VoIP Technology & Security Training
You are on a “need to know” basis.
VoIP Technology & Security Training is something you “need to know.”
IP3, Inc. the nation’s leading trainer for “securing emerging technologies” has partnered with one of the leading VoIP security providers,
Salare and the VoIP Labs at IIT to offer this cutting edge VoIP Technology & Security Training.
This seminar contains the most comprehensive VoIP security training possible. We’ve blended the course to put the theory online as pre-course and post-course webinar materials (see webinar dates below), and same the class room time for real labs and real hands on experience. You can’t afford to miss this opportunity to work with the industry’s leading appliance and software technologies. With the proliferation of VoIP in enterprises, we know that VoIP is one of the TOP security issues of the day. This VoIP Technology and Security Training Seminar satisfies your “need to know” as a professional facing the growth and transition of an enterprise. VoIP is not in the future, it is here!
Register today!!
If you are one of the first 10 people to register you will be entered into a drawing to win a 9″ mini notebook computer!!
We Have The Best Instructors!
Carol Davids is the Director of the VoIP Research Lab at the Illinois Institute of Technology and an Industry Professor in IIT’s School of Applied Technology. She designed and built the school’s VoIP Lab and its VoIP and Telecommunications curriculum. She has initiated numerous research projects in the lab related to the applications and development of standards that describe and measure the performance, interoperability and characteristic behaviors of VoIP systems. Development projects conducted on her initiative and under her direction have resulted in patent applications, proof of concept applications and extensions to commercial code. Many of these projects are supported by industry partners who provide network elements and connections, test equipment, mentoring and technical support.
Before joining the staff and faculty at IIT, Carol worked in the telecommunications industry for over thirty years, starting in the Bell System and moving into the vendor and standards development communities at Motorola. Tellabs, CableLabs, Packet Cable, The European Telecommunications Standards Institute (ETSI) and the Internet Engineering Task Force (IETF). Her standards work includes: Authorship of IETF drafts, including SIP benchmarking methodology and terminology; Membership in Specialist Task Force at ETSI for the specification of call signaling and lawful intercept functions on packet-based cable networks; Co-authorship of the Packet Cable, CableLabs standards for network elements on cable networks.
Paul R. Sand High Tech Executive and Founder/CEO of Salare Security will review how enterprise VoIP networks are creating new vulnerability and providing a significant opportunity for data theft. Weak security on Internet facing systems such as web applications, third party links and remote access gateways may lead to stepping stone attacks into the network and potentially into the voice layer. Paul will review best approach architectures, technology and VoIP security threats.
Paul is an inventor on 22 issued US patents in the areas of voice and data communications, public safety and emergency management. He successfully drove new technologies developed at Bell Laboratories into a broad set of products that he managed in Lucent’s Switching and Access Business. Paul was also responsible for commercialization of the mVerify Corporation’s NIST Advanced Technology (ATP) (completed in May of 2005). Paul is a member of the Internet Security Alliance (ISA) and sits on the Plenary Committee for the ISA’s VoIP Security Project sponsored by NIST and DHS and is the Industry Chair for the SCAP Applicability subproject. He is also a senior IEEE member and a member of the Information Systems Security Association, the FBI InfraGard and the US Secret Service Electronic Crimes Task Force.
Course Outline
Pre-Course Webinar: A Foundation in VoIP
8:30-8:45am Overview of the Entire Course and Introduction of Todays’ Instructor
8:45-9:15am History of Telephony
9:15-10:00am VoIP technology and architecture
10:00-10:30am Break
10:30-11:30am SIP and RTP Protocols
11:30am-12:15pm VoIP Features and Implementations
12:15-12:30pm Recap and What to Expect Next Week
Day 1 – Securing Signaling and Management of VoIP
8:30-10:00am Threats and Risks present in VoIP Networks
10:00-10:30am Break
10:30-Noon Protecting the Management and Signaling Planes. NIST and DISA Guidance on VoIP Security
Noon-1:00pm Lunch
1:00-2:30pm Applying NIST SP 800 Series to VoIP
2:30-3:00pm Break
3:00-4:30pm Lab: SIP Assessment Tools
BYE Teardown – This tool attempts to disconnect an active VoIP conversation by spoofing the SIP BYE message from the receiving party.
iThinkTest FlowCoder: SiPCPE – Evaluate SIP infrastructure protocol compliance using inserted SIP messages.
RedirectPoison – this tool works in a SIP signaling environment, to monitor for an INVITE request and respond with a SIP redirect response, causing the issuing system to direct a new INVITE to another location.
Registration Adder – this tool attempts to bind another SIP address to the target, effectively making a phone call ring in two places (the legitimate user’s desk and the attacker’s)
Registration Eraser – this tool will effectively cause a denial of service by sending a spoofed SIP REGISTER message to convince the proxy that a phone/user is unavailable.
Registration Hijacker – this tool tries to spoof SIP REGISTER messages in order to cause all incoming calls to be rerouted to the attacker.
SIP-Kill – Sniff for SIP-INVITEs and tear down the call.
SIP-Proxy-Kill – Tears down a SIP-Session at the last proxy before the opposite endpoint in the signaling path.
SIP-RedirectRTP – Manipulate SDP headers so that RTP packets are redirected to an RTP-proxy.
SipRogue – a multifunctional SIP proxy that can be inserted between two talking parties
vnak – VoIP Network Attack Toolkit – vnak combines a number of attacks against multiple protocols in to one easy to use tool. Its aim is to be the one tool a user needs to attack multiple VoIP protocols.
Day 2 – Securing the Media Stream
8:30-10:00am Lab: More SIP Assessment Tools
SIP-Kill – Sniff for SIP-INVITEs and tear down the call.
SIP-Proxy-Kill – Tears down a SIP-Session at the last proxy before the opposite endpoint in the signaling path.
SIP-RedirectRTP – Manipulate SDP headers so that RTP packets are redirected to an RTP-proxy.
SipRogue – a multifunctional SIP proxy that can be inserted between two talking parties
vnak – VoIP Network Attack Toolkit – vnak combines a number of attacks against multiple protocols in to one easy to use tool. Its aim is to be the one tool a user needs to attack multiple VoIP protocols.
10:00-10:30am Break
10:30-Noon Protecting the VoIP Media Channel
Noon-1:00pm Lunch
1:00-2:30pm Lab: Media Stream Assessment Tools
RTP InsertSound – this tool takes the contents of a .wav or tcpdump format file and inserts the sound into an active conversation.
RTP MixSound – this tool takes the contents of a .wav or tcpdump format file and mixes the sound into an active conversation.
RTPInject – RTPInject is a minimal-setup prerequisites attack tool that injects arbitrary audio into established RTP connections. The tool identifies active conversations, enumerates the media codec in use, and allows for the injection of an arbitrary audio file.
2:30-3:00pm Break
3:00-4:30pm Lab: RTP Assessment Tools
RTPProxy – Wait for incoming RTP packets and send them to wanted (signaled by a tiny protocol) destination.
SteganRTP – SteganRTP is a steganography tool which establishes a full-duplex steganographic data transfer protocol utilizing Real-time Transfer Protocol (RTP) packet payloads as the cover medium. The tool provides interactive chat, file transfer, and remote shell.
Vo²IP – With Vo2IP, you can establish a hidden conversation by embedding further compressed voice data into regular PCM-based voice traffic (i.e. G.711 codec).
Day 3 – Securing the Media Stream
8:30-9:15am Media Gateways
9:15-10:00am Lab: Install, configure use the Vunneler Exploit
10:00-10:30am Break
10:30-Noon What SBCs and SIP-Aware Firewalls Do and Don’t Do
Noon-1:00pm Lunch
1:00-2:30pm Identity, Authentication, Access Control and VoIP
2:30-3:00pm Break
3:00-4:30pm Lab: Telespoof, ICS Identity Solution
Post Course Webinar
8:30-9:30am Regulatory Compliance and VoIP
9:30-10:00am VoIP Security Standards
10:00-10:30am Break
10:30-11:30am Legal Issues to Consider in VoIP Deployments
11:30-12:30am Course Recap
Hosted by: Salare Security and IP3, Inc.
Date: December 15, 16, & 17, 2009
Pre Course Webinar Date: December 10, 2009
Post Course Webinar Date: January 7, 2010
Location: Illinois Institute of Technology (Rice Campus)
Address: 201 E. Loop Rd., Wheaton, IL 60189
Registration For This VoIP Security Training Event
$1795 (includes your choice of a 120GB Apple iPod Classic or an 8GB iPod Touch loaded with additional VoIP and IT Security content from our VoIP Security Library). Also includes VoIP workbook, Security Tools CD, book bag, Logitec Extreme PC Gaming Stereo headset with microphone, VoIP for Dummies and SIP Communications for Dummies, and mug. The online sessions will be available to download at the end of each day!
Registration Rates:
General Public $1795 ea.
Association Discount $1595 ea.
ASSOCV1595 (Includes iPod package)
ASSOCV1395 (Without iPod package)
Corporate Discount $1595 ea. (Full Package rate for groups of 3 or more registered attendees). *All corporate groups must register at one time to receive discounted pricing.
Registration Codes:
C4V1595 (Includes iPod)
C4V1395(Without iPod)
Register at: http://www.ip3inc.com/index.php/training/voip
For more information contact:
Debby Fairchild
Phone: 636-485-3895
IP3, Inc.
1320 N. Michigan Ave., Suite #6
Saginaw, MI 48602
1-800-473-5181
Debby Fairchild email
If you no longer wish to receive e-mails from IP3, Inc. click here.