PENTEST. Pentest Services. VoIP & Web. www.novacybersecurity.com

Similar documents
Securing SIP Trunks APPLICATION NOTE.

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Cisco Advanced Services for Network Security

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

VoIP Security regarding the Open Source Software Asterisk

Recommended IP Telephony Architecture

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

Information Security Assessment and Testing Services RFQ # Questions and Answers September 8, 2014

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Threats to be considered (1) ERSTE GROUP

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

Best Practices for Securing IP Telephony

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Penetration Testing Scope Factors

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

Information Security Organizations trends are becoming increasingly reliant upon information technology in

SIP Security Controllers. Product Overview

The Trivial Cisco IP Phones Compromise

SIP Trunking Configuration with

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Penetration Testing //Vulnerability Assessment //Remedy

VmSat (VoIP monitoring & Security assessment tool)

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

Enumerating and Breaking VoIP

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

Goals. Understanding security testing

Application Security Testing

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

On Demand Penetration Testing Applications Networks Compliance.

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

White Paper. avaya.com 1. Table of Contents. Starting Points

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Top 20 Critical Security Controls

SECURITY. Risk & Compliance Services

NEW!!! Industry s only Comprehensive VoIP Security Boot Camp

NETWORK PENETRATION TESTING

SS7 & LTE Stack Attack

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Security & Reliability in VoIP Solution

Managing IT Security with Penetration Testing

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

ICANWK406A Install, configure and test network security

Building the Lync Security Eco System in the Cloud Fact Sheet.

Ingate Firewall/SIParator SIP Security for the Enterprise

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Evaluation Report. Office of Inspector General

VoIP Wars: Destroying Jar Jar Lync

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

How to make free phone calls and influence people by the grugq

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Enterprise Voice and Online Services with Microsoft Lync Server 2013

CYBERTRON NETWORK SOLUTIONS

An Introduction to Network Vulnerability Testing

ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network

Security and Vulnerability Testing How critical it is?

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Cisco Security Optimization Service

Polycom Recommended Best Security Practices for Unified Communications

Chapter 6: Fundamental Cloud Security

Security and Risk Analysis of VoIP Networks

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Information Security Services

CEH Version8 Course Outline

Penetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD

Penetration Testing. Presented by

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

VoIP Survivor s s Guide

Vulnerability Management

SAST, DAST and Vulnerability Assessments, = 4

Vulnerabilities in SOHO VoIP Gateways

Security issues in Voice over IP: A Review

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Network Security: Introduction

Potential Targets - Field Devices

Security Issues with Integrated Smart Buildings

Module 4 Protection of Information Systems Infrastructure and Information Assets. Chapter 6: Network Security

Basic Vulnerability Issues for SIP Security

Introducing Cisco Voice and Unified Communications Administration Volume 1

Threat Mitigation for VoIP

How To Test For Security On A Network Without Being Hacked

Voice over IP Security

Pentests more than just using the proper tools

Network Segmentation

Pentests more than just using the proper tools

Basics of Internet Security

Transcription:

PENTEST VoIP & Web Pentest Services

VoIP & WEB Penetration Testing The Experinced and National VoIP/Unified Communications R&D organization, NETAŞ NOVA Pentest Services test the applications, infrastructure and devices themselves to ensure they are protected from VoIP, WEB and Unified Communications-related attacks. Ensuring complete vulnerability and risk management, these services start with the discovery of all VoIP, WEB and Unified Communication assets, protocols, and applications on the networks which are then analyzed using the most up-to-date vulnerability information databases. VoIP/UC Targeting both enterprises and services providers looking to assess their VoIP/UC network or OEMs looking to test the latest VoIP/UC device, the VoIP/UC Pentest Service consist of 3 components: VoIP/UC Vulnerability Analysis Risk Assessment Penetration Testing

VoIP/UC Vulnerability Analysis The Vulnerability Analysis service evaluates the robustness of the VoIP/UC devices, infrastructure and applications on the network by using the following and other attack vectors: Identity Spoofing (Caller ID/ANI Spoofing) Conversation Eavesdropping / Sniffing Password Cracking Man-In-The-Middle SIP-Bye DoS SIP Bombing RTP Insertion Attacks Web Based Management Console Hacks Fuzzing Default Passwords This analysis is based on the attacker s location includes the network entry points where the attacker could breach the network security. An asset listing, threat analysis and remediation report is included as part of this service. This report highlights new vulnerabilities discovered and/or those fixed since the last threat analysis report if part of an ongoing service.

Risk Assessment Threats are carefully assessed and risk is prioritized based on asset value and probability of exploitation. An asset in this context is defined as a value-bearing component in the infrastructure or service where revenue is lost if the asset becomes unavailable. Penetration Testing The Penetration Testing service consists of launching ethical hacks on a controlled environment such as a lab or an isolated piece of a production network. Exploits of known vulnerabilities are launched, using the NOVA V-SPY and other tests, based on the information gathered about the network in the discovery phase. This test also exposes points where the attacker could breach the network security. A penetration testing report is generated which shows evidence of the existence of vulnerabilities along with the necessary recommendations. Components to be tested; VoIP Components 1. User Agents (devices) 6. Redirect Servers 2. Media gateways 7. Registrar Servers 3. Signaling gateways 8. Location Servers 4. Gatekeepers 9. Network management system 5. Proxy Servers 10. Billing systems

Web Application Penetration Testing NOVA Web Application Penetration Testing offers the most comprehensive web application penetration testing capabilities available in one solution. With NOVA Penetration Testing, you go beyond scanning to exploit and interact with vulnerable web applications just as an attacker could. In our methodology we integrates web application testing with network, endpoint and wireless testing, enabling you to assess your organization s ability to detect, prevent and respond to real-world, multi-staged threats. Identify weaknesses in web applications, web servers and associated databases Dynamically generate exploits that can compromise security weaknesses Demonstrate the potential consequences of a breach Gather information necessary for addressing security issues and preventing data incidents

Attack Vectors Server Vulnerabilities, Misconfiguration, DOSi Zero Day (Fuzzing) Application User Authentication, Session Management, Data validation, Functional Bugs User Social Engineering, Business Logic Used Vulnerability Templates Test Methodology Manual Automatic W-SPY Open Source Tools Commercial Hybrid Testing Process Reconnaicanse Mapping Discovery Exploit Reporting OWASP, CWE, NETAS Audit Checklist

KICK-OFF Kick-off Meeting and Preparation FOR Section KICKOFF the following steps achieved NDA Signing Test analysis document is filled by customer Understanding VLAN configuration, Network design and QoS requirements Reliable test tools are deployed on test computers that were wiped Secure encrypted partition is created on team workstation computer for store evidence PENTEST Analysis of Security Vulnerabilities and Weaknesses FOR Section PENTEST the following steps achieved The test environment is monitored and audited with security softwares During the test be required to accompany at least two staff Denial of Service attacks Social Engineering attacks Vulnerability assessment and exploitation of UC Network, Applications Individual test of product specific vulnerabilities In-depth security test of Mobile and Web Apps

AUDIT Configuration Check and Best Practices FOR Section AUDIT the following steps achieved Security audit check is fulfilled on network devices, OS, UC servers, UC Applications Topology and Configuration Analysis Voice policy, PSTN usage, security policy and procedures analysis Advanced architecture design review Dial plan, call routing and conference configuration validation Compliance with security standards DOCUMENTATION & CLEAN Detailed Report Presentation Cleaning of Environment FOR Section DOCUMENTATION & CLEAN the following steps achieved Report is generated with the data obtained during the test Test computer are wiped Offering Practical steps to take to solve and prevent UC problems Evidences are deleted

RETEST FOR Section RETEST the following steps achieved Required hardening procedures are applied after pentest Existing vulnerabilities are fixed or ignored Required security products, applications or services implementation Repeat the Pentest Detailed Info /NetasTR /NetasTR /NetasTR /company/netas NETAŞ TELEKOMÜNİKASYON A.Ş. Yenişehir Mahallesi Osmanlı Bulvarı No:11 34912 Kurtköy-Pendik / İstanbul

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information