Penetration Testing mailing list archives

Re: Conducting Risk Assessment for VOIP and Thin Client

From: "Rodrigo Blanco" <rodrigo.blanco.r () gmail com>
Date: Sun, 25 Jun 2006 11:02:52 -0600

Hello Chris,

I would not forget the non-technological aspects of the risk
assessment: misuse or excessive use of resources by both authorized
and external people. Also, VoIP policy violations, AAA
misconfigurations...

From a technical standpoint, I would say NIST is a good reference.

Also, you can also find two interesting whitepapers by CheckPoint and
Cisco on VoIP security that can provide you with more
technlology-oriented risk sources:

http://whitepapers.techrepublic.com.com/abstract.aspx?promo=50002&docid=160088

http://whitepapers.techrepublic.com.com/whitepaper.aspx?&docid=153992&promo=100511

Best regards,
Rodrigo.

On 21/06/06, Chris Hammer <CHammer () fcbnm com> wrote:

 Good morning,

 I have been tasked with conducting a Risk Assessment / Vulnerability
Assessment on a  VOIP and Thin Client environment. Does anyone have a
good template to start with, as well as ideas as to where to start? I am
familiar with both of these technologies and understand how they work
but I by no means an expert on them. Any help would be appreciated!

Cheers!
Chris

The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this
email by anyone else is unauthorized. If you are not the intended
recipient, any disclosure, copying, distribution or any


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?Why not go with the #1 solution - Cenzic, the only one to win the Analyst'sChoice Award from eWeek. As attacks through web applications continue to rise,you need to proactively protect your applications from hackers. Cenzic has themost comprehensive solutions to meet your application security penetrationtesting and vulnerability management needs. You have an option to go with amanaged service (Cenzic ClickToSecure) or an enterprise software(Cenzic Hailstorm). Download FREE whitepaper on how a managed service canhelp you: http://www.cenzic.com/news_events/wpappsec.phpAnd, now for a limited time we can do a FREE audit for you to confirm yourresults from other product. Contact us at request () cenzic com for details.

------------------------------------------------------------------------------

Current thread:

Conducting Risk Assessment for VOIP and Thin Client Chris Hammer (Jun 21)
- Re: Conducting Risk Assessment for VOIP and Thin Client Paul Robertson (Jun 21)
  - Re: Conducting Risk Assessment for VOIP and Thin Client Ivan Arce (Jun 21)
- RE: Conducting Risk Assessment for VOIP and Thin Client Tonie Deen (Jun 21)
- Re: Conducting Risk Assessment for VOIP and Thin Client Rodrigo Blanco (Jun 25)
- <Possible follow-ups>
- Re: Conducting Risk Assessment for VOIP and Thin Client Jezebel Ali (Jun 23)