[VOIPSEC] Any pointers to "audit methodology" for analyzing VoIP systems?
Barrie Dempster
barrie at reboot-robot.net
Wed Dec 12 08:49:33 CST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is exactly the area I've been looking at and trying to raise
recently. I've worked on an internal methodology for my employers and
presented an overview of this publicly earlier this year. Although my
efforts were not from a forensics stance, more focused on security
assessment.
http://www.ngssoftware.com/research/papers/Blackhat-2007-VOIP-Security.pdf
I'd be very interested to see anyone's ideas on the topic and would
offer to lead or participate in a VOIPSA effort along these lines.
Dan York wrote:
> VOIPSEC readers,
>
> As I just posted here:
>
> http://voipsa.org/blog/2007/12/12/pointers-to-any-audit-methodology-for-forensic-analysis-of-voip-systems/
>
> I was recently asked if I knew of any efforts to define a methodology for auditing a VoIP system, especially from a forensic point of view.
>
> For instance, I am aware of the OWASP project for testing web applications ( http://www.owasp.org/ ) which has created the "Testing Guide" that basically outlines a methodology for testing web applications:
>
> http://www.owasp.org/index.php/Category:OWASP_Testing_Project
>
> I don't know that this is necessarily the type of thing my questioner was looking for, but it is one approach out there.
>
> Is anyone aware of similar types of documents for VOIP systems? (I'm not.)
>
> If there aren't any out there, this does seem to me to be the type of document that an organization like VOIPSA could create. We'd just need someone to lead that effort. (And it couldn't be me because, well, I'm just a wee bit behind on launching the Best Practices project, eh?)
>
> Thanks in advance for any info,
> Dan
>
- --
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
- http://reboot-robot.net -
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHX/T9sYtTQpYCX9ARAk34AKCYzK+1z1jsQSZj5dar2hB7onZ1wQCgzGgA
W48D/1p/ENaA704kKRyHg4Y=
=QfDO
-----END PGP SIGNATURE-----
More information about the Voipsec
mailing list