+ All Categories
Home > Technology > ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon2009: The Security Saga of SysAdmin Steve

Date post: 14-Apr-2017
Category:

Technology
Upload: dan-york
View: 1,159 times
Download: 0 times
Download Report this document
Share this document with a friend
248
ClueCon 2009 – Dan York The Security Saga of SysAdmin Steve Dan York, CISSP ClueCon 2009
Transcript
Page 1: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

The Security Saga of

SysAdmin Steve Dan York, CISSP

ClueCon 2009

Page 2: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Once upon a time...

Page 3: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

big company

Page 4: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

smaller company

Page 5: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SysAdmin Steve

Page 6: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

promotion

Page 7: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

IT

Page 8: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

phones, too!

Page 9: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

new VoIP system

Page 10: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

net head

Page 11: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

V

Page 12: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Voice

Page 13: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SIP

Page 14: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

open standard

Page 15: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Security Isn’t

Possible

Page 16: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

education

Page 17: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

IP-PBX

SIP Service Provider

LAN

Internet

PSTN

Page 18: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

cheap

Page 19: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

merged

Page 20: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

quit

Page 21: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

?

Page 22: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

new IT staff

Page 23: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Juvenile Joe

Page 24: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

BOFH

Page 25: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

read e-mail

Page 26: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

monitor

Page 27: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

comment

Page 28: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

playground

Page 29: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

exploit chaos

Page 30: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

ET

fun

Page 31: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

ultimate truism

Page 32: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

voice = packets

Page 33: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

packets = bits

Page 34: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

bits can be manipulated

Page 35: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

“VoIP security tools”

Page 36: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

tools, tools, tools

Page 37: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

voipsa.org

Page 38: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

hackingvoip.com

Page 39: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

sectools.org

Page 40: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

tools, tools, tools

Page 41: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

good

Page 42: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

evil

Page 43: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

test/defend

Page 44: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

attack

Page 45: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

perspective

Page 46: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

white hat

Page 47: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

black hat

Page 48: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

wireshark

Page 49: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Page 50: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

cain & abel

Page 51: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

RTP

Page 52: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

WAV

Page 53: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

MP3s

Page 54: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

iPod

Page 55: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

2-hour commute

Page 56: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

corporate conversations

Page 57: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

personal iPod

Page 58: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

corporate conversations

Page 59: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

personal iPod

Page 60: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

(scared yet?)

Page 61: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

conversations

Page 62: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

PIN

Page 63: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

voicemail PINs

Page 64: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

banking PINs

Page 65: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

DTMF decoder

Page 66: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

(fun stuff, eh?)

Page 67: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Teleworker Ted

Page 68: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

envy

Page 69: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

grudge

Page 70: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

hang up Ted

Page 71: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

cell phone

Page 72: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

devious

Page 73: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

mix in new background

Page 74: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

amusement park

Page 75: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

screaming kids

Page 76: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

dog

Page 77: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Ted’s dog

Page 78: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

endless barking

Page 79: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

no clue

Page 80: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Process Paul

Page 81: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

new rules

Page 82: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

worked late

Page 83: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

wife

Page 84: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

female

Page 85: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

???

Page 86: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

no clue

Page 87: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

insecure firewall

Page 88: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

family

Page 89: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SIP softphone

Page 90: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

free long distance

Page 91: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

(toll fraud)

Page 92: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Board conf calls

Page 93: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

revenues in the tank

Page 94: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

only hope

Page 95: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

acquisition

Page 96: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

IT outsourced

Page 97: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

job

Page 98: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

(Uh-oh)

Page 99: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

war

Page 100: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SIP trunk

Page 101: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

unencrypted

Page 102: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

sniff CID

Page 103: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

lawyers

Page 104: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

CFO

Page 105: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SIP Redirect

Page 106: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

random extension

Page 107: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

shipping

Page 108: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

HR

Page 109: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

labs

Page 110: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

kitchen

Page 111: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

?

Page 112: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

acquire?

Page 113: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

@#$@?%$!

Page 114: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SysAdmin Steve

Page 115: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

fix it

Page 116: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

DoS

Page 117: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

BYE

Page 118: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

hang up CEO

Page 119: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

set reload

Page 120: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

erase SIP registration

Page 121: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

no clue

Page 122: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

packet flood

Page 123: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

degrade

Page 124: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

cell phones

Page 125: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

acquire?

Page 126: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

@#$@?%$!

Page 127: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SysAdmin Steve

Page 128: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

fix it

Page 129: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

3 strikes

Page 130: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

investigation

Page 131: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

truth

Page 132: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

discovered

Page 133: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

heart attack

Page 134: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

corporate conversations

Page 135: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SIP trunk

Page 136: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

unencrypted

Page 137: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

public Internet

Page 138: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

clear

Page 139: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

call records

Page 140: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

public Internet

Page 141: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

cleartext

Page 142: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

(not good)

Page 143: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

plan

Page 144: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Fire Joe!

Page 145: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

defense in depth

Page 146: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

layers

Page 147: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

encryption

Page 148: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SRTP

Page 149: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

TLS / DTLS

Page 150: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

ZRTP

Page 151: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

voice

Page 152: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

call control

Page 153: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

LAN

Page 154: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SIP trunk

Page 155: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

clueless

Page 156: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

new provider

Page 157: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

call accounting

Page 158: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

IP network

Page 159: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

VLANs

Page 160: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

IDS/IPS

Page 161: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

monitoring

Page 162: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

rate throttling

Page 163: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

secure perimeter

Page 164: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

firewall traversal

Page 165: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

firmware

Page 166: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

o/s patches

Page 167: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

disable services

Page 168: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

die, default

passwords, die, die, die

Page 169: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

layers

Page 170: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

secure VoIP

Page 171: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

caveat

Page 172: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

internal

Page 173: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

disgruntled

Page 174: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

x%?

Page 175: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

compromised servers

Page 176: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

spyware

Page 177: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

unsecured WiFi

Page 178: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

(checked your parking lot

lately?)

Page 179: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

offline analysis

Page 180: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SIP trunk

Page 181: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

$$$

Page 182: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

security

Page 183: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Botnet Bob

Page 184: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

zombies

Page 185: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

fun

Page 186: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

profit

Page 187: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Criminal Chris

Page 188: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

espionage

Page 189: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

identity theft

Page 190: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

human replay attack

Page 191: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Spammer Sue

Page 192: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SPIT

Page 193: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

1,000s of calls

Page 194: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

“significant event”

Page 195: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Congressman

Page 196: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

mistress

Page 197: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

public official

Page 198: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

porn line

Page 199: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

identity theft

Page 200: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

13-yr-old

Page 201: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Wall St. Journal

Page 202: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

“VOIP IS INSECURE”

Page 203: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

“(stupid) VOIP IS INSECURE”

Page 204: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

“VOIP IS INSECURE”

Page 205: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

moral

Page 206: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

VoIP *can* be secure

Page 207: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

VoIP can be MORE secure

than PSTN

Page 208: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

(red button, anyone?)

Page 209: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

work

Page 210: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

plan

Page 211: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

questions

Page 212: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

education

Page 213: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

voipsa.org

Page 214: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

VOIPSA Threat Taxonomy

Page 215: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

VOIPSA Best Practices

Page 216: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

VOIPSEC mailing list

Page 217: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

blueboxpodcast.com

Page 218: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Page 219: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

(If you aren’t reading them, be

aware the attackers *are*)

Page 220: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

defense in depth

Page 221: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

layers and layers

Page 222: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

voice

Page 223: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

call control

Page 224: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SIP trunks

Page 225: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

management interfaces / APIs

Page 226: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

PSTN interfaces

Page 227: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

PSTN

Page 228: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

VoIP = IP + PSTN

Page 229: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

it’s the network, stupid

Page 230: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

cloud

Page 231: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

IP network

Page 232: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

voice = packets

Page 233: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

packets = bits

Page 234: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

bits can be manipulated

Page 235: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

VoIP *can* be secure

Page 236: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

work

Page 237: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

plan

Page 238: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

SysAdmin Steve?

Page 239: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

happily ever after?

Page 240: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

acquisition?

Page 241: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

job?

Page 242: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

CIO?

Page 243: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

another story

Page 244: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

To be continued...

Page 245: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

The End

(or is it the beginning?)

Page 246: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Please practice safe VoIP!

Page 247: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Q&A www.voipsa.org

www.voipsa.org/blog www.blueboxpodcast.com

blogs.voxeo.com

Page 248: ClueCon2009: The Security Saga of SysAdmin Steve

ClueCon 2009 – Dan York

Thank you

(Please practice safe VoIP!)


Recommended
Sysadmin Info]

Sysadmin Info]

Documents

SCUGBE_Lowlands_Unite_2017_Ransomware vs. SysAdmin

SCUGBE_Lowlands_Unite_2017_Ransomware vs. SysAdmin

Presentations & Public Speaking

Eis Sysadmin

Eis Sysadmin

Documents

Gc Sysadmin

Gc Sysadmin

Documents

SAGA-420I SAGA-720I/IP SAGA-1350I/IP SAGA-420II/IIP SAGA ... · SAGA-420II/IIP SAGA-720II/IIP SAGA-1350II/IIP SAGA-1750II/IIP . Hefei Saga Computer Numerical Control CO.,LTD 2 Congratulations

SAGA-420I SAGA-720I/IP SAGA-1350I/IP SAGA-420II/IIP SAGA ... · SAGA-420II/IIP SAGA-720II/IIP SAGA-1350II/IIP SAGA-1750II/IIP . Hefei Saga Computer Numerical Control CO.,LTD 2 Congratulations

Documents

The Real Leadership Lessons of Steve · PDF fileThe Real Leadership Lessons of Steve Job . by Walter Isaacson . His saga is the entrepreneurial creation myth writ large: Steve Jobs

The Real Leadership Lessons of Steve · PDF fileThe Real Leadership Lessons of Steve Job . by Walter Isaacson . His saga is the entrepreneurial creation myth writ large: Steve Jobs

Documents

Oracle Apps SysAdmin Configurations

Oracle Apps SysAdmin Configurations

Documents

Danss - Theory of SysAdmin

Danss - Theory of SysAdmin

Documents

SAGA-720I SAGA-720II SAGA-720IIP SAGA-1350I SAGA-1350II ...

SAGA-720I SAGA-720II SAGA-720IIP SAGA-1350I SAGA-1350II ...

Documents

Dru lavigne oss-sysadmin

Dru lavigne oss-sysadmin

Technology

The Real Leadership Lessons of Steve Jobsbps.moph.go.th/new_bps/sites/default/files/18.1.2... · ThE rEAl lEAdErShip lESSOnS Of STEvE JObS hiS SAgA iS the entrepreneurial creation

The Real Leadership Lessons of Steve Jobsbps.moph.go.th/new_bps/sites/default/files/18.1.2... · ThE rEAl lEAdErShip lESSOnS Of STEvE JObS hiS SAgA iS the entrepreneurial creation

Documents

Sysadmin Perl

Sysadmin Perl

Documents

SysAdmin Day Supplement

SysAdmin Day Supplement

Documents

Sysadmin User Guide

Sysadmin User Guide

Documents

Ontap 8 sysadmin

Ontap 8 sysadmin

Documents

Data Ontap 8 Sysadmin

Data Ontap 8 Sysadmin

Documents

Python and sysadmin I

Python and sysadmin I

Technology

SAGA-720I SAGA-720II SAGA-720IIP SAGA-1350I SAGA-1350II SAGA-1350IIP ... · PDF fileSAGA-1350I SAGA-1350II SAGA-1350IIP SAGA-1750I SAGA-1750II SAGA-1750IIP . Hefei Saga ... 2 Congratulations

SAGA-720I SAGA-720II SAGA-720IIP SAGA-1350I SAGA-1350II SAGA-1350IIP ... · PDF fileSAGA-1350I SAGA-1350II SAGA-1350IIP SAGA-1750I SAGA-1750II SAGA-1750IIP . Hefei Saga ... 2 Congratulations

Documents