EXPRESS S.A.F.E. (Security & Fraud Evaluation)
DISCOVER & EVALUATE
VOIP SECURITY VULNERABILITIES
Stop VoIP attacks before they begin.
Express S.A.F.E. provides the actionable data you need to discover and evaluate critical security vulnerabilities and proposes recommendations to mitigate future threats.
There are more ways for hackers to compromise a VoIP system than a PBX or traditional phone system because VoIP and data run over the same network. What was once a minor threat has become a malicious tool for money-hungry hackers and a potentially catastrophic tool for state sponsored cyber terrorist organizations. In short, VoIP attacks are on the rise and with AveriStar's Express S.A.F.E. (Security & Fraud Evaluation) you can stop the attacks before they begin.
Actionable Data & Reporting
We provide detailed security information allowing organizations to make informed decisions based on the needs and requirements of the business.
Increased Security Posture
We evaluate the infrastructure of the VoIP network, allowing corporations to strengthen their security posture and decrease the risk of a security breach.
Overall Reliablity & Piece of Mind
Security & Fraud Evaluation increases system uptime, greatly reducing costly downtime, loss of data, revenue, and productivity.
AveriStar performs an evaluation to determine the susceptibility of your telephony infrastructure to an attack or exploit. Our engineers scans for vulnerabilities, administer penetration testing, and review configuration settings.
Web application security is of particular concern because it’s used to simultaneously let legitimate users in while keeping suspicious individuals out. We will take the necessary steps to make sure the recommended password and passcode settings are in place.
Having a proper call processing policy can help reduce the threat from Voice Phishing and SPIT (VoIP Spam). We’ll analyze the call processing policy and ensure the number of concurrent calls and redirections are limited on a PER USER basis.
We can impose restrictions on call type, duration, and time of day, and apply specific actions (block, allow, transfer) to calls that meet certain criteria. Rules can be applied to incoming calls, outgoing calls, or redirects. These restrictions can be activated at the system level or the service provider / enterprise level.
Using device management file authentication, we will use encryption to determine that the user at a given phone is who they say they are. Consequently, preventing the hijacking of service in your hosted environment. We’ll also check for unique username and password settings for each device provisioned.
In addition to the system settings, we will review the call processing policies. They can be set to override the system settings at the Service Provider, Enterprise, group and user levels.
We will develop an advanced caller identification system for calls placed over the Internet that would be verified and authenticated. We’ll also enable software to identify the origin of these calls. If they are an Internet number created solely for a DDOS attack, the software will be able to block the call.