Introduction To VOIP Security - OWASP

1y ago
21 Views
2 Downloads
2.17 MB
54 Pages
Last View : 9d ago
Last Download : 5m ago
Upload by : Azalea Piercy
Transcription

Introduction to VOIP SecurityAngad Singh and Rohit P30-October-2010Copyright The OWASP FoundationPermission is granted to copy, distribute and/or modify this documentunder the terms of the OWASP License.The OWASP Foundationhttp://www.owasp.org

AgendaVoIPVoIP BasicsBasics –– AnAn IntroductionIntroductionVoIPVoIP –– CallCall SetupSetupVoIPVoIP SecuritySecurity –– Threats,Threats, Vulnerabilities,Vulnerabilities, AttacksAttacksVoIPVoIP SecuritySecurity –– CountermeasuresCountermeasuresVoIPVoIP SecuritySecurity –– AssessingAssessing SecuritySecurity ControlsControlsQ&A,Q&A, FeedbackFeedback andand ClosingClosingOWASP2

VoIP BasicsOWASP

VOIP BasicsWhat is Voice Over IP?The packetisation and transport of classic publicswitched telephone system audio over an IPnetworkA suite of IP-based communications servicesProvides multimedia communications over IPnetworksOperates over any IP network (not just the Internet)Low-cost alternative to PSTN callingFew examples . . .Soft phones : Skype, Microsoft Net meeting,ohphone, gphone, Asterisk* etc.Enterprise : Small IP phone deployments, IPPBX, Cisco Call manager.OWASP4

VOIP overview - ProtocolsThe protocols combining any IP Telephony architecture are divided into thefollowing roles:Signaling ProtocolsSignaling protocols manage the set up, modification and termination of a phone callbetween the two of them.Media Transport ProtocolsMedia transport protocols are used to carry voice samples (such as RTP)OWASP

VOIP overview – Signaling ProtocolsThe VoIP Signaling Protocols perform thefollowing services:Locate User – The ability to locate anotheruser with whom a user wishes tocommunicate.Session Establishment – The ability of thecalled party to accept a call, reject a call, orredirect the call to another location or service.Session Setup Negotiation – The ability of thecommunicating parties to negotiate the set ofparameters to be used during the session. Thisincludes, but not limited to, Audio encoding.Modify Session – The ability to change asession’s parameters such as using a differentAudio encoding, adding/removing a sessionparticipant, etc.Teardown Session – The ability to end asession.OWASP

VOIP overview – Media Transport ProtocolsThe VoIP Media Transport protocolsperform the following services:Digitize using CODEC: The ability to digitizevoice using a codec.Compression: The ability to compressvoice into smaller samples.Encapsulation: The ability to encapsulatethe compressed voice samples within an IPtransport protocol.Transportation: The ability to transportthe digitized compressed packet over an IPnetwork.OWASP

VOIP protocolsSIPH.323RTPLet’s have a look at theseVOIP Protocols in detail OWASP

VOIP protocols – SIP overviewSIP is a signaling protocol, widely used forcontrollingmultimediacommunicationsessions such as voice and video calls overInternet Protocol (IP). It allows two speaking parties to set up, modify, and terminate a phone call between the two of them.SIP HeaderThe SIP protocol is an Application Layerprotocol designed to be independent of theunderlying transport layer; it can run onTransmission Control Protocol (TCP), UserDatagram Protocol (UDP)SIP clients typically use TCP or UDP on portnumbers 5060 and/or 5061 to connect toSIP servers and other SIP endpoints. Port5060 is commonly used for non-encryptedsignaling traffic whereas port 5061 is typicallyused for traffic encrypted with TransportLayer Security (TLS).OWASP

SIP Architecture ElementsOWASP

SIP RequestsFollowing are the SIP Requests that are sent at the time of session establishment:SIP requestDescriptionRFC ReferenceBYETerminates an existing connection between two users in a session.RFC 3261OPTIONSDetermines the SIP messages and codecs that the UA or serverunderstands.RFC 3261REGISTERRegisters a location from a SIP user.RFC 3261ACKAcknowledges a response from an INVITE request.RFC 3261CANCELCancels a pending INVITE request, but does not affect a completedrequest (for instance, stops the call setup if the phone is stillringing).REFERTransfers calls and contacts external resources.RFC 3515SUBSCRIBEIndicates the desire for future NOTIFY requests.RFC 3265NOTIFYProvides information about a state change that is not related to aspecific session.RFC 3261OWASP

SIP ResponsesFollowing are the SIP Responses that are sent at the time of session establishment:482 Loop Detected483 Too Many Hops484 Address Incomplete485 Ambiguous486 Busy Here5xx responses: Server failure responses500 Internal Server Error501 Not Implemented502 Bad Gateway503 Service Unavailable504 Gateway Time-out505 SIP Version Not Supported6xx responses global failure responses600 Busy Everywhere603 Decline604 Does Not Exist Anywhere606 Not AcceptableOWASP

VOIP protocols – RTP overviewRTP (Real Time Transmission Protocol) is a datatransfer protocol, which deals with the transferof real-time multimedia data.Information provided by this protocol includetimestamps (for synchronization), sequencenumbers (for packet loss detection) and thepayload format which indicates the encodedformat of the data.RTP does not assure delivery or order of packets.However, RTP's sequence numbers allowapplications, such as an IP phone, to check forlost or out of order packets.RTP includes the RTP control protocol (RTCP),which is used to monitor the quality of serviceand to convey information about the participantsin an ongoing session.OWASP

VoIP –Call SetupOWASP

SIP Call Flow – End to EndABC uses a SIP application on her PC (referred to as a softphone) to call XYZ on his SIP phoneover the Internet. ABC sends an INVITE to User B to initiate a phone call. The two SIP proxy servers that act on behalf of ABC and XYZ facilitate the session establishment. XYZ receives the request (his phones rings).While XYZ’s phone is ringing, he sends updates(TRYING, SESSION PROGRESS, and so on). User B picks up the phone and sends an OKresponse to the caller.ABC responds with an ACK acknowledgment.The conversation via RTP is established directly between the two parties.XYZ hangs up and sends a BYE message.ABC accepts the BYE message, and sends an OK as an acknowledgment.Let’s have a look at SIP call establishment in detail OWASP

SIP Call setup – RegistrationThe proxy server learns about the current location of XYZ, in the previous example through the process ofRegistration. F1 REGISTER Bob - Registrar REGISTER sip:registrar.biloxi.com SIP/2.0 Via: SIP/2.0/UDP SIP RegistrationServerbobspc.biloxi.com:5060;branch z9hG4bKnashds7 Max-Forwards: 70 To: Bob sip:bob@biloxi.com From: Bob sip:bob@biloxi.com ;tag 456248 Call-ID: 843817637684230@998sdasdh09 CSeq: 1826 REGISTER Contact: sip:bob@192.0.2.4 Expires: 7200 The informationContent-Length: 0 expires after 2 hoursBob’s SIP PhoneREGISTER F1200 OK F2Associating Bob’s URI sip:bob@biloxy.com with the machine he iscurrently logged (theContact information) sip:bob@192.0.2.4 OWASP

SIP Call setup – INVITEINVITE is an example of a SIP method that specifies the action that the requestor (ABC) wants theserver (XYZ) to take.The Method nameThe address which Alice isexpecting to receiveresponses. This parameterindicates the path the returnmessage needs to takeINVITE sip:bob@biloxi.com SIP/2.0 Via: SIP/2.0/UDP pc33.atlanta.com;branch z9hG4bK776asdhds Max-Forwards: 70 A display name and a SIP orSIPS URI towards which the To: Bob sip:bob@biloxi.com request was originallydirected From: Alice sip:alice@atlanta.com ;tag 1928301774 Contains a globally unique Call-ID: a84b4c76e66710@pc33.atlanta.com identifier for this call CSeq: 314159 INVITEContains an integerContains a SIP or SIPS(traditional sequence number) Contact: sip:alice@pc33.atlanta.com URI that represents aand a method namedirect route to Alice Content-Type: application/sdp Content-Length: 142 OWASP

SIP Call setup – Forced RoutingIn the previous example, theexample.com proxy server if wishedto remain in the SIP messaging pathbeyond the initial INVITE, it wouldadd to the INVITE a required routingheader .This header field, known as RecordRoute contains a URI resolving tothe hostname or IP address of theproxy.This information would be receivedby both XYZ’s SIP phone and (due tothe Record-Route header field beingpassed back in the 200 (OK)) ABC’ssoftphone and stored for theduration of the dialog.OWASP

VoIP Security – Vulnerability, Threats, AttacksOWASP

VOIP VulnerabilitiesAttack SurfaceVulnerabilitiesUnencrypted trafficProtocolUnauthenticatedrequestsWeak encryptionInsecure configurationof devicesInfrastructureHost OS weaknessesArchitectureNetwork topology andassociation withother networkelements (e.g. routing)OWASP

What are the Threats?ThreatsSocial ThreatsAttack typesAttack subtypesSPITVishingSpoofed messagesMisrepresentationMalformed MessagesCaller ID SpoofingEavesdroppingText/FaxVideoMITM on Proxy serverInterceptionMan in the Middle AttackMITM on User agentMITM on Registeration serverCall HijackingRegisteration hijackingMedia HijackingDOS on Proxy serverService DisruptionDenial of serviceDOS on User AgentDOS on Registeration serverFuzzingOWASP

Social Threats – Associated AttacksSpam over Internet Telephony (SPIT)What is SPIT?Anyone using a PC is familiar with email SPAM. Voice SPAM refers to bulk, automatically generated,unsolicited phone calls. Voice SPAM or SPAM over Internet Telephony (SPIT) is a similar problem that willaffect VoIP.But how does it effect me?SPIT is like telemarketing on steroids. You can expect SPIT to occur with a frequency similar to emailSPAM.As with email SPAM, it is very unlikely that SPIT calls can be identified based on caller ID and otherinformation in the signaling.Another issue with SPIT is that you can't analyze the call content before the phone rings. CurrentSPAM filters do a reasonable job of blocking SPAM.Not an issue yet, but will become prevalent when:o The network makes it very inexpensive or free to generate callso Attackers have access to VoIP networks that allow generation of a large number of callso It is easy to set up a voice SPAM operation, using Asterisk, tools like “spitter”, and free VoIPaccessOWASP

Social Threats – Associated AttacksVishingWhat is Vishing?Similar to the Phishing attack, vishing is a type of identity theft attack wherein the attack is deliveredthough email or voice. Victims are usually lured into the spoofed site and giving up vital informationsuch as passwords, mother's maiden name, credit card numbers, and Social Security numbers.But how does it effect me?But how does it effect me?OWASP

Misrepresentation – Associated attacksSpoofed MessagesSpoofed messages Due to ignoring the value of 'Call-ID' andeven 'tag' and 'branch' while processingNOTIFY messages.Example:Attacker spoofs the SIP-Proxy's IP, here: 10.1.1.1 Victim10.1.1.2UDP-Message from Attacker to Victim:Session Initiation ProtocolRequest-Line: NOTIFY sip:login@10.1.1.2 SIP/2.0Message HeaderVia: SIP/2.0/UDP15.1.1.12:5060;branch 000000000000000From: "asterisk" sip:asterisk@10.1.1.1 ;tag 000000000To: sip:login@10.1.1.2 Contact: sip:asterisk@10.1.1.1 Call-ID: 00000000000000@10.1.1.1CSeq: 102 NOTIFYUser-Agent: Asterisk PBXEvent: message-summaryContent-Type: application/simple-messagesummaryContent-Length: 37Message bodyMessages-Waiting: yes\nVoicemail: 3/2\nOWASP

Misrepresentation – Associated attacksMalformed MessagesAn attacker may create and send malformed messages to the target server or client for the purpose ofservice interruption. A malformed message is a protocol message with wrong syntax. The following showsan example with a SIP INVITE message.Malformed message Inserted byattackerINVITE Hi this is a PETER sip:UserB@example.com SIP/2.0Via: SIP/2.0/UDP userAclient.example.com:5060;branch z9hG4bK74bf9Max-Forwards: 70From::::::::::::: UserA sip:UserA@example.com ;tag 9fxced76slTo: UserB sip:UserB@example.com Call-ID: 2xTb9vxSit55XU7p8@example.comCSeq: 1 INVITEContact: sip:UserA@userAclient.example.com Content-Type: application/sdpContent-Length: 151v 0o UserA 2890844526 2890844526 IN IP4 userAclient.example.coms c IN IP4 192.0.2.101t 0 0m audio 49172 RTP/AVP 0a rtpmap:0 PCMU/8000OWASP

Interception – Associated attacksMan in the middle (MITM) AttacksWhat is MITM?In a VOIP man-in-the-middle attack, the attacker intercepts call-signaling SIP message traffic andmasquerades as the calling party to the called party, or vice versa. Once the attacker has gained thisposition, he can hijack calls via a redirection serverWhich VOIP Elements can be attacked? SIP Registrar SIP Proxy Server SIP Redirect Server SIP UAOWASP

Interception – Associated attacksMITM on Proxy – 302 Moved Temporarilypqr is now acting as a SIP Proxysip.test.comSIP Proxy“pqr’s Proxy”4. FW: INVITE’6. FW: INVITE5. 100 Trying2. 302 MovedTemporarilySIP sip.example.comProxy1. INVITE3. INVITE’SIP UA [B]SIP:xyz@test.comSIP UA [A]SIP:abc@example.comOWASP

Interception – Associated attacksMITM on RegistrarSIP:pqr@test.comSIP UA [C]4. 401 Unauthorized3. Register’2. 301 Moved5. Register’’Permanently6. Confirmrequest withRegistrationappropriatecredentialsLocation Service7. Register request forxyz’s credentials8. StoreSIP Registrar1. RegisterSIP UA [B]SIP:xyz@test.comOWASP

Interception – Associated attacksMITM on Proxy - 305 Use Proxypqr is now acting as a SIP Proxysip.test.comSIP Proxy“pqr’s Proxy”4. FW: INVITE6. FW: INVITE5. 100 Trying2. 305 Use ProxySIP sip.example.comProxy1. INVITE3. INVITE’SIP UA [B]SIP:xyz@test.comSIP UA [A]SIP:abc@example.comOWASP

Interception – Associated attacksCall Hijacking - Using Manipulation of the Registration RecordsSIP:pqr@test.comSIP UA [C]Location Service10. FW: INVITE6. FW: INVITEsip.test.comSIP Proxy2. 4. StoreStore3. Register8. Query9. Reply7. 100 Trying4. INVITESIP sip.example.comProxy5. 100 TryingSIP UA [A]SIP:abc@example.comSIP Registrar1. RegisterSIP UA [B]SIP:xyz@test.comOWASP

Interception – Associated attacksCall Hijacking - Using 301 Moved Permanently Response CodeSIP:pqr@IP ADDRESSSIP UA [C]4. 301 MovedPermanentlysip.test.comSIPProxy3. FW:INVITE6. FW:INVITE5. INVITE1. INVITESIPsip.example.comProxySIP UA [B]SIP:xyz@test.com2. 100 TryingSIP UA [A]SIP:abc@example.comOWASP

Service Disruption – Associated attacksDenial of serviceWhat is Denial of service?A denial-of-service attack (DoS attack) is an attack on a computer system or network that causes a lossof service to users, typically the loss of network connectivity and services by consuming the bandwidthof the victim network or overloading the computational resources of the victim system.Which VOIP Elements can be attacked? SIP Registrar SIP Proxy Server SIP Redirect Server SIP UAOWASP

Service Disruption – Associated attacksDOS on User Agent - DOS CancelSIP:pqr@test.comSIP UA [C]DNS Server5 6. DNS Querysip.test.comSIP Proxy7. FW: INVITE8. 100 Trying13. 180Ringing3. INVITELocation ServiceSIP sip.example.comProxy4. 100Trying14. 180Ringing12. 180Ringing2. Store9 10. Query &Respond15. CANCEL11. FW:INVITE1. RegisterSIP RegistrarSIP UA [B]SIP:xyz@test.comSIP UA [A]SIP:abc@example.comOWASP

Service Disruption – Associated attacksDOS on Proxy - DOS BYESIP:pqr@test.comSIP UA [C]3. INVITELocation Service16. BYE7. Query2. sip.test.comSIP Store5. FW: INVITEProxy8. Reply10. 100Trying13. 200OK6. 100 Trying14. FW: 20011. FW: 100TryingSIP RegistrarSIP OK1. Register9. FW:INVITEsip.example.comProxySIP UA [B]12. FW: 100 TryingSIP:xyz@test.com4. 100 Trying15. FW: 200OKSIP UA [A]SIP:abc@example.comOWASP

Service Disruption – Associated attacksDOS on Proxy - DOS BYE to bothSIP:pqr@test.comSIP UA [C]Location Service16. BYE (B A)18’. FW: 200OK18. FW: 200SIP sip.example.comOKProxy17’. 200 OK19. FW: 200OKsip.test.comSIP Proxy16. BYE (A- B)19’. FW: 200OKSIP Registrar17. 200 OKSIP UA [B]SIP:xyz@test.comSIP UA [A]SIP:abc@example.comOWASP

Service Disruption – Associated attacksVOIP Flooding AttackINVITE: SIP:u1@2d4fww.hard-toresolve.domain SIP/2.0Via: SIP/2.0/UDP 10.147.65.91; branch z9hG4bk29FE738CSeq: 16466 INVITETo: sip:u1@2d4fww.hard-to-resolve.domainContent-Type: application/sdpFrom: SIP: u2@2d4fww.hard-toresolve.domain; tag 24564Call-ID: 1163525243@10.147.65.91Subject: MessageContent-Length: 184Contact: SIP: u2@2d4fww.hard-toresolve.domain SDP part not shown OWASP

FuzzingWhat is fuzzing?Fuzzing is a method for finding bugs and vulnerabilities by creating different types of packets for the target protocol that push the protocol's specifications to the breaking point. The practice of fuzzing, otherwise known as robustness testing or functional protocol testing.Buffer OverflowsBuffer overflow occurs when a program or process tries to store more data in a memory location than it has room for, resulting in adjacent memory locations being overwritten. 3%u0003%u8b00%u531b%u53ff%u 0078%u0000%u00 a Test case - Incrementally increase the length of the URL until crashing the IIS process OWASP

VoIP Security – CountermeasuresOWASP

Why traditional Logical Controls won’twork . . .Dynamic assignment of PortsQuality of ServiceFirewall LimitationsNat BindingsOWASP

CountermeasuresLogical Controls Logical Controls Protocol Authentication Selective Encryption Authorization Infrastructure Malware protection for host OS Timely patching for host OS Network Segregate VoIP and data networks in zonesand VLANs Deploy Intrusion Prevention/ DetectionSystem Filter traffic using application-level Gatewaybetween Trusted and Un-trusted Zones Encrypt (VPN) VoIP traffic over criticalsegmentsOWASP

CountermeasuresLogical Controls - Protocols Authentication Digest Authentication Used during UA registration Authenticates UA to SIP proxy Similar to HTTP digest from web browser toweb server Cannot be used between proxies Encryption Transport Layer Security (TLS) Used to secure signaling path Authenticates each endpoint on a link Provides encrypted path between each link Non-transitive trust Can be used between proxies Requires X.509 certificates Authentication and Encryption Secure RTP (SRTP) Used to secure the media path Provides end-to-end security Requires X.509 certificates Zphone (ZRTP) Used to secure the media path Provides end-to-end security Requires no X.509 certificates Relies on OSI layer 8 authorizationOWASP

CountermeasuresLogical Controls – Application Level GatewayApplication Level Gateways (ALGs) are the typical commercial solution to the firewall/NAT traversal problem. AnALG is embedded software on a firewall or NAT, that allows for dynamic configuration based on application specificinformation.OWASP

CountermeasuresLogical Controls – Session Border ControllerOWASP

VoIP Security – Assessing Security ControlsOWASP

FootprintingFootprinting is usually the first step in gatheringinformation prior to an attack - sensitive details hangingout in the public domain and available to any resourcefulhacker who knows how and where to look Footprinting does not require network access An enterprise website often contains useful information Google is very good at finding details on the web: Vendor press releases and case studies Resumes of VoIP personnel Mailing lists and user group postings Web-based VoIP logins inurl:"ccmuser/logon.asp" inurl:"ccmuser/logon.asp" site:example.com inurl:"NetworkConfiguration" cisco inurl:sip -intitle:ANNOUNCE -inurl:lists intitle:asterisk.management.portal web-accessOWASP

ScanningScanning is probing each IP address in the target range for evidenceof live systems and identify the services running on each system.Nmap is commonly used for this purpose.Example: nmap 192.168.1.2 Open An application is actively accepting TCP connections orUDP packets on this port. Closed A closed port is accessible (it receives and responds toNmap probe packets), but there is no application listening onit. Filtered Nmap cannot determine whether or not the port isopen because packet filtering prevents its probes fromreaching the port. The filtering could be from a dedicatedfirewall device, router rules, or host-based firewall software. Unfiltered The unfiltered state means that a port is accessible,but Nmap is unable to determine whether it is open or closed. open filtered Nmap places ports in this state when it is unableto determine whether a port is open or filtered. This occurs forscan types in which open ports give no response. closed filteredThis state is used when Nmap is unable todetermine whether a port is closed or filtered. It is only usedfor the IPID Idle scan. tcpwrappedTCP Wrapper is a public domain computerprogram that provides firewall services for UNIX servers andmonitors incoming packets.OWASP

Scanning After hosts are found, scans are used to find runningservices nmap -sV 192.168.1.2 After hosts are found and ports identified, the type ofdevice can be determined nmap -O -P0 192.168.1.2 Network stack fingerprinting is a common technique foridentifying hosts/devicesExample : nmap -O -P0 192.168.1.2 - UDP PORT STATESERVICE67/udp open filtered dhcpserver69/udp open filtered tftp111/udp open filtered rpcbind123/udp open filtered ntp784/udp open filtered unknown5060/udp open filtered sip32768/udp open filtered omadOWASP

EnumerationEnumeration involves testing open ports and services on hosts togather more information Includes running tools to determine if open services have knownvulnerabilities Also involves scanning for VoIP-unique information such as phonenumbers Automated REGISTER, INVITE, and OPTIONS Scanning withSIPSCAN Against SIP Servers Includes gathering information from TFTP servers and SNMPEnumeration TFTP Almost all phones use TFTP to download their configuration files The TFTP server is rarely well protected If you know or can guess the name of a configuration or firmwarefile, you can download it without even specifying a password The files are downloaded in the clear and can be easily sniffed Configuration files have usernames, passwords, IP addresses, etc.in themOWASP

Enumeration[root@attacker]# tftp 192.168.1.2tftp get example.cnfroot@attacker]# cat example.cnfSIP Configuration Generic File (start)Line 1 Settings line1 name: "502"Line 1 Extension\User ID line1 displayname "502"Line 1 Display Name line1 authname: "502“Line 1 Registration Authenticationline1 password: “test123"Line 1 Registration PasswordSNMP Enumeration Simple Network Management Protocol (SNMP) version 1is another inherently insecure protocol used by manyVoIP devices snmpwalk -c public -v 1 192.168.1.53 1.3.6.1.4.1OWASP

Tools Footprinting Google ARIN APNIC Archieve.org Enumeration Netcat SiVuS Smap Scanning fping Nessus nmap SNMP walk SNSscan SuperScan MetasploitInfrastructure Denial of ServiceFuzzing DNS Auditing tool ohrwurm RTP fuzzer Internetwork Routing Protocol Attack Suite PROTOS SIP fuzzing suite UDP Flooder TCPView WiresharkEavesdropping Cain and Abel dsniff VoIPong vomitNetwork and Application Interception arpwatch Cain and Abel Dsniff Ettercap siprogueOWASP

References NIST Security Considerations for VoIP Systems Voice over Internet Protocol (VoIP), Security Technical Implementation Guide (DISA) ml IP Telephony Tutorial, http://www.pt.com/tutorials/iptelephony/ SIP - http://www.cs.columbia.edu/sip/ IP Telephonly with SIP - www.iptel.org/sip/ SIP Tutorials The Session Initiation Protocol (SIP) http://www.cs.columbia.edu/ hgs/teaching/ais/slides/sip long.pdf SIP and the new network communications s/nortel/paper19.htm H.323 ITU Standards - http://www.imtc.org/h323.htmOWASP

Q & A, FeedbackOWASP

Question and AnswersOWASP

Thank youOWASP

VoIP Basics -An IntroductionVoIP Basics -An Introduction VoIP -Call Setup VoIP -Call Setup VoIP Security -Threats, Vulnerabilities, Attacks VoIP Security -Threats, Vulnerabilities, Attacks . PBX, Cisco Call manager. Few examples . . . OWASP VOIP overview -Protocols The protocols combining any IP Telephony architecture are divided .

Related Documents:

OWASP Code review guide, V1.1 The Ruby on Rails Security Guide v2 OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool) Internationalization Guidelines and OWASP-Spanish Project OWASP Application Security Desk Reference (ASDR) OWASP .NET Project Leader OWASP Education Project

AirLive VoIP-111A / 120A User's Manual 0 VoIP-111A / 120A SIP VoIP ATA Adapter User's Manual . Declaration of Conformity We, Manufacturer/Importer Declare that the product SIP VOIP ATA Adapter VOIP-111A , VOIP-120A is in conformity with In accordance with 89/336 EEC-EMC Directive and 1999/5 EC-R & TTE Directive

Threat Prevention Coverage – OWASP Top 10 Analysis of Check Point Coverage for OWASP Top 10 Website Vulnerability Classes The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. OWASP mission is to make software security visible, so that individuals and

OWASP effort. This shows how much passion the community has for the OWASP Top 10, and thus how critical it is for OWASP to get the Top 10 right for the majority of use cases. Although the original goal of the OWASP Top 10 project was simply to raise awareness amongst developers and managers, it has become . the. de facto application security .

The OWASP Top 10 Proactive Controls is similar to the OWASP Top 10 but is focused on defensive techniques and controls as opposed to risks. Each technique or control in this document will . OWASP Mobile Application Security Verification Standard (MASVS) OWASP Top Ten .

Chapter 7. Features Checklist for VoIP systems. Chapter 8. Top 10 business benefits of VoIP. Chapter 9. Top 10 financial benefits of VoIP. Chapter 11. Tips for transitioning from an existing PBX system to VoIP. Chapter 12. Five steps to the right VoIP supplier. Chapter 13. The 'Top 4' Hosted PBX suppliers.

Voice over Internet Protocol (VoIP) is a technology that makes it possible for users to make telephone calls over the . Examples of VoIP software are: Skype, Google talks and windows live messenger (Di Wu, 2002). 2. Overview of VoIP VoIP stand for Voice over Internet Protocol. VoIP enables us to compress and convert voice signal to digital signal

from phytate is very good to enhance animal nutrition (Simons et al., 1990; Adeola et al., 2006; Augspurger et al., 2006; Garcia et al., 2005). Excretion of phosphate can be decrease by as much as .