Certification for specific SIP elements and end-to-end solutions.
Velona Systems’ CERTIFICATION SECURED-SIP™ is a dedicated VoIP security program covering all forms of SIP based VoIP equipment such as IP PBXs, IMS networks, E-SBCs, Core Network side SBCs, IP Phones, softphones, SIP Application Servers, and Softswitches.
Certification can be carried out for a specific element individually, part of a solution, or for an entire solution.
The certification process covers all major area of SIP vulnerability, such as penetration testing, protocol fuzzing, as well as routing, load testing and soak testing. Thus specific elements of a vendor’s equipment portfolio or a series of inter-related elements of a vendor’s equipment portfolio, part or all of an Operators VOIP estate/FMC network, or an Enterprise customer’s VOIP estate may be certified.
SECURED-SIP™ Certification Stages
Velona perform initial full test run. Formal report of SIP vulnerability findings produced. Element, Solution or Network under test given initial score. Deep dive face-face session with customer.
Vendor has produced a new version of the Element, Solution or Network based on Stage 1 findings. Velona perform full test re-run. Element, Solution or Network under test given revised score.
Velona Certification granted once all vulnerabilities found in Stage 1 and Stage 2 get PASS status. Element, Solution or Network under test given FINAL score.
CALL +353 21 242 8400 TODAY
Call us today or email us at firstname.lastname@example.org to learn how we can secure your business against VoIP Fraud and other malicious attacks.
How We Do It
Certification is based around Velona’s VOIP security test engine, which has a suite of automated SIP penetration & stress test run-books which assess the robustness of any element on the Enterprise or Core side of a VoIP network.
Velona’s Certification Test Engine:
1. TEST FOR WEAKNESS
SIP Security verification checks for weaknesses that can result in TOLL FRAUD, T-DOS/T-DDOS ATTACKS.
2. TEST TO POINT OF FAILURE
SIP stress testing scalable to any size, which delivers SIP Load Testing, SIP Parser Stressing (aka SIP Torture Testing) and SIP load testing (UDP, TCP, TLS)
3. ADD IN ANALYTICS
Draws from Velona’s big data security analytics engine which provides analysis of SIP attack data from live Velona deployments as well as honeypots and builds up threat patterns which recognise Toll Fraud attempts and other SIP attacks.
The overall goal of certification is to ensure that the element or system being tested can stand up to the whole range of SIP tests that are applicable to their function e.g. can an SBC protect against a protocol fuzzing attack.
Scope of the Certification testing
The testing provided as part of each CERTIFICATION SECURED-SIP™ run covers:
- SIP Port Scanning
- Toll Fraud Testing
- Extension Discovery
- Password Attack
- Nuisance Calling
- Registration Hijacking
- IP Phone Reboot
- SIP Parser Stressing / protocol fuzzing
- SIP Load Testing (UDP, TCP, TLS)
Combinations of these test runs are dedicated to specific areas of attack. For example, Protocol Fuzzing when combined with Performance and Capacity tests quickly identifies how capable the Network Element undergoing Certification is at withstanding T-DoS/T-DDOS attacks. A similar approach is taken with other areas, such as, Toll Fraud.
Each test is backed by a comprehensive report that pinpoints areas of specific vulnerability, and suggest ways to harden the system under test, while assisting with compliance and improvement of SIP security awareness. Certification comes with a suite of basic and additional optional tests. For example, E-SBCs that do not support TLS would not be tested with TLS. Furthermore E-SBCs may support TLS but the manufacturer may still not want to have it certified as they believe that most customers will use UDP, and therefore have no present requirement.
Certification testing also includes isolating and leveraging any compromised element as a beachhead from which to launch subsequent tests on other systems in the end user’s network. This pivoting capability identifies how vulnerable your element is regarding the “ripple effect” of threats that can occur when a single end-user system is compromised, replicating the steps attackers actually follow in the real world scenario.
Why Certification Matters
In a time of ever-increasing security threats, the need for dedicated SIP security testing has never been greater. A vendor’s own focused experience in the field is an important component of the value to any end customer, but this may not be enough. Customers need something quantifiable and verifiable. Certification shows a deep commitment to the expertise a vendor claims to be providing in their solution.
Our Certification program gives you the freedom to focus on all aspects of your business, while being able to rely on a comprehensive independent evaluation of your Security product strategy and implementation.
The value of Velona’s SIP Security Certification
Velona’s Certification reports allow you to benchmark your Element’s security, and end-user awareness, while demonstrating ongoing security program improvements to your customers, your executive management, and compliance officers.
When you become certified through Velona you gain:
- Verifiable proof of the highest possible level of SIP Threat prevention for your element or
end-to-end solution set.
- Access to dedicated external SIP expertise & to an ever-expanding security knowledge base.
- Higher value and promotion potential.
Stages to successful certification
Certification is granted once the Test run completes with all Vulnerabilities demonstrably hardened. It is possible that an element can achieve Certification simply by meeting the successful exit criteria for the Stage 1 testing, e.g. no vulnerabilities found.
Stage 1 (Lab setup and test plan agreement, Test run, Reporting, Debrief and client support)
- Single element under test – 8 weeks
- End-End system * (multiple elements) under test – 12 weeks
Stage 2 (Lab setup, test plan agreement, Test run, Reporting, Debrief and client support)
- Single element under test – 4 weeks
- End-End system * (multiple elements) under test – 6 weeks
Certification Granted (end-to-end)
- Single element under test – 12 weeks
- End-End system * (multiple elements) under test – 18 weeks
Note 1: Stage 2 can be used as many times as required, either to check specific changes arising from vulnerabilities found in Stage 1, or to re-certify when issuing updates to a release already well into its market lifecycle, or for a new release with new Market leading functionality.
Note 2: Pricing of the Certification can be tailored to support one off projects or to allow vendors or Operators to avail of Certification runs as many times as required annually, to fit with your release cycle.
Note 3: It is entirely possible to achieve Certification at the end of Stage 1. Our pricing separates Stage 1 & Stage 2 to give both customer and supplier an incentive to find problems as early as possible in the test life cycle.
Note 4*: Timelines regarding certification of end-end systems are indicative only, and depends on the total number of elements.
The Advantages of Partnering With Velona
Our world-class certification is issued after each end-end test run, as we continuously update our Test capability to remain ahead of threats.
- Built by SIP experts to remove 99% of the knowledge complexity requirements of SIP/VoIP
- Acknowledges you do need SIP “pin holes” open to service your customers
- Checks if you are vulnerable to these “through the eye of the needle” type attacks
- Simply use our advanced VoIP security testing as required
- Reduce need for expensive test equipment
- Remove reliance on consultancy
- Continuously updated
- Optimum accessibility and scalability
- Rapid turnaround
- Always available