N-595: VoIP Security Analysis and Design

Course Overview:

As VoIP (Voice-over IP) is integrated into the operations of many missions, it is imperative to understand its security ramifications.  In the N-595: VoIP Security Analysis and Design class the objectives are designed for those who are chartered with the responsibility of securing networks and application environments that incorporate VoIP.   Topics include how VoIP works, its interactions with the network, its vulnerabilities and mitigations.  Focus is on leading open source and proprietary technologies utilizing Asterisk and Cisco and the protocols SIP, H.323, RTP, MGCP, and Skinny.  Other protocols such as Nortel's UNIStim will be addressed.  As for Cisco, security pieces in the VoIP CallManager servers, Catalyst switches, IOS-based routers, and ASA firewalls, amounts to several different platforms, each with its own management interface and lockdown procedures.   Various open source tools including those in BackTrack are used for VoIP attacks.  A task list of actions for securing enterprise VoIP is carried out in hands-on labs, performed on Cisco phones, routers, switches, and ASA firewalls.

Attendees to N-595: VoIP Security Analysis and Design will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • VoIP Architecture
  • VoIP Signaling and media protocols
  • Common VoIP authentication mechanisms
  • Common VoIP encryption techniques
  • VoIP protocol analysis with Wireshark
  • Maintaining QoS while mitigating DoS
  • VoXML, XML, and application integration security
  • Converged network security design and implementation
  • Impact of NAT and firewalls
  • SIP, H.323, and MGCP vulnerabilities
  • VPN, IPsec and SRTP to secure VoIP services
  • Penetration testing with open source tools
  • Attacks for Eavesdropping, call redirection, and DoS
  • Design of hacked firmware virtualization layer
  • Concise lockdown steps for network hardware and VoIP

Prerequisites:

  • This is an advanced Information Security Course which requires basic Windows & UNIX competency
  • Certification or 2 years of experience in these operating systems is highly recommended
  • As well as an understanding of TCP/IP

Comments

Latest comments from students

Liked the class?  Then let everyone know!

Virtualization/Cloud

TechNow has been involved in enterprise client server architectures since 1990.  TechNow has delivered  national and international implementations for Valero, Wholefoods, Quest, USAA, Golfsmith, AMD, Motorola, and many other fortune 1000 corporations, 

TechNow's training program has followed the evolution of enterprise computing into virtualization and cloud computing. With a focus on security, TechNow can present the ramifications of many centralized strategies.  All courses utilize enterprise instructors with experience and can discuss the detail of implementation and the integration into an existing infrastructure.

in   

Observations of Instructor Led Training with Real Hardware

TechNow has heard many students talk about virtualized/remote training that TechNow Does Not Do.  While training our most recent offering of PA-215: Palo Alto Networks Firewall Essentials FastTrack a student told his story of how he endend up in our course.  His story we have heard for other technologies like Cisco, VMware, BlueCoat and other products.

A large percentage of training is moving to the virtualized/remote lab environments.  Students are asked to use some variant of remote access software and remote into the training company's lab environment. Our student in our Palo Alto Networks Firewall course informed us that he went to a very costly offering of that course from the vendor and was not able to perform any labs.  There were either network connectivity issues, or issues with the remote access software, or other problems.  The whole training experience was very frustrating and not productive.

We keep our labs open to students if they would like after hours, or before hours access.  Repeatedly going through a lab engrains that knowledge for later recall.  Touching hardware is so critical in understanding the problems that arise when a cable comes loose, or a cable gets plugged in the wrong port.  There are other scenarios such as just pulling the power cable, or turning off a power strip, or accidently overwriting a configuration.  These disaster scenarious requires hands-on physical access to hardware.  Preventing and recovering from disasters is what it's all about, and that requires hands-on, instructor led, real hardware.

DoD 8570 Training in San Antonio, TX

DoD 8570 Training in San Antonio, TX.

TechNow has developed a proven training program that brings the skillset to the certification process.  TechNow is a mobile testing center that can deliver D0D 8570 training and the certification in one week. Our intergrated DoD 8570 training in San Antonio, TX  incorporates hands on skills with testing objectives that produces an incredibly high pass rate.  To learn more about our DoD 8570 training program click here

DoD-8570 in San Antonio, TX

TN-425: Certified Offensive AI Security Professional (C|OASP)

Certified Offensive AI Security Professional (COASP) validates the competencies required for practitioners who need to demonstrate offensive AI security skills, emulating adversaries, validating defenses, and leading red-team/blue-team exercises to keep AI resilient, reliable, and auditable

The Certified Offensive AI Security Professional (COASP) equips you to identify and neutralize AI-specific threats before attackers do. And Bridges security, engineering, and data science so controls exist across the full AI life cycle.

Participants will gain hands-on experience to perform end-to-end adversarial testing and deliver defensive validation evidence including the ability to simulate adversarial AI kill chains, Harden AI architectures by secure system prompts, context windows, tool integrations, RAG pipelines, and agent memory, Conducting AI security assessments aligned to MITRE ATLAS, OWASP LLM/ML Top 10, NIST AI RMF, and DoD Test & Evaluation practices , This course covers how to build SOC-ready capabilities for AI-focused detection logic, incident playbooks, and forensic procedures , & how to execute prompt injection, adversarial prompting , Assess AI supply-chain risk , Implement defensive engineering controls and Produce assurance and compliance artifacts.

By the end of the course, learners will be well-prepared to take the Certified Offensive AI Security Professional (COASP) exam and demonstrate the ability to exploit vulnerabilities in LLMs and agents, and build defense that survive real world attacks, learners will master offensive techniques that break AI before the attackers do.

 

Course Outline: 

01. Offensive AI and AI System Hacking Methodology

02. AI Reconnaissance and Attack Surface Mapping

03. AI Vulnerability Scanning and Fuzzing

04. Prompt Injection and LLM Application Attacks

05. Adversarial Machine Learning and Model Privacy Attacks

06. Data and Training Pipeline Attacks

07. Agentic AI and Model-to-Model Attacks

08. AI Infrastructure and Supply Chain Attacks

09. AI Security Testing, Evaluation, and Hardening

10. AI Incident Response and Forensics 

 

Prerequisites: 

TN-412: Artificial Intelligence Essentials (AI|E) 

 

Dates/Locations:

No Events