VoIPcode.org provides design services, security assessments and vulnerability analysis of all components of a VoIP network. This includes applications servers and User Agents, specifically IP-PBXs, soft-switches, VoIP aware Firewalls and Session Border Controllers. These assessments and analyses are aimed at identifying potential security risks, detailing the potential service impact and making recommendations for mitigating those risks.

A security assessment is a theoretical analysis of a proposed network design highlighting potential risk areas and identifying the possible consequences of operating the planned design without addressing the identified risks. The assessment also defines a set of security countermeasures that should be applied to the design to reduce those risks to an acceptable level. The deliverables of a security assessment include a statement of scope, which will be agreed between VoIPcode.org and the contracting organisation before formal commencement of the project, and a full written report. The deliverables may optionally include a formal presentation of the study's findings.

A vulnerability analysis is a practical analysis of a test network installation or of an operational network. The analysis will include the following test categories:

  • Network and transport level port scan
  • Analysis on the operating system of the target(s)
  • Tests of known SIP and H.323 application and protocol vulnerabilities
  • Tests of known RTP vulnerabilities
  • Tests of content related vulnerabilities

While the vulnerability analysis includes some elements of a standard IP security test, the focus is on VoIP specific threats such as call disruption, hijacking and attacks in on the media stream.

The deliverables of a vulnerability analysis include a statement of scope, which will agreed between VoIPcode.org and the contracting organisation before formal commencement of the project, a full written report and a resource CD which includes copies of some of the tools used to test the SIP specific vulnerabilities. The deliverables may optionally include a formal presentation of the study's findings.

The consultancy team responsible for delivering these services has many years of experience in designing and analysing perimeter security products for a range of IP applications including VoIP and Video applications as well as email, web and other legacy applications. All services are charged at a daily rate which depends in the duration of the duration of the study and on the details of the work required.

For more information, please email info@voipcode.org.