VoIP Hopper is an automated tool that rapidly runs a VoIP network configuration validation test to help enterprises determine the vulnerability of their VoIP networks. The VoIP Hopper has been released as an open source tool, and can be downloaded from Source Forge.
Download the VoIP Hopper assessment tool at: http://voiphopper.sourceforge.net
The convergence of voice and data into a single network promises to reduce costs, improve quality and simplify management. But as voice exists on the network as yet another application, it poses new challenges to the enterprise and new potential security risks arise. In particular, in a converged VoIP deployment, where a single Ethernet cable provides both the phone service and the computer connection, significant risks arise. In particular, concerns arise around the ability to gain privileged access through publicly accessible phones, such as those found in lobbies, hotel rooms, and conference rooms.
Securing Voice VLANs
The new VoIP Hopper tool allows enterprise IT administrators to test their networks for a specific vulnerability that can occur when the Voice VLAN feature is enabled. With this feature enabled, a PC can be daisy chained to an IP Phone and the connection for both PC and Phone to be trunked through the same physical Ethernet cable. As a result, users can easily gain access to the data network using a VLAN hop from the data network to the voice (known as a VoIP hop). Once on the network, a malicious user could run several different types of attacks against the IP Phone network, including eavesdropping on unencrypted phone calls, or causing interruption of service against the IP Phone network. Worse still, the user could also access the data network, gaining access to mission critical, proprietary data and applications, such as customer data and email or financial applications.
The VoIP Hopper
To discover whether a network may be vulnerable to potential VoIP attacks, Vigilar has developed an assessment method called VoIP Hopping, and an automated assessment tool called the VoIP Hopper. Released as open source, the new VoIP Hopper tool helps IT administrators test their networks to determine if VoIP Hopping possible on their network. The VoIP Hopper enables administrators to quickly and easily test the protection controls of a Layer 2 network to see if a regular PC can mimic the behavior of an IP phone and thereby gain access to the IP Phone network.
Vigilar Professional Services offers a VoIP Assessment service to help organizations identify vulnerabilities in their VoIP infrastructure.