BKSVOIPN.RVW 20070913 "Securing VoIP Networks", Peter Thermos/Ari Takanen, 2008, 0-321-43734-9, U$44.99/C$51.99 %A Peter Thermos %A Ari Takanen %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2008 %G 978-0-321-43734-1 0-321-43734-9 %I Addison-Wesley Publishing Co. %O U$44.99/C$51.99 fax: 416-443-0948 800-822-6339 bkexpress@aw.com %O http://www.amazon.com/exec/obidos/ASIN/0321437349/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321437349/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321437349/robsladesin03-20 %O Audience s- Tech 2 Writing 1 (see revfaq.htm for explanation) %P 359 p. %T "Securing VoIP Networks" The foreword and preface both stress that the principles used to secure VoIP (Voice over Internet Protocol) systems are suitable for any multimedia application over the Internet. While this may be true in terms of the technology, the perspective indicates that the authors fail to recognize how many naive users are experimenting with the technology, and managing their own systems. The large number of novices in this technology space is a major threat in itself. It is a truism that there are social controls for technical problems, but no technical controls for social problems. That Thermos and Takanen disregard this situation is disturbing. Chapter one is a generic overview of telephony and VoIP related topics. The discussion of security is also vague. There is, for example, mention of the difficulty of node identification, but no follow up deliberation on resultant problems such as fraud. VoIP architectures and protocols are listed in chapter two. A structure, and the relationship of the protocols to each other, would have been an improvement. Threats are examined in chapter three: some nebulously and others in excruciating detail. Chapter four outlines two lists of vulnerabilities, and then presents a taxonomy of VoIP hazards based upon those previously presented. There doesn't seem to be much practical application to the material, although it may be of interest to researchers. Signalling protection mechanisms, listed in chapter five, are primarily based on existing Internet encryption and authentication protocols, except for the specialized subset of the H.323 suite. The Secure Real Time Protocol (SRTP) is outlined in chapter six. Chapter seven deals with key management, which is an important issue in regard to almost all the security conventions associated with VoIP. General network security concerns are discussed with some emphasis on VoIP in chapters eight and nine. Chapter ten examines overall Internet Service Provider (ISP) architectures in terms of VoIP issues. Chapter eleven revisits some topics from the previous three chapters. The text is turgid and verbose, and the use of idioms is often quite clumsy and annoying. While "Practical VoIP Security" (cf. BKPVOIPS.RVW) is older, and the current work lists some of the more recent protocols, it is difficult to say that Thermos and Takanen have provided a more useful text. copyright Robert M. Slade, 2007 BKSVOIPN.RVW 20070913