French version French version Sitemap Sitemap Private AccessLogin
IT Security

" For a major avionics supplier "


> Case Studies : Security Audit of a VoIP network

Security Audit of a VoIP infrastructure in order to define its real level of security.
The main parts of the analysis are defined with the client's staff.

The results of the audit have participated to optimize network's availability and to reduce attacks risks.

Multi-layer Audit

  • Communication and signalis
  • Configuration analysis and searching equipments vulnerabilities.
  • Wireless network Security (Wifi)
  • Encryption costs on QoS
  • VoIP services analysis (Unified Messaging)
  • Disaster Recovery Plan Analysis

Example : Some critical attacks on VoIP.

  • Spoofing servers : modify IP phones binary, address book, ...
  • Sniffing private IP communications (listening conversation, discovery DTMF composition like credit card number,...).
  • Deny of Service by blocking all new calls.
  • Compromise a system exploiting a software vulnerability (softphone, unified messaging, ...) to bypass network security.
 > Contact us



>Our methodology

Find all weakness in the network and VoIP services

Our methodology is based on our high skills on penetration testing and we will bring you the tools to manage security costs.

The main parts are the followings:

  • Confidentiality :
    • Spoof an ID by sending forged messages.
    • Join silently an conversation.
    • Sniffing Voice network: "Man-in-the-middle", "sniffing", "DTMF" composition, decrypt conversations.
  • Availability :
    • Deny of Service by changing "Codec" on the fly.
    • Deny of Service by sending forged messages SIP.
    • Deny of Service by attacking network layer.
  • Integrity :
    • Attack web access from network equipements.
    • System assessment of "Call Manager/IPBX" (private OS, Windows, Linux, Solaris, ...).
    • Testing separation between Voice and Data networks.
    • Testing restriction against incoming connection (Wardialing and rebound).
    • Firewall analysis.
    • Attack on VoIP infrastructure (TFTP/DHCP/DNS).
  • Quality of Service:
    • Testing Voice priority.
    • Testing disaster follow-up and alerts
    • Overlaod and Burst.
    • Injection de "pourriels" vocaux.
  • Disaster Recovery Plan :
    • Disaster Recovery Plan analysis.
    • Urgency numbers priority (911,...).
 > Contact us

VOIP AUDIT

> Our VoIP Benefits:

+ Global security solution not only network analysis

+ Intrusion Detection Solution



> About us :

+ The company

+ Our solutions

+: Contact a VoIP expert



> See also :

+ Whitepapers VoIP

+ VoIP risks (French Only)