VoIPaudit Vulnerability Assessment and Penetration Testing

By: Voipshield  09-12-2011
Keywords: Voice over IP, Voice Over, Penetration Testing

VoIPaudit is the only vulnerability assessment and penetration testing product available that is specifically designed to identify Voice over IP (VoIP) and Unified Communication (UC) vulnerabilities . The vendors presently supported are Avaya, Cisco, Nortel, Microsoft and generic SIP implementations.

VoIPaudit is a VoIP/UC vulnerability assessment tool that offers an easy-to-use Web interface combined with all the back-end functionality required to proactively identify, track and assist in the remediation of security vulnerabilities found in VoIP/UC systems from the leading vendors.  Features include:

  • Precise VoIP network discovery
  • Fast network scanning for security vulnerabilities and threats
  • Optional penetration testing support
  • Asset management
  • Comprehensive reporting including detailed explanation of potential threats and remediation recommendations

VoIPaudit runs on a fully secure operating system and is delivered pre-installed on a laptop or server "appliance".  It can be used at different points of the VoIP/UC life cycle including:

  • In the lab - to validate vendor claims and identify security flaws before VoIP/UC is deployed.
  • During the pilot stage - to test all VoIP/UC system components prior to going live to avoid introducing threats resulting from interactions and dependency between VoIP/UC applications.
  • In production - to periodically audit your VoIP/UC network for any vulnerabilities that may have been introduced through new vendor software releases or hardware upgrades.  Also, regular network discovery can ensure no "rogue" devices or applications have been added to the network accidentally or deliberately

Included in the VoIPaudit license is a one-year subscription to VoIPshield Update, which provides ongoing software upgrades and vulnerabilities updates.  VoIPshield Laboratories, the research division of VoIPshield Systems, is constantly discovering new vulnerabilities and adding them to our database.  This means VoIPaudit is always able to detect the most recently-discovered vulnerabilities.

With VoIPaudit, security and IT staff can reduce or eliminate error-ridden manual checks and perform efficient assessments of their VoIP infrastructure without the need for specialized training. 

For IT security consultants and auditors, VoIPaudit provides a highly mobile security assessment and penetration testing platform that can be easily moved from one client's VoIP network to another.  All the collected data and reports can be exported from the system in a number of formats, including XML for inclusion in standard reporting systems.


VoIPaudit Enterprise is a robust vulnerability assessment and penetration testing product designed specifically for enterprise VoIP networks.  Features include:

VoIP Network Vulnerability Audit

  • The industry's most comprehensive VoIP-specific database provides proprietary and public VoIP/UC vulnerabilities and remediation recommendations.
  • Comprehensive set of pre-defined audits is provided out-of-the box to "quick-start" the scanning process. 
  • Audits are configurable for optimum performance and minimum network load through configuration wizards. All audit definitions are stored in the database and can be re-used by different users depending on their roles.
  • During run-time, users can select non-destructive and/or destructive test cases, select various port scanners and configure special test cases that require authentication parameters. The scope of the audit can be the entire network, or limited by selecting only specific targets and test cases from the default list provided.
  • Automatic or manually-selected updates to VoIPaudit's vulnerabilities database.

VoIP Network Discovery and Asset Management

  • Precise and in-depth discovery of VoIP infrastructure assets including PBXs, softswitches, gateways, multi-media servers, phones and soft clients. VoIPaudit's discovery process is fast, with low impact.
  • Comprehensive asset management enables organizations to keep track of changes and updates to the VoIP infrastructure. The asset information acquired through automated discovery can be augmented by manual additions and changes.
  • VoIPaudit can discover and manage multiple VoIP networks at the same time through the implementation of our unique "active network" concept.  Active network enables the system administrator to seamlessly switch between various VoIP/UC networks, sites, or branches without system re-configuration, while at the same time preserving all results and configuration information related to the particular network or site.

VoIPaudit Reporting

  • Executive level reports provide a comprehensive view of the VoIP/UC network security assessment and associated trends.
  • Detailed technical reports deliver vulnerability descriptions and the potential impact on VoIP/UC devices if exploited.
  • Detailed remediation instructions and low level details produced by actual test cases.
  • Coverage reports offer detailed information about which test cases were executed, how many times and if a particular vulnerability was discovered on the target.
  • "Top 10" scorecard-type reports of the top security risks on the VoIP/UC network.
  • Analytical reporting for in-depth analysis of collected data and information in addition to pre-defined reports.
  • Trending reports.

System Administration and Management

  • Web-based interface allows for authorized access to the system from any location.
  • Role-based user access controls allow delegation of responsibilities to reflect organizational structure.
  • "Group" concept enables administrators to control the scope of responsibilities based on target type and associated test cases.
  • Updates to the vulnerabilities database and feature enhancements are controlled by the user since fully automated updates could skew the trends and long-term reporting.
  • Comprehensive system report provides vital system statistics.
  • Appliance-based product distribution


VoIPaudit offers enterprises and security consultants a number of business benefits:

  • Complete Coverage. The only commercially available VoIP/UC vulnerability assessment and penetration test tool supporting both standard (SIP, H.323, RTP) and proprietary (Skinny, UNISTIM) based VoIP/UC solutions.
  • Industry Leading Research. The industry's most extensive database of VoIP specific vulnerabilities and threats constantly updated by world-class VoIP/UC security research team.
  • Comprehensive Protection Life Cycle. VoIPaudit can be deployed prior to, during, and following VoIP/UC service deployment enabling organizations to address VoIP vulnerabilities before they impact VoIP QoS and reliability.
  • Highly Mobile. VoIPaudit moves seamlessly between different networks, sites and branches without the need for system reconfiguration, thus providing significant capital savings versus fully distributed systems.
  • Fast Results. VoIPaudit deploys in minutes so users can immediately run a set of pre-defined, most common audits and tests available out-of-the box.
  • Ease of Use. A Web-based user interface provides all the necessary features needed to quickly discover VoIP/UC infrastructure, build custom audits and tests, execute audits and then review results through comprehensive reporting.
  • Reporting. Standard and custom reports tailored for executive, management and technical personnel within the organization. Offers a comprehensive view of VoIP/UC infrastructure including trending, baselining, Top 10, vendor and audit report.

Utilizing the industry's largest database of VoIP/UC specific vulnerabilities and threats, VoIPaudit enables IT security and telecommunications professionals to:

  • Keep VoIP quality of service, reliability and security at the levels comparable to existing circuit-switched voice.
  • Assure VoIP compliance with internal and government regulations.



Keywords: Penetration Testing, Research Division, Secure Operating System, Voice Over, Voice over IP, Voip Infrastructure, Vulnerabilities, vulnerability assessment,

Other products and services from Voipshield


VoIPmonitor PBX Monitoring | VoIPshield Systems Inc

VoIPmonitor empowers VoIP PBX administrators to forward selected events in real-time to destinations such as in-house Network Operations Centers, Network Management Systems and Operational Support Systems without impacting the existing local administration processes. Sophisticated event filtering enables the administrators to choose the events that matter to them minimizing the impact on the NMS/OSS and network bandwidth.


VoIPshield Products | VoIPshield Systems Inc

In addition, many new protocols and products make up the VoIP infrastructure, which traditional security products and approaches are not designed to protect. VoIP networks and devices are vulnerable to unique security threats and exploits, because of the real-time nature of the traffic. VoIPshield Systems has developed the most comprehensive solution for Voice over IP Security on the market.


VoIPguard VoIP Intrustion Prevention System

Years of research by VoIPshield Laboratories, the research division of VoIPshield Systems, has yielded the industry's most comprehensive database of known attack signatures. VoIPguard™ is the industry's first Enterprise VoIP Intrusion Prevention System with comprehensive protection for Voice over IP systems from the leading VoIP vendors.