Penetration Testing mailing list archives
Re: Conducting Risk Assessment for VOIP and Thin Client
From: "Rodrigo Blanco" <rodrigo.blanco.r () gmail com>
Date: Sun, 25 Jun 2006 11:02:52 -0600
Hello Chris, I would not forget the non-technological aspects of the risk assessment: misuse or excessive use of resources by both authorized and external people. Also, VoIP policy violations, AAA misconfigurations...
From a technical standpoint, I would say NIST is a good reference.
Also, you can also find two interesting whitepapers by CheckPoint and Cisco on VoIP security that can provide you with more technlology-oriented risk sources: http://whitepapers.techrepublic.com.com/abstract.aspx?promo=50002&docid=160088 http://whitepapers.techrepublic.com.com/whitepaper.aspx?&docid=153992&promo=100511 Best regards, Rodrigo. On 21/06/06, Chris Hammer <CHammer () fcbnm com> wrote:
Good morning, I have been tasked with conducting a Risk Assessment / Vulnerability Assessment on a VOIP and Thin Client environment. Does anyone have a good template to start with, as well as ideas as to where to start? I am familiar with both of these technologies and understand how they work but I by no means an expert on them. Any help would be appreciated! Cheers! Chris The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Conducting Risk Assessment for VOIP and Thin Client Chris Hammer (Jun 21)
- Re: Conducting Risk Assessment for VOIP and Thin Client Paul Robertson (Jun 21)
- Re: Conducting Risk Assessment for VOIP and Thin Client Ivan Arce (Jun 21)
- RE: Conducting Risk Assessment for VOIP and Thin Client Tonie Deen (Jun 21)
- Re: Conducting Risk Assessment for VOIP and Thin Client Rodrigo Blanco (Jun 25)
- <Possible follow-ups>
- Re: Conducting Risk Assessment for VOIP and Thin Client Jezebel Ali (Jun 23)
- Re: Conducting Risk Assessment for VOIP and Thin Client Paul Robertson (Jun 21)