Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

SANS VoIP Security Class

sansWhile at the SANS London conference I attended the VoIP Security class held by Raul Siles. VoIP is not a small topic, and the field is still in flux when it comes to security. We had 2 days to cover a range of topics, and to fit it all into the 2 days the course was run bootcamp style (9am to 8pm). Overall I got a lot out of the course, in particular the lab exercises and the review of the underlying protocols (SIP and RTSP).

The first day lays the foundation by reviewing the protocols, and learning the networking side of VoIP security. The second day concentrates more on attacks against the environment, and where possible, remediation to defend against these attacks. As theVoIP arena is in flux, and growing day by day, the solutions are not 100%. However a majority of issues are covered from both attack and defence viewpoints.

Overall I though the course was well formed, although it could do with a little less theory and more on the hands on side. After all, we can all read a book on the theory side, but not everyone has the facilities to do the hands-on exercises. This is the first time theVoIP course has been done in Europe, so I hope they take our comments back and streamline the course for future attendees.

Next is the Web App Penetration Testing and Ethical Hacking class (SEC:542)


One response to “SANS VoIP Security Class

  1. Pingback: Sans Voip Security Class « Ramblings of the äNal Security Guy

%d bloggers like this: