VoIP PENETRATION TESTING

VoIP PENETRATION TESTING

VoIP penetration testing determines the risk of a VoIP attack. Although VoIP technology corresponds to current business needs, it may introduce additional risks such as call tracking, call data manipulation, listening or unauthorized wiretapping of phone calls.

It includes assessing the VoIP infrastructure and determining the risks of an internal or remote network infrastructure attack. We evaluate the different VoIP components from a security perspective and their capability to maintain the confidentiality, integrity and availability of the environment and related traffic.

Our testing generally includes investigating the authentication mechanisms, as well as the potential interception, interruption or manipulation of the exchanged information between the client and VoIP server.

SERVICES OFFERED INCLUDE

  • Recreate customer VoIP implementations
  • Comprehend VoIP configurations and Network designs
  • Physical voice port access checks
  • Traffic Capture and Eavesdropping
  • Caller Id Spoofing
  • Identify Denial of Service (DoS) vulnerabilities

OUR APPROACH

Internal VoIP Assessment

Testing VoIP Call Requirements

Testing VLAN Configuration,

Network Design, and QoS requirements

Gaining access to physical voice port

Gaining access into Voice VLAN

Determine degree of risk of internal attacks from same VLAN

Determine degree of risk of internal attacks from other VLANs

Remote VoIP Assessment

Testing remote VoIP call requirements

Determine degree of risk of external attacks

What are the deliverables?

At the end of the project, the client receives the following:

1. Executive report

which is an easy to follow few page report that includes bird eye view of complete penetration testing, list of the findings and a short explanation of the security fixes or mitigation techniques.

2.Technical report

which includes the following sections:

Introduction

Methodology

Findings and recommendations

Each finding that is considered a security threat includes:

  • A description of the security issues as it affects the target system
  • Our assessment of the impact of the vulnerability
  • Details on how to reproduce the issue found
  • Solutions and recommendations, which are tailored for the target audience and can go into quite some detail

  • WHAT DO WE PROMISE?

    Secugenius employs a wide variety of tools and techniques to carry out penetration testing. Each and every test is carried out by skilled security testers and the results are manually verified before communicating to you. The end result is you get comprehensive and accurate understanding of your security posture and can immediately take mitigating steps for closing any identified weakness.