Provas supplies best of breed Products for Security, Vulnerability and Service Assurance for organisations with VoIP and Unified Communications infrastructures.

 

We partner with vendors to bring you the best technology and market leading products from start-up’s through to established equipment vendors.

 

© 2009 Provas Ltd All rights reserved

Registered in England No. 06530880

Site Terms

tel: 01296 761759

Management, Test Access and Network Performance Solutions for the Enterprise

VoIPAudit™

 

VoIPaudit is the only vulnerability assessment and penetration testing product available that is specifically designed to identify Voice over IP (VoIP) and Unified Communication (UC) vulnerabilities . The vendors presently supported are Avaya, Cisco, Nortel, Microsoft and generic SIP implementations.

 

VoIPaudit is a VoIP/UC vulnerability assessment tool that offers an easy-to-use Web interface combined with all the back-end functionality required to proactively identify, track and assist in the remediation of security vulnerabilities found in VoIP/UC systems from the leading vendors.  Features include:

 

• Precise VoIP network discovery
• Fast network scanning for security vulnerabilities and threats
• Optional penetration testing support
• Asset management
• Comprehensive reporting including detailed explanation of potential threats and remediation recommendations

 

VoIPaudit runs on a fully secure operating system and is delivered pre-installed on a laptop or server "appliance".  It can be used at different points of the VoIP/UC life cycle including:

 

• In the lab - to validate vendor claims and identify security flaws before VoIP/UC is deployed.
• During the pilot stage - to test all VoIP/UC system components prior to going live to avoid introducing threats resulting from interactions and dependency between VoIP/UC applications.
• In production - to periodically audit your VoIP/UC network for any vulnerabilities that may have been introduced through new vendor software releases or hardware upgrades.  Also, regular network discovery can ensure no "rogue" devices or applications have been added to the network accidentally or deliberately

 

Included in the VoIPaudit license is a one-year subscription to VoIPshield Update, which provides ongoing software upgrades and vulnerabilities updates.  VoIPshield Laboratories, the research division of VoIPshield Systems, is constantly discovering new vulnerabilities and adding them to our database.  This means VoIPaudit is always able to detect the most recently-discovered vulnerabilities.

 

With VoIPaudit, security and IT staff can reduce or eliminate error-ridden manual checks and perform efficient assessments of their VoIP infrastructure without the need for specialized training.

 

For IT security consultants and auditors, VoIPaudit provides a highly mobile security assessment and penetration testing platform that can be easily moved from one client's VoIP network to another.  All the collected data and reports can be exported from the system in a number of formats, including XML for inclusion in standard reporting systems.

 

 

Features

 

VoIPaudit Enterprise is a robust vulnerability assessment and penetration testing product designed specifically for enterprise VoIP networks.  Features include:

 

VoIP Network Vulnerability Audit

 

• The industry's most comprehensive VoIP-specific database provides proprietary and public VoIP/UC vulnerabilities and remediation recommendations.
• Comprehensive set of pre-defined audits is provided out-of-the box to "quick-start" the scanning process.
• Audits are configurable for optimum performance and minimum network load through configuration wizards. All audit definitions are stored in the database and can be re-used by different users depending on their roles.
• During run-time, users can select non-destructive and/or destructive test cases, select various port scanners and configure special test cases that require authentication parameters. The scope of the audit can be the entire network, or limited by selecting only specific targets and test cases from the default list provided.
• Automatic or manually-selected updates to VoIPaudit's vulnerabilities database.

 

 

VoIP Network Discovery and Asset Management

 

• Precise and in-depth discovery of VoIP infrastructure assets including PBXs, softswitches, gateways, multi-media servers, phones and soft clients. VoIPaudit's discovery process is fast, with low impact.
• Comprehensive asset management enables organizations to keep track of changes and updates to the VoIP infrastructure. The asset information acquired through automated discovery can be augmented by manual additions and changes.
• VoIPaudit can discover and manage multiple VoIP networks at the same time through the implementation of our unique "active network" concept.  Active network enables the system administrator to seamlessly switch between various VoIP/UC networks, sites, or branches without system re-configuration, while at the same time preserving all results and configuration information related to the particular network or site.

 

 

VoIPaudit Reporting

 

• Executive level reports provide a comprehensive view of the VoIP/UC network security assessment and associated trends.
• Detailed technical reports deliver vulnerability descriptions and the potential impact on VoIP/UC devices if exploited.
• Detailed remediation instructions and low level details produced by actual test cases.
• Coverage reports offer detailed information about which test cases were executed, how many times and if a particular vulnerability was discovered on the target.
• "Top 10" scorecard-type reports of the top security risks on the VoIP/UC network.
• Analytical reporting for in-depth analysis of collected data and information in addition to pre-defined reports.
• Trending reports.
• Export reports to PDF, CSV and XML formats.

 

 

System Administration and Management

 

• Web-based interface allows for authorized access to the system from any location.
• Role-based user access controls allow delegation of responsibilities to reflect organizational structure.
• "Group" concept enables administrators to control the scope of responsibilities based on target type and associated test cases.
• Updates to the vulnerabilities database and feature enhancements are controlled by the user since fully automated updates could skew the trends and long-term reporting.
• Comprehensive system report provides vital system statistics.
• Appliance-based product distribution

 

 

Benefits

 

VoIPaudit offers enterprises and security consultants a number of business benefits:

 

• Complete Coverage. The only commercially available VoIP/UC vulnerability assessment and penetration test tool supporting both standard (SIP, H.323, RTP) and proprietary (Skinny, UNISTIM) based VoIP/UC solutions.
• Industry Leading Research. The industry's most extensive database of VoIP specific vulnerabilities and threats constantly updated by world-class VoIP/UC security research team.
• Comprehensive Protection Life Cycle. VoIPaudit can be deployed prior to, during, and following VoIP/UC service deployment enabling organizations to address VoIP vulnerabilities before they impact VoIP QoS and reliability.
• Highly Mobile. VoIPaudit moves seamlessly between different networks, sites and branches without the need for system reconfiguration, thus providing significant capital savings versus fully distributed systems.
• Fast Results. VoIPaudit deploys in minutes so users can immediately run a set of pre-defined, most common audits and tests available out-of-the box.
• Ease of Use. A Web-based user interface provides all the necessary features needed to quickly discover VoIP/UC infrastructure, build custom audits and tests, execute audits and then review results through comprehensive reporting.
• Reporting. Standard and custom reports tailored for executive, management and technical personnel within the organization. Offers a comprehensive view of VoIP/UC infrastructure including trending, baselining, Top 10, vendor and audit report.

 

 

Utilizing the industry's largest database of VoIP/UC specific vulnerabilities and threats, VoIPaudit enables IT security and telecommunications professionals to:

 

• Keep VoIP quality of service, reliability and security at the levels comparable to existing circuit-switched voice.
• Identify potential denial of service, confidentiality, toll fraud and voicemail exploits.
• Assure VoIP compliance with internal and government regulations.

 

 

Features

 

VoIPaudit Enterprise is a robust vulnerability assessment and penetration testing product designed specifically for enterprise VoIP networks.  Features include:

 

VoIP Network Vulnerability Audit

 

• The industry's most comprehensive VoIP-specific database provides proprietary and public VoIP/UC vulnerabilities and remediation recommendations.
• Comprehensive set of pre-defined audits is provided out-of-the box to "quick-start" the scanning process.
• Audits are configurable for optimum performance and minimum network load through configuration wizards. All audit definitions are stored in the database and can be re-used by different users depending on their roles.
• During run-time, users can select non-destructive and/or destructive test cases, select various port scanners and configure special test cases that require authentication parameters. The scope of the audit can be the entire network, or limited by selecting only specific targets and test cases from the default list provided.
• Automatic or manually-selected updates to VoIPaudit's vulnerabilities database.

 

 

VoIP Network Discovery and Asset Management

 

• Precise and in-depth discovery of VoIP infrastructure assets including PBXs, softswitches, gateways, multi-media servers, phones and soft clients. VoIPaudit's discovery process is fast, with low impact.
• Comprehensive asset management enables organizations to keep track of changes and updates to the VoIP infrastructure. The asset information acquired through automated discovery can be augmented by manual additions and changes.
• VoIPaudit can discover and manage multiple VoIP networks at the same time through the implementation of our unique "active network" concept.  Active network enables the system administrator to seamlessly switch between various VoIP/UC networks, sites, or branches without system re-configuration, while at the same time preserving all results and configuration information related to the particular network or site.

 

 

VoIPaudit Reporting

 

• Executive level reports provide a comprehensive view of the VoIP/UC network security assessment and associated trends.
• Detailed technical reports deliver vulnerability descriptions and the potential impact on VoIP/UC devices if exploited.
• Detailed remediation instructions and low level details produced by actual test cases.
• Coverage reports offer detailed information about which test cases were executed, how many times and if a particular vulnerability was discovered on the target.
• "Top 10" scorecard-type reports of the top security risks on the VoIP/UC network.
• Analytical reporting for in-depth analysis of collected data and information in addition to pre-defined reports.
• Trending reports.
• Export reports to PDF, CSV and XML formats.

 

 

System Administration and Management

 

• Web-based interface allows for authorized access to the system from any location.
• Role-based user access controls allow delegation of responsibilities to reflect organizational structure.
• "Group" concept enables administrators to control the scope of responsibilities based on target type and associated test cases.
• Updates to the vulnerabilities database and feature enhancements are controlled by the user since fully automated updates could skew the trends and long-term reporting.
• Comprehensive system report provides vital system statistics.
• Appliance-based product distribution

 

 

Benefits

 

VoIPaudit offers enterprises and security consultants a number of business benefits:

 

• Complete Coverage. The only commercially available VoIP/UC vulnerability assessment and penetration test tool supporting both standard (SIP, H.323, RTP) and proprietary (Skinny, UNISTIM) based VoIP/UC solutions.
• Industry Leading Research. The industry's most extensive database of VoIP specific vulnerabilities and threats constantly updated by world-class VoIP/UC security research team.
• Comprehensive Protection Life Cycle. VoIPaudit can be deployed prior to, during, and following VoIP/UC service deployment enabling organizations to address VoIP vulnerabilities before they impact VoIP QoS and reliability.
• Highly Mobile. VoIPaudit moves seamlessly between different networks, sites and branches without the need for system reconfiguration, thus providing significant capital savings versus fully distributed systems.
• Fast Results. VoIPaudit deploys in minutes so users can immediately run a set of pre-defined, most common audits and tests available out-of-the box.
• Ease of Use. A Web-based user interface provides all the necessary features needed to quickly discover VoIP/UC infrastructure, build custom audits and tests, execute audits and then review results through comprehensive reporting.
• Reporting. Standard and custom reports tailored for executive, management and technical personnel within the organization. Offers a comprehensive view of VoIP/UC infrastructure including trending, baselining, Top 10, vendor and audit report.

 

 

Utilising the industry's largest database of VoIP/UC specific vulnerabilities and threats, VoIPaudit enables IT security and telecommunications professionals to:

 

• Keep VoIP quality of service, reliability and security at the levels comparable to existing circuit-switched voice.
• Identify potential denial of service, confidentiality, toll fraud and voicemail exploits.
• Assure VoIP compliance with internal and government regulations.