VoIP and Telephony assessment
The convergence of voice, data, and video, provides organisations with welcome cost savings.
The robustness of the telephony system in isolation is a significant concern; there are a range of threats to the confidentiality, availability and integrity of the telephony system and testing evaluates all of these.Testing typically includes reviewing handsets, soft-phones, the telephony servers and a range of network layer activities to fully understand whether the telephony system can be considered secure and reliable.
The need to segregate voice services from the traditional corporate network is well publicised and this is the second area of attention. The method of segregation (commonly VLANs) will be subject to review, as will any servers that bridge both data and voice networks to ensure that they are capable of maintaining the required level of segregation.
The type of testing conducted will be dictated by the nature of the solution and in addition to telephony specific skills, tests may include elements of wireless testing, infrastructure penetration testing, application testing, build reviews, remote access testing and more.The mission critical nature of voice services is not lost on Portcullis and neither are the challenges of the multipartite ownership of voice services. Portcullis will work with all parties to develop a test plan that meets the needs of all involved, which can include out of hours testing where appropriate.
Why perform VoIP and Telephony assessment?
- Address government and industry regulatory compliance requirements.
- Discover Telephony network vulnerabilities and risks to your business systems.
- Validate the effectiveness of current security safeguards.
- Identify remediation steps to help prevent network compromise.