Testing SIP Security on a Budget

VoIP is a critical real-time service with many complex moving parts. Without the proper precautions, VoIP protocols and systems can become vectors for misuse or attack affecting not only voice services but your entire IP network. In the 'prequil' to this investigation, we discussed common vulnerabilities that can impact SIP-based VoIP installations. Here, we take you on a guided tour of freely-available VoIP vulnerability test tools.

Vulnerability assessment is the process of finding and fixing your own weaknesses before hackers get a chance to exploit them. When it comes to VoIP, this involves locating and scrutinizing all of your VoIP handsets, softphones, call managers, signaling servers, and media servers for implementation flaws, missing patches, and configuration mistakes.

Why conduct a VoIP vulnerability assessment? To reduce your exposure to VoIP security threats, including network/service break-ins, voice service disruption, caller impersonation, eavesdropping, and toll fraud. For example, unencrypted signaling protocols and weak passwords leave you vulnerable to spoofed SIP signaling messages that can be used to place fraudulent calls, break into voice mailboxes, or tear down calls in progress.