|
 |
|
 |
 |
Voice over Internet Protocol (VoIP) Security
|
by PhD, CISM, CISSP, James F. Ransome and PhD, CISM, John Rittinghouse
Sales Rank: 991447
|
List Price: $55.95
$22.00
At Amazon
|
|
Paperback: 432 pages
Publisher: Digital Press November 19, 2004
Language: English
ISBN-10: 1555583326
ISBN-13: 978-1555583323
Product Dimensions:
9.1 x 7.3 x 1.1 inches
Shipping Weight: 1.9 pounds
Product Review
"Voice Over Internet Protocol Security is both unique and timely. Ransome and Rittinghouse expertly describe the technical fundamentals, salient business drivers, and converged network infrastructure security risks and challenges IT and security professionals encounter when implementing enterprise-level VoIP systems." William M. Hancock, Ph.D., CISSP, CISM, CSO, Savvis Communications.
"This book should be required reading for anyone contemplating a VoIP implementation for three reasons: first, it deals with telecom technology and standards from Alexander Graham Bell onward. This puts VoIP in its proper context as an integral, evolved part of a global system that is potentially vulnerable. Second, it provides a detailed tutorial on all of the major aspects of VoIP implementation from a pragmatic point of view. Finally, it addresses the very real security issues that could put the global telephone system at risk if not dealt with professionally. I would heartily recommend your entire project team buy this book and read it carefully!" John Milner, MIS Director, Cambridge University
Book Description
Voice Over Internet Protocol Security has been designed to help the reader fully understand, prepare for and mediate current security and QoS risks in todays complex and ever changing converged network environment and it will help you secure your VoIP network whether you are at the planning, implementation, or post-implementation phase of your VoIP infrastructure.
* This book will teach you how to plan for and implement VoIP security solutions in converged network infrastructures. Whether you have picked up this book out of curiosity or professional interest . . . it is not too late to read this book and gain a deep understanding of what needs to be done in a VoIP implementation.
* In the rush to be first to market or to implement the latest and greatest technology, many current implementations of VoIP infrastructures, both large and small, have been implemented with minimal thought to QoS and almost no thought to security and interoperability.
Customer Reviews & Comments
I decided to read 'VoIP Security' because I thought it would describe VoIP protocols and ways to secure them. The table of contents looked very strong and the preface seemed to meet my goals: "For one to truly understand Internet telephony, the reader must have a solid understanding of digital voice, telephony, networking, Internet protocols, and, most important of all, how all of these technologies are put together." Unfortunately, the book is confusing at times and is not an improvement over earlier VoIP security books. So-called 'reviewers' who write that this book 'goes heavily into explaining the low level mechanics of VoIP' reveal they don't read the books they purport to review. Chapters 1, 2, and 3 discuss reasons to use VoIP, how voice is encoding into digital form, and telephony history. I found the wire pair discussions in ch 3 confusing; additional diagrams might have helped. Some text in the existing figures is so small as to be nearly illegible. Ch 4, on 'packet technologies,' is the worst in the book. Many of the 'functional activities by layer' in figure 4.1 are wrong (e.g., routing at layer 2). Page 89 says 'the IP identification number is mainly useful for identifying anomalous signatures.' While IP fragmentation is mentioned, that correct function of the IP ID seems played down. The most frustrating part of ch 4 is the sudden discussion of the H.235 protocol, with absolutely no introduction to its purpose or what it is. This is especially unfortunate as the preceding 20 pages were wasted describing basic IP networking. H.235 is not explained until ch 8. Similarly, p. 102 and elsewhere compares SIP to H.323, without explaining H.323 or SIP! H.323 is tangentially covered in ch 8, and SIP makes an appearance in ch 5. A chapter that should have been the core of the book -- explaining VoIP protocols -- is its weakest. At the very best, this shows the book is poorly organized. After presenting generic VoIP deployment issues in ch 6, ch 7 catalogs various VoIP security risks and ch 8 offers VoIP security best practices. I was surprised to realize that chs 7 and 8 are the only sections that really mention security at all, in a book called 'VoIP Security.' I did not find this material compelling, as much of it delivered generic security guidance -- some of it wrong. On p. 192 we read that 'Linux can be crashed with one pair' of fragmented IP datagrams (wrong). On p. 193 we read 'each broadcast address can support up to 255 hosts' (wrong, only true for /24 netblocks). On p. 263 we read 'rather than looking at one frame at a time, as with firewalls, NIDS usually don't add delay because they look across a broad collection of frames flowing in either direction' (what?). I got the impression this book suffered due to lack of digital security experience on the part of the authors and editors; they seemed much more like telecom practitioners. Ch 9 presents legal issues in security (not really related to VoIP), and ch 10 concludes with a short 'future of VoIP.' I finished this book not much more informed about VoIP security than when I started. In fact, I turned to the older 2001 SAMS book 'Voice and Data Security' by Archer, et al, and found it covered protocols and security issues much better than 'VoIP Security.' If Elsevier decides to print a new edition of this book, they should encourage the authors to take a hard look at what they discuss and where they discuss it. They should also consider what they omit. I think a real VoIP security book should explain how to configure and deploy the open source PBX Asterix and a VoIP proxy like siproxd for SIP. The new edition should do more than mention tools like 'voice over misconfigured internet telephones'; show them and others in action. Avoid the generic network and security discussions and concentrate on the topic at hand.
Comment | Permalink |
(Report this)
|
Voice over Internet Protocol (VoIP) Security
List Price: $55.95
Available from Amazon
Price: $22.00
| |
|
|
|
|
