Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures

***** Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures. By Peter Thermos and Ari Takanen; published by Addison-Wesley, www.awprofessional.com (Web); 359 pages; $44.99.

For better or worse, our society has become reliant on sophisticated, yet highly vulnerable communications systems. Interruptions to the Internet or cell networks can have an immediate and adverse effect on trade and financial systems. For first responders and those they serve, basic communication system failures can place lives at risk.

No one can ignore the issue as Internet protocol (IP)-based networks replace many conventional communications infrastructures. Authors Peter Thermos and Ari Takanen see an “everything over IP” inevitability and have produced this excellent guide to sound the wake-up call.

An appropriate amount of background and reference material is provided for readers who need a primer, but the majority of the book is rightly dedicated to detailing the range of threats and attacks against VoIP networks.

Building secure, reliable VoIP networks, Thermos and Takanen argue, simply requires a combination of existing best practices from traditional telecommunications and Internet-era IT. To that point, the authors start with tried-and-true strategy axioms: first, know your enemy, and second, know your own vulnerabilities.

Excellent case studies provide specifics about how certain attacks are executed and include clear graphic examples of these attacks being carried out, including screen shots. While VoIP security concerns begin with maintaining service and securing conversations, the authors warn that old-fashioned fraud, which moved easily from doorsteps and landlines to the Internet, will invariably find a home on VoIP networks.

The book’s greatest value, and the reason you’ll regularly pull it off the shelf, is the specific and comprehensive framework provided for securing enterprise VoIP networks. These valuable sections cover no-tech issues such as policies, procedures, and operational security; low-tech challenges such as environmental and physical security; and high-tech topics such as equipment and information systems security.

The book is also extremely readable. Graphics, which can often cloud books of this type, are clear, appropriately used, and full of useful information throughout. The text is easy to read and the formatting is consistent.

This book is an essential tool for the reference library of network specialists, generalists, consultants, and engineers alike, from those experienced with VoIP to the technologically challenged. The comprehensive focus on VoIP should not discourage security professionals from making use of this text, which can be applied to almost any security discipline.

Reviewer: James R. Black, CPP, PSP, CET (Certified Engineering Technologist), is an Irvine, California-based senior security consultant for TRC Companies, Inc., a multidiscipline infrastructure engineering firm with 95 offices nationwide. He is a member of ASIS International.