Latest News
- PCI compliance may be bitter pill to swallow, but it's for merchants' own good
- Google's financial incentives for vulnerability detection will be welcomed, but it may attract money-motivated non-technical people
- Credit card fraud expected to rise at Christmas
- BBC disability site detected as being vulnerable to a cross site scripting attack
- Organisations struggle to understand PCI DSS, call centre compliance
Click here to see more news.
Vulnerabilities
Click here to see more of ProCheckUp's published vulnerabilities.
Telecommunications and Telephony Security Test
ProCheckUp can test both, traditional PSTN (Public Switched Telephone Network) infrastructure and new VoIP (Voice over IP) technologies.
Our Telecommunications and Telephony Security Test will attempt to answer the following questions:
- Are there any modems attached to employee workstations or servers that might allow remote attackers to gain internal access to your corporate network via the telephone network?
- Can fraudsters abuse your telephony equipment to make “free” or cheaper phone calls that would be billed to your organization?
- Is it possible to listen to employees’ conversations remotely by compromising your organization’s PBX or gaining access to voice traffic from inside of the network?
- Can computer criminals gain remote access to your staff voice mails?
Traditional PSTN security testing
ProCheckUp will scan the telephone exchange owned by the customer to be tested (i.e.: range of DDI telephone numbers including main switchboard) as an attempt to find carrier tones. This process is known as carrier scanning or “wardialing”. ProCheckUp will also try to gain access to administrative features of the corporate PBX (Private Branch eXchange) such as DISA (Direct Inward System Access), both using automate computer-based scanning and brute-forcing methods Finally, ProCheckUp will also try to gain access to employee voice mails and extension settings, for the purpose of gaining access to sensitive information, and performing toll fraud attacks.
VoIP Security Testing
VoIP infrastructure, although is based on newer technologies such as SIP, is essentially vulnerable to the same attacks as traditional PSTN infrastructure. The only difference is that such technologies communicate via IP (Internet Protocol suite), which essentially switches the attack vectors from the traditional telephone network to Internet and Intranet (LAN) attacks.
ProCheckUp recommends performing VoIP Security Testing from both, an external and internal perspective. In both cases, ProCheckUp will try to identify and exploit both PBX equipment and IP telephony handsets. ProCheckUp can test any type of VoIP technology.
Contact us to discuss your individual penetration testing needs.