VoIP Security Course / SIP Security Training Hands On Workshop


SIP Security Training is an essential skill for you and your team. Securing VoIP infrastructure and SIP security is a critical component of enterprise IT security strategy.  Today many corporations are discovering too late that their VoIP infrastructure is unsecured.  From G.711 unencrypted RTP streams flowing across Internet Service Providers, to TLS enabled SIPS that fails to establish true "end to end" authentication and encryption, there is a crisis in modern VoIP security.  Join our team of expert VoIP/SIP engineers for this hands on, up to date, and real world workshop.

What you will learn

  • Learn how to secure VoIP infrastructure.  Understand exactly how authentication and encryption work, how the standards that have been developed over the years are applied to both enterprise internal networks, and how to properly secure communications with SIP Trunking service providers, ITSPs, major carriers, and the general public.  
  • Understand SIPS.  SIP over TLS.  What are the advantages and with are the limitations
  • Run real world secure VoIP wireshark captures throughout the class
  • See real world SRTP & learn how SIPS Man in Middle attacks can occur in multi-service provider SIP Trunking
  • Deploy ZRTP.  Learn exactly how this promising IETF RFC standard works and why it may be a critical solution you need to deploy
  • Understand exactly how Session Border Controllers (SBC) operate
  • See inside the latest Firewalls, SPI and Application Layer gateways
  • Create and run IPsec & TLS/SSL VPNs.  Understand how to get these technologies operational and their limitations for VoIP
  • Setup, configure and test Kali Linux penetration testing Distro
  • much, much more


Who Needs to Attend

Anyone involved in VoIP & SIP deployments needs to attend our SIP Security training class.  This is simply no longer an "optional" topic that can be left to others within the IT security teams.  Far too many VoIP/SIP threats are emerging that demand a detailed understanding of RTP & SIP deployment architectures.  The threat profile is growing even more rapidly that deployments and breaches in enterprise VoIP security are happening now.


Students must complete our VoIP and our SIP Hands on Workshops prior to attending, or have equal experience and exposure to complex VoIP/SIP architectures.  No vendor specific training is needed.  We are vendor neutral smileyand interested in VoIP Security across vendor specific and multi-vendor environments.

Detailed Course Outline

Module One:  Overview of VoIP Security Architecture

  • The challenge of securing VoIP & SIP
  • Current best practices and examples of challenges
  • Examples of MiTM attacks that occur because IT security teams do not understand how SIP Trunking can create a breach in the security chain for SRTP AES key management
  • More horrific examples of terrible Cloud Based PBX vendor VoIP & SIP security (or lack of it).  Warning, do not eat the free breakfast, including the yummy hash browns :) we provide until after you see this!

Module Two:  Understanding the Core Concepts of IT Security Authentication & Encryption in a VoIP/SIP context

  • Understanding the idea of "Information transport" and "information confirmation"
  • Authentication, Digital Signatures & Encryption understanding the "big three"
  • What does it mean to Authenticate information?
  • What is Authentication & how does it work?
  • What does a McDonald's Hash Brown have to do with this?  And how do they make them taste so great!wink
    • Introduction to Authentication algorithms
      • HMAC-MD5
      • HMAC-SHA-1
      • SHA, MD5, SHA, etc
      • What is a Nonce?
      • How can we make sure a hash can only be used (eaten?) once. One time use and Man in the Middle
    • What is Encryption and how does it work?
    • introduction to Encryption Algorithms
    • Why do we need a "key" for encryption?
    • Symmetric Key Encryption
    • Symmetric Key Block Ciphers
      • AES overview
    • The never ending problem of "key exchange"
    • Then along came a Mathematician named Diffie, and his friend named Hellman
      • These are really, really, smart math geeks
      • you need to understand how their radical idea for distributing cryptographic keys changed everything and made ecommerce possible (20 years later!)
    • Understanding the idea of Public/Private Key pair
    • Public/Private Key Asymmetric Encryption standards
      • RSA
      • DH
    • Understanding Certificates & Certificate Authorities
    • X.509:  what does it contain>
    • Do it Yourself Certificates: Running SimpleCA
    • Building a company specific root authority: advantages and disadvantages
    • Public Key Infrastructure: PKI
  • VoIP enterprise architecture review
    • SIP Proxy Server
    • PSTN Gateways
    • User Agents
    • Session Border Controller
  • Review of SIP Call Flows
  • Capture and analyze basic SIP call flow

Module Three: IPsec & TLS: Transport Layer Security Deployment for VPN

  • Overview of IPsec
  • IPv6/IPv4 deployment
  • Trends in IPsec
  • ​Supported encryption and authentication algorithms
  • IPsec key management: IKE
  • Authentication Header (AH)
  • Encapsulating Security Payload Header (ESP)
  • Tunnel vs Transport modes
  • Lab: Setup and configure IPsec VPN tunnels using ESP
  • Wireshark capture & analyze complete IPsec IKE setup and ESP traffic
  • Understanding TLS: Transport Layer Security
  • Explore exactly how SSL & TLS operate
  • The limitations of SSLv3 that require the deployment of TLS
  • Lab: Capture complete TLS VPN setup
  • Lab: Observe HTTPS TLS setup with secure website

Module Four: VoIP Architecture Security Considerations

  • Layered approach to SIP/VoIP Security
  • Understanding the importance of Layer 1/2
    • MAC address spoofing
    • Switch configuration
    • VLAN Hopping
    • Wifi security
    • The dual L2 problem:  Roaming Laptops & WiFi Hotspot detection
  • Layer 3 Security
    • From IP address spoofing to SIP header Contact field manipulation, L3 is a security nightmare
  • Layer 4+ Ports, NATs, and all that can go wrong
  • Firewalls
  • Intrusion Detection
  • Application Layer Gateways
  • Session Border Controllers & the Demarc concept
  • Deploying SIPS inside the enterprise
  • VoIP deployment in real world enterprises
    • Soft Phones: is this platform secure?
    • BYOD: Say good bye to control and hello to the world!
    • Embedded OS/Firmware considerations with vendor IP Phones: Is your vendor proactive?
    • Hardening SIP Servers
    • PSTN Gateways: The last line of defence
    • Session Border Controller, deployment best practices with SIP Trunking service providers
  • Carrier SIPS SIP Trunking architecture considerations
  • Real World Examples of SIPS deployment
  • Lab:  Setup & configure SIPS with carrier

Module Four: Overcoming the Limitations of SIPS

  • So how does all of this apply to VoIP?
  • Capture G.711 codec/RTP VoIP call using Wireshark, decode audio
    • Yeah, that's a problem... a very BIG problem that is happening to untold thousands of cloud based IP PBX vendor calls right now!
  • The need to authenticate SIP METHODS
    • MD5 algorithm to authenticate REGISTER & INVITE
    • Advantages and disadvantages of extending authentication to all SIP METHODS
    • Ensuring MiTM cannot replay SIP METHOD
    • Lab: Capture SIP INVITE METHOD spoofing attack
  • SIPS: Securing SIP
    • Understanding how modern SIP Proxy Server deployment architectures impede SIPS end to end security
    • SDES implementation with SIPS
    • Achieving symmetric encryption for SRTP using SIPS for AES key exchange
    • Compare SIPS deployment architectures to real world SIP trunking deployments
    • SIPS & SRTP AES key exchange: The details
    • Lab:  Capture SIP/SDP unencrypted with AES key & HMAC
    • The limitations of SIPS/SDES
    • The role of CA - Certificate Authorities in securing SIP across multiple internet domains
    • ​Can PKI save SIPS?
    • Examples of SIPS hacking caused by SIP Trunking service provider hand offs regardless of CA architecture
  • ZRTP: The newest, shiny idea, and it just might work "pretty good"wink
  • ZRTP IETF RFC review
  • Why you can't count on SIPS Certificate Authorities
  • ZRTP deployment
  • Lab: Capture ZRTP setup and key exchange
  • Explore how ZRTP tries to minimize MiTM attack

Module Five:  VoIP Attacks & Prevention

  • In this capstone module, students will work in small groups to build real life, live VoIP/SIP deployments using cloud based servers, VMs, and various vendor/vendor neutral hardware (IP PBXs, IP PHones, PSTN gateways, SBCs, Firewalls, SPIs, etc)
  • Lab: Design and deploy secure real world VoIP deployments using various vendor and open source products
  • Lab: Using provided tools such as Wireshark, InSSIDER, Kali Linux Distro, and other tools, each group will attempt various penetration and monitoring tests on other group secure VoIP deployments

View Schedule