VOIP Penetration Testing

Voice Over Internet Protocol (VoIP) Penetration Testing

Cyber attacks pose numerous threats to VoIP telephone systems, such as the capture of inbound and outbound calls through network manipulation, recording or listening in on calls, gaining access to internal networks through the voice VLANS and use of the network to make outbound calls (toll fraud).

In order to facilitate correct operation of VoIP devices, VoIP systems often operate outside of normal network security controls. Citation Cyber is able to assist you in securing your system’s SIP and H.323 endpoints whilst providing peace of mind against toll fraud.

We will assess your network infrastructure, VoIP components and authentication methods, and their capability to prevent manipulation between your clients and VoIP server to determine the scope of your security, providing a detailed report and recommendations for remediating issues and vulnerabilities.

VoIP Penetration Testing Methodology

Footprinting of SIP Services
Enumerating SIP Services
Registering SIP Service with/without Credentials
Brute Force Attack for SIP Service
Call Initiation with/without Spoof & Credentials
Hacking Trust Relationships
Intercepting SIP Client with SIP Proxy
Toll Fraud Exploit Testing

CHECK and CREST-Certified Penetration Testing Service

For our Penetration Testing Services, we are proud to have a team of experts with a variety of accreditations across the cyber security service provision. Namely, these accreditations include CREST, CEH (Certified Ethical Hacker), CHECK (Qualified Team Leaders), GWAPT (GIAC Web Application Penetration Testers) and CISSP (Certified Information Systems Security Professional) consultants.