SlideShare a Scribd company logo

Security VoIP Assessment

Iron Mountain
Iron Mountain

Security VoIP Assessment via Carousel Industries

Technology
1 of 2
Download to read offline
Security VoIP Assessment Carousel leverages the expertise of SecureState, a management consulting firm, specializing in information security. WE BELIEVE in a business- oriented approach to information security and strive to make the world more secure. We have a passion to be the best, measured by our commitment to do the right thing and help others achieve their goals. We have persistently driven for continuous improvement, empowering employees with increasing efficiency, and eliminating waste in their jobs. Contact us to learn more 800.401.0760 www.carouselindustries.com IT SECURITY VoIP Attack and Penetration Testing Do you know if your VoIP phones and servers are segmented from the rest of your network? Even if they are, segmentation alone may not protect your voice assets. This program includes controlled tests in which SecureState will attempt to assess several vulnerabilities in VoIP systems and networks. Our methodology includes performing validation and testing to ensure that only “valid” vulnerabilities are reported while: • Hi-jacking phone calls • Recording and replaying voice calls • Voicemail tampering • Phone registration hi-jacking • Access to phone administrative capabilities • Attacking systems within the voice VLANS to gain access to the internal network • Attacking VoIP client phones • A VoIP Penetration Test is focused on vulnerabilities on VoIP systems and networks • SecureState focuses our attacks on vulnerabilities specific to VoIP systems and networks • Reduction of the cost, confusion, and complexity of PCI DSS compliance Process Following SecureState’s proven process which was developed through years of consulting experience, we can take you from your CurrentState to your DesiredState of security and ultimately build a program that helps you manage your security at the SecureState. SecureState has developed, SecureState will provide tactical and strategic recommendations for your organization to improve the security posture of your VoIP Network or validate that your network is secure. Copyright ©2014, Carousel Industries® www.carouselindustries.com SEC-VoIP-ASSESSMENT-1014
IT SECURITY Methodology The SecureState Profiling Team is well-known and highly regarded as experts in Penetration Testing. Our approach follows industry accepted testing methodologies such as PTES, NIST 800-115, and OSSTMM. By following these methodologies, our clients can accurately replicate the testing SecureState has performed in their own environment to accurately mitigate identified vulnerabilities. The Profiling Team also helps identify strategic “root cause” issues through our Penetration Tests. SecureState’s Risk Management Team is uniquely positioned to work closely with the Profiling Team in order to assist clients with mitigating these strategic “root cause” issues. Phase I – Pre-engagement Interaction - In this phase, SecureState works with the client to establish the rules of engagement as well as the scope and exchange contact information for both parties. SecureState provides a detailed Project Charter which contains information on scope and everything that will be required to conduct the testing. The Project Charter is discussed during the kickoff call prior to the beginning of the engagement. Phase II – Intelligence Gathering - VoIP Attack and Penetration Tests need to be conducted with care, due diligence, and a high level of industry knowledge. SecureState performs specific non-intrusion probing of the VoIP network, using SNMP sweeps and other low level scans to first map the VoIP network and systems. Phase III – Vulnerability Analysis - SecureState generates specifically crafted packets in order to identify specific patch levels, perform banner grabbing, and use various other techniques in order to identify potential exposures in the client’s VoIP network without being detected. Specialty tools such as SiVuS, sipsak and SIPSCAN are used to enumerate specific VoIP devices. In addition, SecureState will attempt to pull VoIP specific data off the network to see how it could potentially be manipulated. During this phase, we will attempt to hi- jack and record phone calls, as well as attempt to insert sounds and conduct other manipulation of VoIP data streams; including, eavesdropping on VoIP administrative systems. In addition, VLAN hopping attacks are conducted to ensure segmentation is working properly. Phase IV – Exploitation - During the course of the engagement, all identified VoIP vulnerabilities will be assessed as to the likelihood of exploitation. Communication will be conducted with the client’s Project Lead prior to any type of intrusive activity that could potentially impact network performance or system stability. Any high or critical risk exploit also will be communicated to the client upon discovery; so that the client can initiate corrective actions. Copyright ©2014, Carousel Industries® www.carouselindustries.com SEC-VoIP-ASSESSMENT-1014 Proven Security Expertise Contact us to learn more 800.401.0760 www.carouselindustries.com

Recommended

F secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and management
F-Secure Corporation
 
Protecting application delivery without network security blind spots
Protecting application delivery without network security blind spotsProtecting application delivery without network security blind spots
Protecting application delivery without network security blind spots
Thales e-Security
 
Powerful email protection
Powerful email protectionPowerful email protection
Powerful email protection
F-Secure Corporation
 
Cyber Threats on the Industrial Environment
Cyber Threats on the Industrial EnvironmentCyber Threats on the Industrial Environment
Cyber Threats on the Industrial Environment
Eduardo Arriols Nuñez
 
Mohammad Tahir_CV
Mohammad Tahir_CVMohammad Tahir_CV
Mohammad Tahir_CV
Mohammad Tahir Shaikh
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
Ivanti
 
Internet gatekeeper
Internet gatekeeperInternet gatekeeper
Internet gatekeeper
F-Secure Corporation
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
MarketingArrowECS_CZ
 

Recommended

F secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and management
F-Secure Corporation
 
Protecting application delivery without network security blind spots
Protecting application delivery without network security blind spotsProtecting application delivery without network security blind spots
Protecting application delivery without network security blind spots
Thales e-Security
 
Powerful email protection
Powerful email protectionPowerful email protection
Powerful email protection
F-Secure Corporation
 
Cyber Threats on the Industrial Environment
Cyber Threats on the Industrial EnvironmentCyber Threats on the Industrial Environment
Cyber Threats on the Industrial Environment
Eduardo Arriols Nuñez
 
Mohammad Tahir_CV
Mohammad Tahir_CVMohammad Tahir_CV
Mohammad Tahir_CV
Mohammad Tahir Shaikh
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
Ivanti
 
Internet gatekeeper
Internet gatekeeperInternet gatekeeper
Internet gatekeeper
F-Secure Corporation
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
MarketingArrowECS_CZ
 
Protection Service for Business
Protection Service for BusinessProtection Service for Business
Protection Service for Business
F-Secure Corporation
 
Client Security - Best security for business workstations
Client Security - Best security for business workstationsClient Security - Best security for business workstations
Client Security - Best security for business workstations
F-Secure Corporation
 
Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
Thales e-Security
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering
Lauren Traurig
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
Ronnie Isherwood
 
Intercept X - Sophos Endpoint
Intercept X - Sophos EndpointIntercept X - Sophos Endpoint
Intercept X - Sophos Endpoint
DeServ - Tecnologia e Servços
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc
 
XG Firewall
XG FirewallXG Firewall
XG Firewall
DeServ - Tecnologia e Servços
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
F-Secure Corporation
 
F-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior control
F-Secure Corporation
 
Best corporate end-point protection 2013
Best corporate end-point protection 2013Best corporate end-point protection 2013
Best corporate end-point protection 2013
F-Secure Corporation
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMs
Thales e-Security
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
AlienVault
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucí
MarketingArrowECS_CZ
 
Go Its 25 15
Go Its 25 15Go Its 25 15
Go Its 25 15
sergri
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials
Qonex
 
Business Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityBusiness Suite - Gain control of your IT security
Business Suite - Gain control of your IT security
F-Secure Corporation
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
Mohd Anwar Jamal Faiz
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
Jennifer Mary
 

More Related Content

What's hot

Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
Thales e-Security
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMs
Thales e-Security
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
AlienVault
 

What's hot (20)

Protection Service for Business
Protection Service for BusinessProtection Service for Business
Protection Service for Business
 
Client Security - Best security for business workstations
Client Security - Best security for business workstationsClient Security - Best security for business workstations
Client Security - Best security for business workstations
 
Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
 
Intercept X - Sophos Endpoint
Intercept X - Sophos EndpointIntercept X - Sophos Endpoint
Intercept X - Sophos Endpoint
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
XG Firewall
XG FirewallXG Firewall
XG Firewall
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
 
F-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior control
 
Best corporate end-point protection 2013
Best corporate end-point protection 2013Best corporate end-point protection 2013
Best corporate end-point protection 2013
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMs
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucí
 
Go Its 25 15
Go Its 25 15Go Its 25 15
Go Its 25 15
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USMHow to Detect System Compromise & Data Exfiltration with AlienVault USM
How to Detect System Compromise & Data Exfiltration with AlienVault USM
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials
 
Business Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityBusiness Suite - Gain control of your IT security
Business Suite - Gain control of your IT security
 

Similar to Security VoIP Assessment

AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
aksit_services
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
CYBER SENSE
 
BAI Security - Brochure - IT Security Assessment (Financial)
BAI Security - Brochure - IT Security Assessment (Financial)BAI Security - Brochure - IT Security Assessment (Financial)
BAI Security - Brochure - IT Security Assessment (Financial)
Prahlad Reddy
 

Similar to Security VoIP Assessment (20)

Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
 
Company_Profile_Updated_17032016
Company_Profile_Updated_17032016Company_Profile_Updated_17032016
Company_Profile_Updated_17032016
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile final
 
craw-security-services.pdf
craw-security-services.pdfcraw-security-services.pdf
craw-security-services.pdf
 
What is VAPT & Why is it Important for Your Business.pptx
What is VAPT & Why is it Important for Your Business.pptxWhat is VAPT & Why is it Important for Your Business.pptx
What is VAPT & Why is it Important for Your Business.pptx
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
 
Advanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your BusinessAdvanced IT and Cyber Security for Your Business
Advanced IT and Cyber Security for Your Business
 
Huwei Cyber Security Presentation
Huwei Cyber Security PresentationHuwei Cyber Security Presentation
Huwei Cyber Security Presentation
 
Cyber Octet - What is Web Application Penetration Testing (WAPT).pdf
Cyber Octet - What is Web Application Penetration Testing (WAPT).pdfCyber Octet - What is Web Application Penetration Testing (WAPT).pdf
Cyber Octet - What is Web Application Penetration Testing (WAPT).pdf
 
VAPT | VAPT Testing | VAPT Services | Vulnerability Assessment and Penetratio...
VAPT | VAPT Testing | VAPT Services | Vulnerability Assessment and Penetratio...VAPT | VAPT Testing | VAPT Services | Vulnerability Assessment and Penetratio...
VAPT | VAPT Testing | VAPT Services | Vulnerability Assessment and Penetratio...
 
Voiztrail Call Recorder
Voiztrail Call RecorderVoiztrail Call Recorder
Voiztrail Call Recorder
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
BAI Security - Brochure - IT Security Assessment (Financial)
BAI Security - Brochure - IT Security Assessment (Financial)BAI Security - Brochure - IT Security Assessment (Financial)
BAI Security - Brochure - IT Security Assessment (Financial)
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY
 

More from Iron Mountain

9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle Management9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle Management
Iron Mountain
 

More from Iron Mountain (13)

729 Solutions Helps Connect The Dots - Our Services At A Glance
729 Solutions Helps Connect The Dots - Our Services At A Glance729 Solutions Helps Connect The Dots - Our Services At A Glance
729 Solutions Helps Connect The Dots - Our Services At A Glance
 
10 huge-reasons-why-businesses-need-custom-software-development1
10 huge-reasons-why-businesses-need-custom-software-development110 huge-reasons-why-businesses-need-custom-software-development1
10 huge-reasons-why-businesses-need-custom-software-development1
 
9 Proven-Strategies
9 Proven-Strategies9 Proven-Strategies
9 Proven-Strategies
 
CABA Whitepaper - Cybersecurity in Smart Buildings
CABA Whitepaper - Cybersecurity in Smart BuildingsCABA Whitepaper - Cybersecurity in Smart Buildings
CABA Whitepaper - Cybersecurity in Smart Buildings
 
Cybersmart_buildings_securing your investment in connectivity and automation
Cybersmart_buildings_securing your investment in connectivity and automationCybersmart_buildings_securing your investment in connectivity and automation
Cybersmart_buildings_securing your investment in connectivity and automation
 
Moving from tape to cloud
Moving from tape to cloudMoving from tape to cloud
Moving from tape to cloud
 
Cloud services - moving from tape to cloud
Cloud services - moving from tape to cloudCloud services - moving from tape to cloud
Cloud services - moving from tape to cloud
 
Guidebook To Long-Term Retention Part 1: Challenges And Effective Approaches
Guidebook To Long-Term Retention Part 1: Challenges And Effective ApproachesGuidebook To Long-Term Retention Part 1: Challenges And Effective Approaches
Guidebook To Long-Term Retention Part 1: Challenges And Effective Approaches
 
9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle Management9 Steps to Successful Information Lifecycle Management
9 Steps to Successful Information Lifecycle Management
 
10 Ways Intelligent Transportation Makes A Difference
10 Ways Intelligent Transportation Makes A Difference10 Ways Intelligent Transportation Makes A Difference
10 Ways Intelligent Transportation Makes A Difference
 
Using Business and Technology to solve business challenges
Using Business and Technology to solve business challengesUsing Business and Technology to solve business challenges
Using Business and Technology to solve business challenges
 
10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud
 
The need for IT to get in front of the BYOD (Bring Your Own Device) problem
The need for IT to get in front of the BYOD (Bring Your Own Device) problemThe need for IT to get in front of the BYOD (Bring Your Own Device) problem
The need for IT to get in front of the BYOD (Bring Your Own Device) problem
 

Recently uploaded

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Security VoIP Assessment

  • 1. Security VoIP Assessment Carousel leverages the expertise of SecureState, a management consulting firm, specializing in information security. WE BELIEVE in a business- oriented approach to information security and strive to make the world more secure. We have a passion to be the best, measured by our commitment to do the right thing and help others achieve their goals. We have persistently driven for continuous improvement, empowering employees with increasing efficiency, and eliminating waste in their jobs. Contact us to learn more 800.401.0760 www.carouselindustries.com IT SECURITY VoIP Attack and Penetration Testing Do you know if your VoIP phones and servers are segmented from the rest of your network? Even if they are, segmentation alone may not protect your voice assets. This program includes controlled tests in which SecureState will attempt to assess several vulnerabilities in VoIP systems and networks. Our methodology includes performing validation and testing to ensure that only “valid” vulnerabilities are reported while: • Hi-jacking phone calls • Recording and replaying voice calls • Voicemail tampering • Phone registration hi-jacking • Access to phone administrative capabilities • Attacking systems within the voice VLANS to gain access to the internal network • Attacking VoIP client phones • A VoIP Penetration Test is focused on vulnerabilities on VoIP systems and networks • SecureState focuses our attacks on vulnerabilities specific to VoIP systems and networks • Reduction of the cost, confusion, and complexity of PCI DSS compliance Process Following SecureState’s proven process which was developed through years of consulting experience, we can take you from your CurrentState to your DesiredState of security and ultimately build a program that helps you manage your security at the SecureState. SecureState has developed, SecureState will provide tactical and strategic recommendations for your organization to improve the security posture of your VoIP Network or validate that your network is secure. Copyright ©2014, Carousel Industries® www.carouselindustries.com SEC-VoIP-ASSESSMENT-1014
  • 2. IT SECURITY Methodology The SecureState Profiling Team is well-known and highly regarded as experts in Penetration Testing. Our approach follows industry accepted testing methodologies such as PTES, NIST 800-115, and OSSTMM. By following these methodologies, our clients can accurately replicate the testing SecureState has performed in their own environment to accurately mitigate identified vulnerabilities. The Profiling Team also helps identify strategic “root cause” issues through our Penetration Tests. SecureState’s Risk Management Team is uniquely positioned to work closely with the Profiling Team in order to assist clients with mitigating these strategic “root cause” issues. Phase I – Pre-engagement Interaction - In this phase, SecureState works with the client to establish the rules of engagement as well as the scope and exchange contact information for both parties. SecureState provides a detailed Project Charter which contains information on scope and everything that will be required to conduct the testing. The Project Charter is discussed during the kickoff call prior to the beginning of the engagement. Phase II – Intelligence Gathering - VoIP Attack and Penetration Tests need to be conducted with care, due diligence, and a high level of industry knowledge. SecureState performs specific non-intrusion probing of the VoIP network, using SNMP sweeps and other low level scans to first map the VoIP network and systems. Phase III – Vulnerability Analysis - SecureState generates specifically crafted packets in order to identify specific patch levels, perform banner grabbing, and use various other techniques in order to identify potential exposures in the client’s VoIP network without being detected. Specialty tools such as SiVuS, sipsak and SIPSCAN are used to enumerate specific VoIP devices. In addition, SecureState will attempt to pull VoIP specific data off the network to see how it could potentially be manipulated. During this phase, we will attempt to hi- jack and record phone calls, as well as attempt to insert sounds and conduct other manipulation of VoIP data streams; including, eavesdropping on VoIP administrative systems. In addition, VLAN hopping attacks are conducted to ensure segmentation is working properly. Phase IV – Exploitation - During the course of the engagement, all identified VoIP vulnerabilities will be assessed as to the likelihood of exploitation. Communication will be conducted with the client’s Project Lead prior to any type of intrusive activity that could potentially impact network performance or system stability. Any high or critical risk exploit also will be communicated to the client upon discovery; so that the client can initiate corrective actions. Copyright ©2014, Carousel Industries® www.carouselindustries.com SEC-VoIP-ASSESSMENT-1014 Proven Security Expertise Contact us to learn more 800.401.0760 www.carouselindustries.com