SlideShare une entreprise Scribd logo

VoIp Security Services Technical Description Cyber51

M
martinvoelk

Penetration Testing Services and Vulnerability Assessment Services.

1  sur  5
Télécharger pour lire hors ligne
VoIP Security Services Description
Table of Contents VOIP PENETRATION TEST .......................................................................................... 3 INTRODUCTION ............................................................................................................. 3 METHODOLOGY ........................................................................................................... 3 Reconnaissance .............................................................................................. 3 Footprinting...................................................................................................................................... 3 Scanning .......................................................................................................................................... 4 Enumerating .................................................................................................................................... 4 Vulnerability Analysis ....................................................................................... 4 Exploiting .......................................................................................................... 4 Reporting ......................................................................................................... 5 Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. Web: http://www.cyber51.co.uk Email: info@cyber51.co.uk
VoIP Penetration Test Introduction Voice over IP (VoIP) is being rapidly embraced across most markets as an alternative to the traditional public-switched telephone network. VoIP is a broad term, describing many different types of applications and using a wide variety of both proprietary and open protocols that depend heavily on your preexisting data network's infrastructure and services. Because VoIP packetizes phone calls through the same routes used by traditional enterprise data networks today, it is consequently prone to the very same cyber threats that plague those same networks. These include denial-of service attacks, worms, viruses, and general hacker exploitation. For instance, if your enterprise is under attack from a distributed denial of service (DDoS) attack, internal users' web browsing might be slower than normal, but a DDoS attack on a VoIP-enabled network can completely cripple your VoIP applications, at least to the point where conversations are unintelligible. Our VoIP penetration test service points to follow same activities as a malicious hacker in order to verify and find weaknesses in your VoIP deployments, reporting every vulnerability indicating associated risks and helping you to elaborate a detailed remediation plan. Methodology Reconnaissance The first phase of our services will focus in demonstrating how an attacker would first scan the whole network and then pick up specific targets and enumerate them with great precision in order to proceed with further advanced attacks through or from the hacked VoIP devices. In order to do that, we are going to follow the below steps: Footprinting In this stage, we will elaborate a profile about the target organization by performing passive reconnaissance using tools such as Google, DNS, and WHOIS records, as well as the target's own website. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. Web: http://www.cyber51.co.uk Email: info@cyber51.co.uk
Scanning In this stage, we are going to use different remote scanning techniques in order to identify potentially active VoIP devices on the network. We cover the traditional UDP, TCP, SNMP, and ICMP scanning techniques as applied to VoIP devices. Enumerating In this stage, we will be preforming various active methods of enumeration over the different detected VoIP devices, from softphones, hard phones, proxies, and other general SIP-enabled devices. Vulnerability Analysis After successfully identifying the target systems and gathering the required details from the above phases, a penetration tester will try to find any possible vulnerabilities existing in each target system. During this phase a penetration tester will use automated tools to scan the target systems for known vulnerabilities. These tools have their own databases consisting of latest vulnerabilities and their details. Exploiting In this phase, once we have all the recollected information gathered on previous phases of the service, we are going to perform different exploitation tasks targeting the network infrastructure on which your VoIP applications depend. Most of the techniques are originated from the traditional data security world, but applied here against VoIP devices and supporting network services. Also, for this specific stage, we have many open source and commercial tools in place that help us in the different exploitation tasks (for example, CANVAS and a VoIP exploitation pack) Some techniques and tests:  VoIP Network Infrastructure Denial of Service (DoS)  VoIP Network Eavesdropping  VoIP Interception and Modification  VoIP Session and Application Hacking  Fuzzing VoIP  Flood-Based Disruption of Service  Signaling and Media Manipulation Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. Web: http://www.cyber51.co.uk Email: info@cyber51.co.uk
Note 1: DoS and DDoS only are tested if they have been accepted an solicited at Project’s scope definition. Note 2: Eavesdropping and Interception techniques are only used in onsite testings. Reporting The last phase in the entire activity is the reporting phase. This phase can occur in parallel to the other three stages or at the end of the Attack stage. The final report will be prepared keeping in mind both Management as well as Technical aspects, detailing all the findings with proper graphs, figures, etc. so as to convey a proper presentation of the vulnerabilities and it’s impact to the business of the target organization. An executive summary, describing in brief, the activities performed, findings, and high-level recommendations will be provided. Also detailed technical descriptions of the vulnerabilities and the recommendations to mitigate them will be documented in this report. All the security holes found and exploited will be accompanied with proper Proof‐of‐Concept by means of screenshots of the successful exploits, or any other such methods. This report will consist in an Executive report containing, without to be limited to: conclusions, recommendations, statistics, and hacking methodology brief, and a Technical Report containing without to be limited to: Information Gathering, Network Information, Analysis and Attack results of accomplished tasks. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. Web: http://www.cyber51.co.uk Email: info@cyber51.co.uk

Recommandé

F secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF-Secure Corporation
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
UTM (unified threat management)
UTM (unified threat management)UTM (unified threat management)
UTM (unified threat management)military
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 
Detección y mitigación de amenazas con Check Point
Detección y mitigación de amenazas con Check PointDetección y mitigación de amenazas con Check Point
Detección y mitigación de amenazas con Check PointNextel S.A.
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering Lauren Traurig
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesElsa Cariello
 
Sophos Utm Presentation 2016
Sophos Utm Presentation 2016Sophos Utm Presentation 2016
Sophos Utm Presentation 2016InformatikaFortuno
 

Recommandé

F secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF-Secure Corporation
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
UTM (unified threat management)
UTM (unified threat management)UTM (unified threat management)
UTM (unified threat management)military
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 
Detección y mitigación de amenazas con Check Point
Detección y mitigación de amenazas con Check PointDetección y mitigación de amenazas con Check Point
Detección y mitigación de amenazas con Check PointNextel S.A.
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering Lauren Traurig
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesElsa Cariello
 
Sophos Utm Presentation 2016
Sophos Utm Presentation 2016Sophos Utm Presentation 2016
Sophos Utm Presentation 2016InformatikaFortuno
 
Checkpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseCheckpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseGlobal Online Trainings
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
How to Choose a SandBox - Gartner
How to Choose a SandBox - GartnerHow to Choose a SandBox - Gartner
How to Choose a SandBox - GartnerMoti Sagey מוטי שגיא
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point FirewallsBen Rothke
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014David Berkelmans
 
Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands Sophos Benelux
 
How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocMoti Sagey מוטי שגיא
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Cyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPASCyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPASGiovanni Panice
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
What's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecurityWhat's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecuritySophos Benelux
 
Mobile slide
Mobile slideMobile slide
Mobile slideAman singh
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick StartContent Rules, Inc.
 
Firewall audit
Firewall auditFirewall audit
Firewall auditVelliyangiri K.S
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacksdkaya
 
Ids & ips
Ids & ipsIds & ips
Ids & ipsLan & Wan Solutions
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 PresentationAmy McMullin
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 
Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesKai Wähner
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 

Contenu connexe

Tendances

Checkpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseCheckpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseGlobal Online Trainings
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point FirewallsBen Rothke
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014David Berkelmans
 
Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands Sophos Benelux
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Cyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPASCyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPASGiovanni Panice
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
What's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecurityWhat's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecuritySophos Benelux
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacksdkaya
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 PresentationAmy McMullin
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 

Tendances (20)

Checkpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseCheckpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online Course
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
How to Choose a SandBox - Gartner
How to Choose a SandBox - GartnerHow to Choose a SandBox - Gartner
How to Choose a SandBox - Gartner
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point Firewalls
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014
 
Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands Discover Synchronized Security - Sophos Day Netherlands
Discover Synchronized Security - Sophos Day Netherlands
 
How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive poc
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and Mitigation
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Cyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPASCyber Security and Cyber-Resilience for RPAS
Cyber Security and Cyber-Resilience for RPAS
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
What's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized SecurityWhat's cooking at Sophos - an introduction to Synchronized Security
What's cooking at Sophos - an introduction to Synchronized Security
 
Mobile slide
Mobile slideMobile slide
Mobile slide
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
Firewall audit
Firewall auditFirewall audit
Firewall audit
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacks
 
Ids & ips
Ids & ipsIds & ips
Ids & ips
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 

Similaire à VoIp Security Services Technical Description Cyber51

Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesKai Wähner
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
White paper surveillancepointmarket
White paper surveillancepointmarketWhite paper surveillancepointmarket
White paper surveillancepointmarketFinite Moments
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsCodenomicon
 
Sbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSelf Employed
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET Journal
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit frameworkPawanKesharwani
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcKristen Wilson
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxronak56
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxdaniahendric
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxmakdul
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET Journal
 
here has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docxhere has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docxsimonithomas47935
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats FasterForce 3
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problemskiansahafi
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideAryan G
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 

Similaire à VoIp Security Services Technical Description Cyber51 (20)

Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
White paper surveillancepointmarket
White paper surveillancepointmarketWhite paper surveillancepointmarket
White paper surveillancepointmarket
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for TelecommunicationsFuzzing101: Unknown vulnerability management for Telecommunications
Fuzzing101: Unknown vulnerability management for Telecommunications
 
Sbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX Deloyment
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit Framework
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit framework
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of Nc
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
 
here has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docxhere has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docx
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
security onion
security onionsecurity onion
security onion
 

Plus de martinvoelk

Cyber51 Company Presentation Public
Cyber51 Company Presentation PublicCyber51 Company Presentation Public
Cyber51 Company Presentation Publicmartinvoelk
 
Consulting Flyer
Consulting FlyerConsulting Flyer
Consulting Flyermartinvoelk
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 
Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51martinvoelk
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Testmartinvoelk
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
Ppctrainer Offers
Ppctrainer OffersPpctrainer Offers
Ppctrainer Offersmartinvoelk
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consultingmartinvoelk
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consultingmartinvoelk
 
Basic Adwords Course Outline
Basic Adwords Course OutlineBasic Adwords Course Outline
Basic Adwords Course Outlinemartinvoelk
 
Pronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training CoursesPronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training Coursesmartinvoelk
 
CCIE Bootcamp Training Courses
CCIE Bootcamp Training CoursesCCIE Bootcamp Training Courses
CCIE Bootcamp Training Coursesmartinvoelk
 
Servicios de la Seguridad delos Redes
Servicios de la Seguridad delos RedesServicios de la Seguridad delos Redes
Servicios de la Seguridad delos Redesmartinvoelk
 
IT Network Security Services
IT Network Security ServicesIT Network Security Services
IT Network Security Servicesmartinvoelk
 
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner AssociateProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associatemartinvoelk
 

Plus de martinvoelk (15)

Cyber51 Company Presentation Public
Cyber51 Company Presentation PublicCyber51 Company Presentation Public
Cyber51 Company Presentation Public
 
Consulting Flyer
Consulting FlyerConsulting Flyer
Consulting Flyer
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
 
Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Test
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
Ppctrainer Offers
Ppctrainer OffersPpctrainer Offers
Ppctrainer Offers
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consulting
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consulting
 
Basic Adwords Course Outline
Basic Adwords Course OutlineBasic Adwords Course Outline
Basic Adwords Course Outline
 
Pronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training CoursesPronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training Courses
 
CCIE Bootcamp Training Courses
CCIE Bootcamp Training CoursesCCIE Bootcamp Training Courses
CCIE Bootcamp Training Courses
 
Servicios de la Seguridad delos Redes
Servicios de la Seguridad delos RedesServicios de la Seguridad delos Redes
Servicios de la Seguridad delos Redes
 
IT Network Security Services
IT Network Security ServicesIT Network Security Services
IT Network Security Services
 
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner AssociateProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
 

VoIp Security Services Technical Description Cyber51

  • 2. Table of Contents VOIP PENETRATION TEST .......................................................................................... 3 INTRODUCTION ............................................................................................................. 3 METHODOLOGY ........................................................................................................... 3 Reconnaissance .............................................................................................. 3 Footprinting...................................................................................................................................... 3 Scanning .......................................................................................................................................... 4 Enumerating .................................................................................................................................... 4 Vulnerability Analysis ....................................................................................... 4 Exploiting .......................................................................................................... 4 Reporting ......................................................................................................... 5 Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. Web: http://www.cyber51.co.uk Email: info@cyber51.co.uk
  • 3. VoIP Penetration Test Introduction Voice over IP (VoIP) is being rapidly embraced across most markets as an alternative to the traditional public-switched telephone network. VoIP is a broad term, describing many different types of applications and using a wide variety of both proprietary and open protocols that depend heavily on your preexisting data network's infrastructure and services. Because VoIP packetizes phone calls through the same routes used by traditional enterprise data networks today, it is consequently prone to the very same cyber threats that plague those same networks. These include denial-of service attacks, worms, viruses, and general hacker exploitation. For instance, if your enterprise is under attack from a distributed denial of service (DDoS) attack, internal users' web browsing might be slower than normal, but a DDoS attack on a VoIP-enabled network can completely cripple your VoIP applications, at least to the point where conversations are unintelligible. Our VoIP penetration test service points to follow same activities as a malicious hacker in order to verify and find weaknesses in your VoIP deployments, reporting every vulnerability indicating associated risks and helping you to elaborate a detailed remediation plan. Methodology Reconnaissance The first phase of our services will focus in demonstrating how an attacker would first scan the whole network and then pick up specific targets and enumerate them with great precision in order to proceed with further advanced attacks through or from the hacked VoIP devices. In order to do that, we are going to follow the below steps: Footprinting In this stage, we will elaborate a profile about the target organization by performing passive reconnaissance using tools such as Google, DNS, and WHOIS records, as well as the target's own website. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. Web: http://www.cyber51.co.uk Email: info@cyber51.co.uk
  • 4. Scanning In this stage, we are going to use different remote scanning techniques in order to identify potentially active VoIP devices on the network. We cover the traditional UDP, TCP, SNMP, and ICMP scanning techniques as applied to VoIP devices. Enumerating In this stage, we will be preforming various active methods of enumeration over the different detected VoIP devices, from softphones, hard phones, proxies, and other general SIP-enabled devices. Vulnerability Analysis After successfully identifying the target systems and gathering the required details from the above phases, a penetration tester will try to find any possible vulnerabilities existing in each target system. During this phase a penetration tester will use automated tools to scan the target systems for known vulnerabilities. These tools have their own databases consisting of latest vulnerabilities and their details. Exploiting In this phase, once we have all the recollected information gathered on previous phases of the service, we are going to perform different exploitation tasks targeting the network infrastructure on which your VoIP applications depend. Most of the techniques are originated from the traditional data security world, but applied here against VoIP devices and supporting network services. Also, for this specific stage, we have many open source and commercial tools in place that help us in the different exploitation tasks (for example, CANVAS and a VoIP exploitation pack) Some techniques and tests:  VoIP Network Infrastructure Denial of Service (DoS)  VoIP Network Eavesdropping  VoIP Interception and Modification  VoIP Session and Application Hacking  Fuzzing VoIP  Flood-Based Disruption of Service  Signaling and Media Manipulation Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. Web: http://www.cyber51.co.uk Email: info@cyber51.co.uk
  • 5. Note 1: DoS and DDoS only are tested if they have been accepted an solicited at Project’s scope definition. Note 2: Eavesdropping and Interception techniques are only used in onsite testings. Reporting The last phase in the entire activity is the reporting phase. This phase can occur in parallel to the other three stages or at the end of the Attack stage. The final report will be prepared keeping in mind both Management as well as Technical aspects, detailing all the findings with proper graphs, figures, etc. so as to convey a proper presentation of the vulnerabilities and it’s impact to the business of the target organization. An executive summary, describing in brief, the activities performed, findings, and high-level recommendations will be provided. Also detailed technical descriptions of the vulnerabilities and the recommendations to mitigate them will be documented in this report. All the security holes found and exploited will be accompanied with proper Proof‐of‐Concept by means of screenshots of the successful exploits, or any other such methods. This report will consist in an Executive report containing, without to be limited to: conclusions, recommendations, statistics, and hacking methodology brief, and a Technical Report containing without to be limited to: Information Gathering, Network Information, Analysis and Attack results of accomplished tasks. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. Web: http://www.cyber51.co.uk Email: info@cyber51.co.uk