topleft topright
VoIPaudit

VoIPaudit is the only vulnerability assessment and penetration testing product available that is specifically designed to identify Voice over IP (VoIP) vulnerabilities in enterprise VoIP systems.   The vendors presently supported are Avaya, Cisco and Nortel.  The protocols supported are SIP and the proprietary signalling protocols used by the supported vendors.

VoIPaudit is a VoIP network scanning tool that offers an easy-to-use Web interface combined with all the back-end functionality required to proactively identify, track and assist in the remediation of security vulnerabilities found in VoIP systems from the leading vendors.  Features include:

  • VoIP network discovery
  • Network scanning for security vulnerabilities and threats
  • Optional penetration testing
  • Asset management
  • Comprehensive reporting including detailed explanation of potential threats and remediation suggestions

VoIPaudit runs on a fully secure Red Hat Linux platform and is delivered pre-installed on a laptop or server "appliance".  It can be used in a number of enterprise environments including:

  • In the lab - to validate vendor claims and identify security flaws before VoIP is deployed.
  • During the pilot stage - to test all VoIP system components prior to going live to avoid introducing threats resulting from interactions and dependency between VoIP applications.
  • In production - to periodically audit your VoIP network for any any vulnerabilities that may have been introduced through new vendor software releases or hardware upgrades.  Also, regular network discovery can ensure no "rogue" devices or applications have been added to the network accidentally or deliberately

Included in the VoIPaudit license is a one-year subscription to VoIPshield UpdateTM, which provides ongoing software upgrades and vulnerabilities updates.  VoIPshield Laboratories, the research division of VoIPshield Systems, is constantly discovering new vulnerabilities and adding them to our database.  This means VoIPaudit is always able to detect the most recently-discovered vulnerabilities.

With VoIPaudit, security and IT staff can reduce or eliminate error-ridden manual checks and perform efficient assessments of their VoIP infrastructure without the need for specialized training.

VoIPAudit Scanning Engine 

For IT security consultants and auditors, VoIPaudit provides a highly mobile security assessment and penetration testing platform that can be easily moved from one client's VoIP network to another.  All the collected data and reports can be exported from the system in a number of formats, including XML for inclusion in standard reporting systems.

Try it before you buy it

VoIPaudit is available in two versions:

  • VoIPaudit Enterprise
    A full-featured version of VoIPaudit with support for multiple VoIP vendor systems, multiple users, unlimited scan targets, and comprehensive reporting.

  • VoIPaudit Lite
    VoIPaudit LiteT is a basic version of VoIPaudit. It provides the same vulnerability assessment and penetration testing functionality, and is intended to give the prospective VoIPaudit Enterprise buyer a no cost introduction to the product. Visit the VoIPaudit Lite page for more information.

Comparison Chart

Feature

VoIPaudit Enterprise

VoIPaudit Lite

Number of targets in single scan

1,024

128

Number of Networks

Multiple

Single

Number of Users

Multiple

Single

Vendors Included

All Available

Single (selected on download)

Support

Full Support

Email Support only

Vulnerability Updates

1 Year Included

Subscription Available

Analytics

 

Customizable Audits

 

Customizable Reports

 

Software Updates

Network Discovery

Asset Management

Vulnerability Reporting

Port Scanners

Web based interface

Role based access

Full featured Help

Recommended Use

Enterprise

Trial/Pilot/SMB

Delivery platform

Appliance

Virtual appliance - downloadable and runs on any Windows or Linux PC

Features

VoIPaudit Enterprise is a robust vulnerability assessment and penetration testing product designed specifically for enterprise VoIP networks.  Features include:

VoIP Network Vulnerability Audit

  • The industry's most comprehensive VoIP-specific database provides proprietary and public VoIP vulnerabilities and remediation suggestions.
  • Comprehensive set of pre-defined audits is provided out-of-the box to "quick-start" the scanning process. 
  • Audits are configurable for optimum performance and minimim network load through configuration wizards. All audit definitions are stored in the database and can be re-used by different users depending on their roles.
  • During run-time, users can select non-destructive and/or destructive test cases, select various port scanners and configure special test cases that require authentication parameters. The scope of the audit can be the entire network, or limited by selecting only specific targets and test cases from the default list provided.
  • Automatic or manually-selected updates to VoIPaudit's vulnerabilities database.

VoIP Network Discovery and Asset Management

  • Precise and in-depth discovery of VoIP infrastructure assets including PBXs, softswitches, gateways, multi-media servers, phones and soft clients. VoIPaudit's discovery process is fast, with low impact.
  • Comprehensive asset management enables organizations to keep track of changes and updates to the VoIP infrastructure. The asset information acquired through automated discovery can be augmented by manual additions and changes.
  • VoIPaudit can discover and manage multiple VoIP networks at the same time through the implementation of our unique "active network" concept.  Active network enables the system administrator to seamlessly switch between various VoIP networks, sites, or branches without system re-configuration, while at the same time preserving all results and configuration information related to the particular network or site.

VoIPaudit Reporting

  • Executive level reports provide a comprehensive view of the VoIP network security assessment and associated trends.
  • Detailed technical reports deliver vulnerability descriptions and the potential impact on VoIP devices if exploited.
  • Detailed remediation instructions and low level details produced by actual test cases.
  • Coverage reports offer detailed information about which test cases were executed, how many times and if a particular vulnerability was discovered on the target.
  • "Top 10" scorecard-type reports of the top security risks on the VoIP network.
  • Analytical reporting for in-depth analysis of collected data and information in addition to pre-defined reports.
  • Trending reports.
  • Export reports to PDF, CSV and XML formats.

System Administration and Management

  • Web-based interface allows for authorized access to the system from any location.
  • Role-based user access controls allow delegation of responsibilities to reflect organizational structure.
  • "Group" concept enables administrators to control the scope of responsibilities based on target type and associated test cases.
  • Updates to the vulnerabilities database and feature enhancements are controlled by the user since fully automated updates could skew the trends and long-term reporting.
  • Comprehensive system report provides vital system statistics.
  • Appliance-based product distribution

Benefits

VoIPaudit offers enterprises and security consultants a number of business benefits:

  • Complete Coverage. The only commercially available VoIP vulnerability assessment and penetration test tool supporting both standard (SIP, H.323, RTP) and proprietary (Skinny, UNISTIM) based VoIP solutions.
  • Industry Leading Research. The industry's most extensive database of VoIP specific vulnerabilities and threats constantly updated by world-class VoIP security research team.
  • Comprehensive Protection Life Cycle. VoIPaudit can be deployed prior to, during, and following VoIP service deployment enabling organizations to address VoIP vulnerabilities before they impact VoIP QoS and reliability.
  • Highly Mobile. VoIPaudit moves seamlessly between different networks, sites and branches without the need for system reconfiguration, thus providing significant capital savings versus fully distributed systems.
  • Fast Results. VoIPaudit deploys in minutes so users can immediately run a set of pre-defined, most common audits and tests available out-of-the box.
  • Ease of Use. A Web-based user interface provides all the necessary features needed to quickly discover VoIP infrastructure, build custom audits and tests, execute audits and then review results through comprehensive reporting.
  • Reporting. Standard and custom reports tailored for executive, management and technical personnel within the organization. Offers a comprehensive view of VoIP infrastructure including trending, baselining, Top 10, vendor and audit report.

Utilizing the industry's largest database of VoIP specific vulnerabilities and threats, VoIPaudit enables IT security and telecommunications professionals to:

  • Keep VoIP quality of service, reliability and security at the levels comparable to existing circuit-switched voice.
  • Identify potential denial of service, confidentiality, toll fraud and voicemail exploits.
  • Assure VoIP compliance with internal and government regulations.
 
Push the Go button for more information.

Download the VoIPaudit Product Fact Sheet in PDF format

Download the VoIPguard Product Fact Sheet in PDF format

Attend a live Webinar to find out more and ask questions
info@voipshield.com | Privacy Policy | Sitemap
Copyright © VoIPshield Systems Inc. All rights reserved.