SANS to teach VoIP security in Europe

The SANS Institute will be teaching the first European session of its new Security 540: VoIP Security course at the upcoming SANS Secure Europe event in Amsterdam this May. The 6-day course which debuted last year in Sacramento has proven popular and is already at 50% capacity.

“Voice over IP is a rapidly growing area due to the huge cost saving potential but organizations often fail to consider the security impact,” explains Paul Henry, one of the world’s foremost information security and computer forensic experts with more than 20 years’ experience.

Henry points to examples such as arrests made In Budapest and London last year of 30 members of an organized criminal gang that allegedly stole 11 million Euro’s through VoIP toll fraud. The gang used thousands of stolen VoIP account details to make 1.5 million calls to premium rate numbers which, in turn paid the gang a percentage of the inflated call charges.

Other cases like Edwin Andres Pena who was sentenced to 10 years in jail in a US Federal Court for stealing and reselling VoIP call credits are part of a growing trend. “The automated billing mechanisms of VoIP services using direct debit or credit cards make these prized targets for criminals who often have difficulty selling stolen data,” Henry adds.

However, the problem is not just the theft of calling credits. As data and voice coexist on the same networks, criminals use weaknesses in one area to gain access to the other. “The information gained from hacking into sensitive voice conversations can be used for insider trading or corporate espionage,” explains Henry who points out that few organizations encrypt VoIP traffic sent across shared networks. “The widely held assumption that VoIP traffic is difficult to intercept is plainly wrong,” he comments, pointing to a growing number of free tools that will capture SIP based voice calls and turn them into audio files via minimal access to a shared IP network.

Henry, who regularly advises and consults on some of the world’s most challenging and high-risk information security projects, believes that only 1 in 10 organizations that deploy VoIP specifically look at the security implications of these new voice services.

The SEC540 course that Henry will teach at SANS Secure Europe provides VoIP security best practices and technologies in order to design, deploy, and audit trusted VoIP infrastructures. The intensive course offers a detailed in-class analysis of infrastructure, signalling, and media attacks to expose the security risks of VoIP networks for service providers, carriers, and enterprises.

Students will be shown how to understand and protect against various attacks from VoIP signalling and media eavesdropping, caller ID impersonation, and VoIP authentication cracking to man-in-the-middle call manipulation and media injection. “The course is very hands on and will give attendees a real understanding of how to test and protect VoIP networks against an increasingly focused and organized criminal element,” Henry concludes.