In light of the rapid expansion of VoIP and the new security risks associated with that growth, SANS will teach a VoIP Security course in Europe for the first time. The intensive course offers a detailed in-class analysis of infrastructure, signaling, and media attacks which can expose the security risks of VoIP networks for service providers, carriers, and enterprises.

 SANS is one of the largest providers of information security training in the world. Its computer security courses are developed by industry leaders in numerous fields including network security, forensics, audit, security leadership, and application security.

The SANS will teach the first European session of its new Security 540: VoIP Security course at the upcoming SANS Secure Europe event in Amsterdam this May. The 6-day course which debuted last year in Sacramento, has been extremely popular to date.

Students will learn how to understand and protect against various attacks including VoIP signaling and media eavesdropping, caller ID impersonation, VoIP authentication cracking , man-in-the-middle call manipulation and media injection.

“The course is very hands on and will give attendees a real understanding of how to test and protect VoIP networks against an increasingly focused and organized criminal element,’’ explains Paul Henry, one of the world's foremost information security and computer forensic experts with more than 20 years' experience.

Henry points to examples such as the arrests made In Budapest and London last year of 30 members of an organized criminal gang that allegedly stole 11 million Euros through VoIP toll fraud. The gang used thousands of stolen VoIP account details to make 1.5 million calls to premium rate numbers which in turn paid the gang a percentage of the inflated call charges. Other cases, like Edwin Andres Pena who was sentenced to 10 years in jail in a US Federal Court for stealing and reselling VoIP call credits, are part of a growing trend. “The automated billing mechanisms of VoIP services using direct debit or credi tcards make these prized targets for criminals who often have difficulty selling stolen data,” Henry adds.

Henry, who regularly advises and consults on some of the world's most challenging and high-risk information security projects, believes that only 1 in 10 organizations that deploy VoIP specifically look at the security implications of these new voice services. “The widely held assumption that VoIP traffic is difficult to intercept is plainly wrong,” he comments, pointing to a growing number of free tools that will capture SIP based voice calls and turn them into audio files via minimal access to a shared IP network.

SANS Secure Europe Amsterdam is the second biggest event outside of the US offering 8 top level courses. The classes will run over two weeks, with 4 each week cycle giving technical, hands-on and in depth information security courses, covering a range of InfoSec disciplines.