Cатсн²² (in)sесuяitу / ChrisJohnRiley

In preparation for the upcoming SANS London VOIP Security course, I’ve been reading through the Hacking Exposed: VOIP book. I finally got the chance to finish up the book over the weekend and must say, I came out the other end feeling a little disappointed. I’d skimmed the book before, and at first glance the contents seems really in-depth. However after reading the book cover to cover, the amount of repetition really began to become tiring. I found myself actually skipping sections as the tests discussed seemed to be repeats from earlier sections of the book, together with the same suggestions for blocking attacks. I understand the reasoning for this however, as there are only a certain amount of protections against  Denial of Service floods, spoofing or Man in the Middle attacks. However, that said the solutions could easily have been grouped together as a separate chapter to prevent the repetition.

VOIP has come a long way in the last few years, and the attacks mentioned in the book have probably been overtaken by newer exploits and attack vectors. Maybe this was simply a case of too little content to fill the book with new and exciting attack types. Here’s hoping that the second edition will be reformatted to make the most of the information held within.