+1-347-994-8732
+91-022-23532909VoIP Security Assessment Service
Introduction
As business enterprises migrate from traditional telephony infrastructure to VOIP networks, they are unfortunately not making any security consideration while VOIP deployment. Reason - the real threat is still developing and at present there are only few well publicized attacks that have happened. Some of them are toll fraud, barge into conversation or listen to voicemails, denial of service (DOS) etc.
Security Brigade's VoIP Security Assessment service consists of a suite of analysis, testing and audit modules. As part of its VoIP Security Assessment Service, Security Brigade reviews VoIP system architecture, tests the network and network devices for vulnerabilities, and evaluates VoIP policies.
- Comprehensive Review of existing security policies, procedures, controls and practices.
- Expert managed, safe simulations of typical internet and insider threats, impact monitoring and easy to understand reports with corrective actions and best-practice recommendations.
- In-depth Assessment of your organization's key operational infrastructure.
- Prevent Loss of customer information, trust and organizational reputation.
- Reduced Risk of intentional or accidental misuse of sensitive data or internal assets.
Approach
Security Brigade's VoIP Security Assessment Service approach is based on best practices and well-developed methodologies while incorporating sophisticated testing software, methodology and experienced consultants - A blend of best practices and proprietary process. In-addition, our continual innovation through research & development ensures a thorough check of your system and application infrastructure.
Our Approach
Our VoIP Security Assessment Service methodology is an in-depth process that has been built through experience and thorough understanding of customer requirements.
|
|
Technical Experience
Security Brigade has had the privilege of working with a large number of customers with varied operational environments. As a result, our consultants have broad technical experience and some of the environments we have worked with are listed below.| Operating Systems: Windows Server 2000, 2003, 2008, Redhat Linux, Sun Solaris, HP-UX, IBM AIX, Open VMS, Novell Netware, Open Enterprise Server, Suse Linux, IBM OS/2, Win NT, SCO Unix, SCO OpenServer, IRIX, FreeBSD, OpenBSD, NetBSD, OpenSolaris. |
| Firewalls: Cisco PIX/ASA, Checkpoint, Netscreen, Watchguard, Sonicwall, Fortigate, Web Application Firewalls. |
| Intrusion Detection Systems: ISS RealSecure, Cisco Secure, Dragon IDS, Fortinet, Snort, Sourcefire, Checkpoint RealSecure. |
| Network Devices: Routers, Firewalls, Switches, IDS/IPS, Load Balancers, Layer 7 Switches. |
| VoIP Devices: VoIP Routers, IP Phones, PSTN Gateways, ISDN Gateways, PBX Gateways, VoIP Switches, SIP Phones, H.323 Gateways. |
| Others: Microsoft Sharepoint, SAP, Active Directory, ISA Proxy, Squid Proxy. |
| Mobile Devices: PDAs, Blackberies, Notebook Computers, Netbooks, Pocket PCs, Smart Phones, Tablet PCs, Microsoft Mobile Servers, Blackberry BES/MDS Servers. |
In-House Tools for VoIP Security Assessment Service
| sdFinder - Identifies internal hosts on non-contiguous IP ranges. It allows us to detect sensitive information about our clients commercial, intranet and extranet networks. | ||||||||
| webDiscovery - Identifies as many applications as possible on Client web-servers. The applications discovered through webDiscovery allow us to provide a superior web application security testing service than competitive services and products. It allows us to increase the scope of the audit and cover more areas that could be attacked by malicious users; that would not be covered by a traditional audit. | ||||||||
| networkMapper - Network Mapper uses proprietary technology to be able to identify alternative network routes to bypass security mechanisms such as IDS/IPS/Firewall etc. It allows our experts to bypass existing security implementations and gain direct access to the systems behind them. | ||||||||
| webTester - Utilizes our Benchmark Development System to ensure that we can identify maximum vulnerabilities in applications through automated mechanisms. Along with flaws that are known, it uses in-house research to test for vulnerabilities that are not in the public domain. It allows us to automate the process of identifying and testing known and unknown vulnerabilities in web-applications and strike a cost-effective time to effort ratio. | ||||||||
| VA Framework - Integrated solution developed by our security experts that have an expertise in the vulnerability assessment domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client's requirements. | ||||||||
| PT Framework - Integrated solution developed by our security experts that have an expertise in the penetration testing domain. It allows us to integrate the manual and automated testing processes with commercial and open-source software. Our Integrated Reporting Engine allows us to cross-reference information from all the different components and generate a report based on our Client's requirements. | ||||||||
| webSpider - Uses advanced HTML, Java Script, Ajax, Flash and XML parsing engines to identify and map as much of the client applications as possible. This not only assists our automated webTester engine, but also assists in carrying out the manual testing process in an efficient manner. It allows us to attain a cost-effective balance between thorough testing and time required. | ||||||||
sapScan - Security and Configuration Assistant for SAP Security Audits.
| riskReview - General Risk Assessment Tool.
| erpInterrogate - ERP Security and Configuration Assessment and Control Tool.
| Windows Batch Scripts - Windows batch scripts to automate routine server hardening functions and processes.
| Linux Bash Scripts - Linux Bash scripts to automate routine server hardening functions and processes.
| Oracle Security Assessment Scripts - Oracle Security Assessment Scripts to automate routine hardening functions and processes.
| MSSQL Security Assessment Scripts - MSSQL Security Assessment Scripts to automate routine hardening functions and processes.
| Internal Vulnerability Database - Automated vulnerability database that is updated every 15 minutes from over 100 public and 20 private feeds.
| SQL Explorer: identifies vulnerabilities in and retrieves data from MSSQL, MySQL, Oracle, PostgreSQL, MS Access etc database servers. | |
Case-Studies
 | VoIP Security Assessment for a Business Process Outsourcing Firm Security Brigade conducted a VoIP Security Assessment for a Business Process Outsourcing Firm. This case study highlights the solution implemented to meet the Client's key business goals while helping them ensure that their mission critical VoIP systems meet security compliance and regulatory requirements. |
 | VoIP Security Assessment for a Technology Sales Company Security Brigade conducted a VoIP Security Assessment for a Technology Sales Company. This case study highlights the solution implemented to meet the Client's key business goals while helping them ensure that their internal VoIP systems were safe from interception and tamper. |
 | VoIP Security Assessment for a Large Retail Conglomerate Security Brigade conducted a VoIP Security Assessment for a Large Retail Conglomerate. This case study highlights the solution implemented to meet the Client's key business goals while helping them ensure that their internal VoIP systems meet security compliance and regulatory requirements. |
Deliverables
Security Brigade's reporting process is industry-unique and aims to deliver maximum value to your organization and the administrations / developers directly interacting with the security audit. Each report is customer-specific and contains detailed information, proof of concepts, source code examples and configuration details with the aim of educating your IT teams for the long-term. The following are some of the deliverables you will receive on completion of a VoIP Security Assessment Service.
Executive Presentation Provides a holistic overview of the entire engagement, detailing the issues from an impact and business risk perspective. The presentation is aimed at helping senior management quantify risks and take an informed decision while aligning security with business objectives. |
 |
Executive Report Provides a high-level summary of the systems, network and applications covered, vulnerabilities discovered and the recommendations made to mitigate the threats identified through the engagement. |
 |
Technical Report Provides comprehensive information about all the threats discovered on the systems, network and applications. It will include proof-of-concepts, technical explanations, remediation recommendations, screenshots, exploits, etc. |
 |
Project Summary Report Provides a detailed summary of the engagement, the vulnerabilities identified, recommendations made and current status of the identified issues. |
 |
Excel Vulnerability Tracker Simple and comprehensive vulnerability tracker aimed at helping the IT asset owner keep track of the vulnerabilities, remediation status, action items, etc. |
 |
Request a Call
VoIP Security Assessment Service- VoIP Security Assessment for a Business Process Outsourcing Firm
- VoIP Security Assessment for a Technology Sales Company
- VoIP Security Assessment for a Large Retail Conglomerate
- Executive Presentation
- Executive Report
- Technical Report
- Project Summary Report
- Excel Vulnerability Tracker