VoIP

Nettitude has strong expertise in penetration testing Voice Over IP and Voice over IP applications. VoIP is in essence an IP enabled application that flows over the corporate LAN and WAN. However, due to the way VoIP behaves, it requires the network to be configured in a way that can be very different to traditional data services. It is common for discrete VLANs to be assigned to voice and Video applications so that they can have Quality of Service controls defined against them.

Nettitude looks to manipulate the network, so that they can assess the voice infrastructure and capture phone calls entering and leaving the corporate network. In many infrastructures the network can be manipulated to listen in to calls to and from the CEO without him or her ever being the wiser. Similarly, Nettitude can assess VoIP services to see whether an external caller could spawn further external calls using internal VoIP services as a springboard. In many instances these types of attempts result in phone fraud with unsuspecting organisations being left to pick large international bills.

IP telephony is often subjected to weaker security controls than traditional data services, Nettitude looks to use these weaknesses to gain deeper access to the corporate environment than would be allowed from the data network. This service results in bespoke report generation unique to your organisation and the infrastructure that it houses. Nettitude looks to identify the exposures within your Voice environment whilst providing pragmatic advice on how you can mitigate against them.

• Vuln: Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability
• Vuln: Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability
• Vuln: Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability