Web-based IP telephony penetration system evaluating level of protection from attacks and threats

Abstract

This article deals with detection of threats in IP telephony, the authors developed a penetration testing system that is able to check up the level of protection from security threats in IP telephony. SIP is being widely used in building VoIP networks. Unlike the traditional telephone networks VoIP networks does not have a closed communication which makes communication medium vulnerable to all kinds of attacks from the in truders. The SIP server is a key component of VoIP infrastructure and often becomes the aim of attacks and providers have to ensure the appropriate level of security. We have developed web-based penetration system which is able to check the SIP server if can face to the most common attacks. The developed application is distributed as an open-source and is equipped with four modules. The result is reported to the particular e-mail and information supplemented to the report should help to improve the overall protection of the SIP server. The developed application represents effective tool which is able to point out the weaknesses of the tested system.