VoIP systems are sophisticated telecommunication systems that integrate into the network and are therefore open to attack.
We offer VoIP security testing and build reviews for phone and video conferencing systems.
In many organisations, video conference units or telephones are placed within meeting rooms or public areas where visitors will have physical access. Testing can identify if the devices can be used to connect to and compromise the internal corporate network.
VoIP security reviews can provide assurance that devices have been configured in line with security best practice and that there are no common or publicly known vulnerabilities at the time of the test. If vulnerabilities are found these can be rectified before an attack or security breach occurs.
VoIP testing will enable you to:
- Manage vulnerabilities
- Avoid extra cost and reputation damage from a security breach
- Provide evidence of compliance with regulatory and certification standards
- Provide assurance to customers and suppliers that their data is secure
We can conduct detailed assessments of all areas relating to phone and video conference units, such as:
- Build reviews of handsets, VC units, management systems and controllers
- Wireless networks used for DECT handsets
- Traffic sniffing to ensure call data is encrypted and can’t be captured and replayed
- Authentication mechanisms and SIP protocols
- Vulnerability assessments within the device software
- Segregation testing of voice and data networks
Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.
Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.
Frequently Asked Questions
All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.
|CREST Certifications||Certified Testers|
|Practitioner Security Analysts||Yes|
|Registered Penetration Testers||Yes|
|Certified Web Application Testers||Yes|
|Certified Infrastructure Testers||Yes|
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
Our testers are also CHECK Team Leaders (CTL's) or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.
|CHECK Status||Certified Testers|
|CHECK Team Member (CTM)||Yes|
|CHECK Team Leader (CTL) - Infrastructure||Yes|
|CHECK Team Leader (CTL) - Applications||Yes|
Our CHECK status can be viewed on the below link:
It is recommended that VoIP testing should be conducted annually as cyber threats are constantly evolving.
If major changes are made to the phone systems, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.
Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.
VoIP testing prices are based on the number and type of system that are required to be reviewed, therefore there is not an off-the-shelf price for VoIP testing.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full testing report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed technical findings - A complete list of all issues identified
- Affected hosts - A list of all hosts or applications affected
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.