SIP authentication hardening
Digest auth pitfalls in production, mutual TLS for SIP signaling, OAuth and OIDC integration where it fits.
The VoIP Engineer's Library · Vol II · Forthcoming Securing VoIP
Securing VoIP
at Every Layer
A practical guide to hardening, detecting, and responding to voice-system attacks.
A full first draft is complete and the book is moving through editorial, pcap-library, and production work. No firm release date yet — if you'd like to be notified when it goes live, drop a note.
The same capture-driven approach, applied to attack
Volume I — Network Analysis for VoIP Engineers — builds the diagnostic discipline of reading VoIP traffic on the wire: capture the call, identify the failure, fix the root cause. Volume II carries that capture-driven methodology into the security space.
The same packet-level fluency that lets you diagnose one-way audio by reading an SDP body also lets you spot toll-fraud reconnaissance in OPTIONS scanning, validate that SRTP is actually encrypting your media, recognize a credential- stuffing attempt in REGISTER traffic, or reconstruct an incident timeline from a HEP archive. The book treats security as something that happens on the wire — and so should the engineer responding to it.
Where Vol I asks why did this call fail?, Vol II asks how do we keep this platform from being attacked, defrauded, or non-compliant — and how do we tell when it is? Read in either order, together the two volumes cover the full operational responsibility of running VoIP for an organization: diagnose, harden, detect, respond.
What it will cover
Final table of contents is still in flux, but the book's scope is settled across three pillars — hardening production VoIP against attack, detecting the attacks that get through anyway, and responding when an incident happens:
Defensive architectures
Call-volume anomaly detection, geo-blocking and destination whitelisting, IRSF mitigation patterns, the operational playbooks that actually work.
SBC security posture
Rate limiting, topology hiding, ACL design, attack pattern detection. Configuration patterns for Kamailio, Asterisk, and NetSapiens.
SRTP enforcement
SRTP across the call path, key exchange via SDES / DTLS-SRTP / ZRTP, when each fits, and the gotchas that break interop.
Compliance posture
Attestation levels, signing infrastructure, validation chains, and the regulatory landscape — what a working compliance implementation actually looks like.
Healthcare, finance, FCC
HIPAA considerations for healthcare VoIP, PCI-DSS for financial services, FCC requirements, data sovereignty across jurisdictions.
When detection fires
Forensic capture for VoIP incidents, breach-detection signals worth alerting on, regulatory notification workflows, and the response playbooks that turn a 3 AM alert into a contained incident.
In the meantime
Volume I is out now
The diagnostic foundation that Vol II builds on. Network Analysis for VoIP Engineers — paperback and Kindle — with the full companion library of annotated packet captures, Wireshark profile, cheat sheet, and lab guide.