that can utterly devastate a system if the system operator lets his or her guard down. VoIP is, by its nature, more prone to attack compared to traditional forms of communication, such as land-line telephony. Further, due to its networked nature, VoIP has a tendency to attract a more experienced type of hacker.
Dwivedi points out that even though VoIP applications—such as Yahoo Messenger, Google Talk, and others—claim to have adequate safeguards, they don’t fully counter the medium’s inherent security deficiencies. He further notes that firewalls also won’t fully solve the problem. He concludes nonetheless that VoIP security, while elusive, is ultimately attainable if good information security policies are closely followed.
The text’s frequent use of diagrams helps alleviate the complexity of the subject matter. While the piece was very complete, it was troubling that Dwivedi appears, whether intentionally or not, to provide guidance on how to attack VoIP systems through the exercises he offers on how to keep them safe.
As a resource, Hacking VoIP is true to its title and geared primarily toward the VoIP administrative professional. As such, the average person will find the work interesting, but very technical and limited in scope.
Reviewer: William Frances Eardley IV is a member of ASIS International.