VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP

Video thumbnail (Frame 0) Video thumbnail (Frame 1939) Video thumbnail (Frame 2953) Video thumbnail (Frame 4455) Video thumbnail (Frame 5427) Video thumbnail (Frame 6400) Video thumbnail (Frame 7733) Video thumbnail (Frame 8986) Video thumbnail (Frame 10259) Video thumbnail (Frame 11839) Video thumbnail (Frame 13085) Video thumbnail (Frame 14164) Video thumbnail (Frame 15738) Video thumbnail (Frame 16914) Video thumbnail (Frame 17895) Video thumbnail (Frame 19982) Video thumbnail (Frame 21498) Video thumbnail (Frame 22454) Video thumbnail (Frame 23794) Video thumbnail (Frame 25758) Video thumbnail (Frame 27191) Video thumbnail (Frame 28137) Video thumbnail (Frame 30125) Video thumbnail (Frame 31982) Video thumbnail (Frame 32990) Video thumbnail (Frame 34184) Video thumbnail (Frame 35574) Video thumbnail (Frame 36560) Video thumbnail (Frame 37888) Video thumbnail (Frame 38974) Video thumbnail (Frame 39994) Video thumbnail (Frame 40923) Video thumbnail (Frame 42166) Video thumbnail (Frame 43138) Video thumbnail (Frame 44208) Video thumbnail (Frame 47506) Video thumbnail (Frame 49583) Video thumbnail (Frame 50527) Video thumbnail (Frame 51503) Video thumbnail (Frame 52755) Video thumbnail (Frame 53824) Video thumbnail (Frame 54984) Video thumbnail (Frame 56548) Video thumbnail (Frame 57561) Video thumbnail (Frame 58732) Video thumbnail (Frame 60477) Video thumbnail (Frame 61792) Video thumbnail (Frame 62710) Video thumbnail (Frame 63884) Video thumbnail (Frame 65809) Video thumbnail (Frame 66824) Video thumbnail (Frame 68040) Video thumbnail (Frame 69038) Video thumbnail (Frame 70381) Video thumbnail (Frame 71475)
Video in TIB AV-Portal: VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP

Formal Metadata

Title
VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2013
Language
English

Content Metadata

Subject Area
Abstract
Jason Ostrom - VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP This presentation is about the security of VoIP deployed in hotel guest rooms. What it is, why it benefits administrators and users, and how easily it can be broken. The hospitality industry is widely deploying VoIP. Since 2008, we've seen an increase of these rollouts along with Admin awareness of applying the required security controls in order to mitigate this potential backdoor into a company's mission critical data and systems - their Crown Jewels. The method is simple: through VoIP, a malicious hotel guest may gain access into corporate data resources such as a company's sensitive financial or HR systems. This talk will present updated research with a new case study: A Hotel VoIP infrastructure that had security applied. We will explore the missing pieces. How has this risk changed for permitting a hotel guest unauthorized network access, and who should be concerned? An old VLAN attack will be re-visited, with a new twist: how the VLAN attack applies to recent production VoIP infrastructure deployments, and how it can be combined with a new physical method. A new version of the free VoIP Hopper security tool will be demonstrated live, showcasing this new feature. In addition, we will investigate an alternative to CDP for device discovery and inventory control: LLDP-MED (Link Layer Device Discovery - Media Endpoint Discovery). A case study penetration test of a client infrastructure that used LLDP-MED follows , with a comparison to CDP. VoIP Hopper will demonstrate the first security assessment tool features for this advancing protocol. Mitigation recommendations will follow. Jason Ostrom is a security researcher working in the Sipera VIPER Lab, with an interest in VoIP and layer 2 security issues. He is a graduate of the University of Michigan, Ann Arbor, and has over 13 years of experience in the IT industry, including VoIP penetration testing. He is the author of the VoIP Hopper security tool and has contributed to other open source UC security tools.
Internettelefonie
Vulnerability (computing) Demo (music) Internettelefonie
Vulnerability (computing) Structural load Penetrationstest Open source Internettelefonie Exploit (computer security) Client (computing) Computer network Range (statistics) Mathematical analysis Information security System identification
Telecommunication Netzwerkverwaltung Internettelefonie Streaming media Videoconferencing Reduction of order
Service (economics) Telecommunication Internettelefonie Area Product (business) Wireless LAN
Email Service (economics) System call Internettelefonie Menu (computing) Plastikkarte Product (business) Computer configuration Telecommunication System programming Multimedia Authorization Information security
Chain Touchscreen Observational study Telecommunication Personal digital assistant Internettelefonie Cellular automaton Strategy game Electronic visual display Staff (military)
Single-precision floating-point format Uniform resource locator Touchscreen Mobile Web Internettelefonie Energy level Videoconferencing Information security Electronic visual display Maß <Mathematik> Physical system
Vulnerability (computing) Normed vector space Authorization Mereology Information security Virtual LAN Default (computer science)
Vulnerability (computing) Information security Virtual LAN
Systementwurf Explosion Internettelefonie Convex hull Limit (category theory) Authorization Information security Hacker (term) Virtual LAN Information privacy
Internettelefonie Computer network Videoconferencing Virtual LAN Multiplication
Frame problem Dynamic Host Configuration Protocol Virtual reality Software Interface (computing) Virtual LAN
Frame problem System call Server (computing) Internettelefonie Computer network Color management Control flow Term (mathematics) Mach's principle Root Internetworking Electronic meeting system Interface (computing) Compact Cassette Computer worm Configuration space Information security
Vulnerability (computing) GUI widget Configuration space Information security
Dynamic Host Configuration Protocol Fluid statics Inference Configuration space Information security Address space
Frame problem Fluid statics Control flow Virtual LAN Laptop Address space
Gateway (telecommunications) Virtual reality Fluid statics Interface (computing) Configuration space Authorization Control flow Laptop Address space
Asynchronous Transfer Mode Dynamic Host Configuration Protocol Common Language Infrastructure Internettelefonie Interface (computing) Code Virtual LAN
Asynchronous Transfer Mode Touchscreen Internettelefonie Communications protocol Virtual LAN
Dynamic Host Configuration Protocol Computer data logging Internettelefonie Menu (computing) Virtual LAN Address space
Demo (music) Internettelefonie
Demo (music) Internettelefonie Integrated development environment Computer network Control flow Virtual LAN Time domain
Slide rule Server (computing) GUI widget Internettelefonie System programming Computer network Authorization Information security Representation (politics) Plastikkarte Information privacy
GUI widget Uniqueness quantification Information security Theory of everything Conditional-access module Information privacy
System call Archaeological field survey Personal digital assistant
Archaeological field survey Internettelefonie Average Vector potential Social engineering (security) Boss Corporation
Frame problem Sample (statistics) Archaeological field survey Personal digital assistant Internettelefonie Virtual LAN Statistical hypothesis testing Multiplication
Standard deviation Serial port Topology Internettelefonie Computer network Control flow Virtual LAN Power (physics) Similarity (geometry) Data model OSI model Number Hypermedia Communications protocol System identification Information security Message passing Multiplication Extension (kinesiology) Address space
Internettelefonie
Mathematics GUI widget System administrator Menu (computing) Mereology Control flow Information security Equivalence relation Physical system Laptop
Data dictionary Authentication Open source Virtual LAN Statistical hypothesis testing Time domain Voting Interface (computing) Configuration space Authorization MiniDisc Information security Multiplication
Vulnerability (computing) Internettelefonie Revision control Computer network Encryption Information security Virtual LAN Product (business)
Internettelefonie Information Information security Physical system
System programming Exploit (computer security) Information Information security
Feedback