Voice Network Security Assessment Services
Traditional network security assessment services have focused on data networking devices and their connections to the Internet. Until recently, critical vulnerabilities in corporate phone networks have gone largely unaddressed, primarily due to a lack of awareness regarding the types and frequency of phone-based attacks and abuse.
A host of common, voice network threats and service abuse patterns can dramatically increase corporate expenses and compromise the security of nearly every corporation’s network resources. Examples include modem-based attacks to penetrate data networks, toll fraud, internal phone service misuse and abuse, telephony spam, as well as harassing, threatening, and other types of unwanted and/or restricted calls.
Migration to Voice over IP (VoIP) systems presents additional voice network security challenges. VoIP is becoming a mission critical service in many organizations, and is a lucrative target for hackers. VoIP is a very complex application and inherits the security issues common to other data network applications. It also has a number of unique security issues, and new VoIP-specific vulnerabilities and attack tools are announced each day.
SecureLogix is the world’s leading telecom security and management company, offering a full array of telephony security assessment services to help you identify and address your phone network security vulnerabilities before the damage is done.
TeleWatch Assessment Service
The TeleWatch Assessment Service is an in-depth, thirty (30) day assessment of the security, performance, and usage of your enterprise telecom network. During the engagement, a SecureLogix proprietary voice firewall and monitoring system is placed at the edge of your corporate phone network, between the PBX/IP-PBX and the voice provider’s Central Office. All inbound and outbound phone traffic in logged and network performance is monitored. SecureLogix certified engineers will identify the security, resource utilization, network performance, and service usage issues that threaten your organization and/or increase expenses. The following reports will be delivered during bi-weekly status meetings and as part of a detailed final report on key findings and recommendations:
 |
|
| • |
Summary traffic analysis |
|
| • |
Traffic by call type (voice/fax/modem) |
|
| • |
Modem Calls |
|
| • |
ISP calls - unmonitored Internet use |
|
| • |
Span resource utilization |
|
| • |
Traffic trending & analysis |
|
| • |
Toll fraud |
|
| • |
Fax resources utilization |
|
| • |
Tie-line analysis / VoIP toll bypass |
|
| • |
Telecom faults, errors, outage |
|
| • |
Business operations - excessive unanswered calls, etc. |
|
| • |
Misuse/abuse of LD service |
|
| |
|
TeleWatch-IP Assessment Service
The TeleWatch-IP Assessment Service is a one (1) to four (4) week assessment to test VoIP systems for vulnerabilities and provide recommendations to secure and harden IP telephony deployments.
Securing enterprise VoIP deployments is difficult and requires experience and time. There are many attack vectors into VoIP systems, including default passwords, non-secure management interfaces, non-secure underlying operating systems, poorly configured VLANs, non-secure services such as TFTP and SNMP, Denial of Service (DoS), eavesdropping, protocol attacks, and poor application configuration. There is no panacea product which addresses all of the various VoIP security issues and protocols. An extensive VoIP security assessment and hardening service from SecureLogix is your company’s best defense.
The assessment can contemplate multi-site, enterprise-wide deployments, or focus on pilot/proof-of-concept systems that you might want to secure before replicating across their organization. The assessment will actively test for a comprehensive battery of VoIP security issues including:
|
|
| • |
VoIP systems discovery, scanning, and enumeration |
|
| • |
VoIP network testing (switches, routers, firewalls, VLAN configurations) |
|
| • |
Vendor-specific platform, gateway card, and endpoint testing (Avaya, Cisco, Nortel, etc.) |
|
| • |
Session and VoIP protocol testing |
|
| |
|
The SecureLogix VoIP security assessment includes an optional penetration test, and a comprehensive set of recommendations, tailored to each enterprise’s requirements. SecureLogix will also assist with the development of security policies and checklists.
SecureLogix has unique experience in this field, including years of publicly funded VoIP vulnerability research, and authorship of the new “Hacking Exposed: VoIP” book (McGraw-Hill, 2007), which has become the standard reference on VoIP security.
TeleWatch-Complete Assessment Service
The TeleWatch-Complete Assessment Service is a thirty (30) day engagement that combines the network edge monitoring visibility of the TeleWatch Assessment with the VoIP-specific vulnerability testing offered through the TeleWatch-IP Assessment. The TeleWatch-Complete Assessment offers the most comprehensive look into all of the voice security, service abuse, network performance, and resource utilization issues facing your entire enterprise telecom network.
Don’t let an unsecured phone network become a security nightmare for your organization. An annual telecom security checkup from SecureLogix will help protect the reliability and privacy of your organization’s most vital communications resource. |
HOME 
