Loading...

DEFCON 19: VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP

3,121 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Oct 28, 2011

Speaker: Jason Ostrom Sipera VIPER Lab

This presentation is about the security of VoIP deployed in hotel guest rooms. What it is, why it benefits administrators and users, and how easily it can be broken. The hospitality industry is widely deploying VoIP. Since 2008, we've seen an increase of these rollouts along with Admin awareness of applying the required security controls in order to mitigate this potential backdoor into a company's mission critical data and systems — their Crown Jewels. The method is simple: through VoIP, a malicious hotel guest may gain access into corporate data resources such as a company's sensitive financial or HR systems. This talk will present updated research with a new case study: A Hotel VoIP infrastructure that had security applied. We will explore the missing pieces. How has this risk changed for permitting a hotel guest unauthorized network access, and who should be concerned? An old VLAN attack will be re-visited, with a new twist: how the VLAN attack applies to recent production VoIP infrastructure deployments, and how it can be combined with a new physical method. A new version of the free VoIP Hopper security tool will be demonstrated live, showcasing this new feature. In addition, we will investigate an alternative to CDP for device discovery and inventory control: LLDP-MED (Link Layer Device Discovery - Media Endpoint Discovery). A case study penetration test of a client infrastructure that used LLDP-MED follows , with a comparison to CDP. VoIP Hopper will demonstrate the first security assessment tool features for this advancing protocol. Mitigation recommendations will follow.

For more information visit: http://bit.ly/defcon19_information
To download the video visit: http://bit.ly/defcon19_videos
Playlist Defcon 19: http://bit.ly/defcon19_playlist

Loading...


to add this to Watch Later

Add to

Loading playlists...