The increasing use of VOIP telephony has opened up a whole new front in the information security arena due to its risk exposure to targeted threats, vulnerabilities to the network infrastructure, and the new opportunity for fraud it presents. Organizations that use VOIP must be aware of how these systems can be compromised through SIP vulnerabilities, vishing, VOIP hacking and eavesdropping. One method used to launch this type of attack is called "a man-in-the-middle," where a third party spoofs the MAC addresses of the two speaking parties, thus forcing the IP packets to flow through the hackers' system.
Security Art provides several services related to VoIP security from education, through design and testing, and all the way up to full-scope pen-testing engagements that include the VoIP infrastructure:
- Internal and External penetration testing.
- Configuration review and hardening of your VoIP infrastructure.
- Custom IDS/IPS rule development, as well as custom monitoring rules for SIEM systems.
- Reviewing, evaluating and recommending VoIP security products.
- Education on VoIP threats for your organization and business partners.