VoIP penetration testing determines the risk of a VoIP attack. Although VoIP technology corresponds to current business needs, it may introduce additional risks such as call tracking, call data manipulation, listening or unauthorized wiretapping of phone calls.
It includes assessing the VoIP infrastructure and determining the risks of an internal or remote network infrastructure attack. We evaluate the different VoIP components from a security perspective and their capability to maintain the confidentiality, integrity and availability of the environment and related traffic.
Our testing generally includes investigating the authentication mechanisms, as well as the potential interception, interruption or manipulation of the exchanged information between the client and VoIP server.
Internal VoIP Assessment
Testing VoIP Call Requirements
Testing VLAN Configuration,
Network Design, and QoS requirements
Gaining access to physical voice port
Gaining access into Voice VLAN
Determine degree of risk of internal attacks from same VLAN
Determine degree of risk of internal attacks from other VLANs
Remote VoIP Assessment
Testing remote VoIP call requirements
Determine degree of risk of external attacks
At the end of the project, the client receives the following:
1. Executive report
which is an easy to follow few page report that includes bird eye view of complete penetration testing, list of the findings and a short explanation of the security fixes or mitigation techniques.
which includes the following sections:
Findings and recommendations
Each finding that is considered a security threat includes:
CybitRock employs a wide variety of tools and techniques to carry out penetration testing. Each and every test is carried out by skilled security testers and the results are manually verified before communicating to you. The end result is you get comprehensive and accurate understanding of your security posture and can immediately take mitigating steps for closing any identified weakness.