VoISE™ VoIP Implementation Security Evaluation

Based on the adoption rate of Voice over IP (VoIP) technologies, it is evident that organizations realize the associated economic and technological benefits with this emerging technology area. Telecommunication carriers, service providers and vendors are investing significant amounts of resources to position themselves in the VoIP market and support demand. This demonstrates that VoIP is here to stay.

A critical aspect of any VoIP deployment is security. As malicious users, hackers and fraudsters take advantage of vulnerabilities in the current computing infrastructure to perpetrate various attacks such as email spam, DoS, and compromise systems; users and enterprise network owners have become more demanding and diligent in maintaining their networks/systems security posture while maintaining their user and customer privacy.

Palindrome Technologies, has assisted Telecommunication carriers, VoIP Service Providers and Enterprise network owners, to address security issues in their VoIP implementations by providing the VoISE™ service.

VoISE™ - VoIP Implementation Security Evaluation:

• Conduct a security evaluation of your VoIP infrastructure, using a proven methodology that has been developed based on best industry practices and standards (e.g. NIST SP800-58, SP-800-13, ISO17799 and others).
• Perform a vulnerability analysis on your VoIP infrastructure (signaling, calling plans, configuration, authentication and authorization) to identify exposure associated with the implementation and product configuration.
  

The evaluation includes at least the following steps:

• Identify vulnerabilities associated with the supporting VoIP infrastructure such as routers, directory servers, signaling and media gateways and registrars.
• Evaluate robustness (e.g. buffer overflows) associated with VoIP components including, but not limited to, signaling and media gateways, user terminals and registration servers.
• Identify vulnerabilities associated with communication call-flows such as Call-flow message manipulation (i.e. modify, insert, delete) and Eavesdropping.
• Evaluate susceptibility to Denial of Service attacks
• Identify vulnerabilities associated with the network element’s (e.g. signaling gateway, user terminal) operational security. • Generate actionable reports, with prioritized and categorized findings, to help maintain the proper security posture of your VoIP infrastructure
•Identify vulnerabilities associated with user (e.g. VoIP subscriber) security controls such as encryption of signaling and media messages, authentication and integrity of signaling and media messages, and user registration protection (integrity, authentication, confidentiality)

Please reach us to discuss ways Palindrome can help you meet your information protection requirements: Contact Palindrome