|Figure 6. Nessus SIP Checks
Click to see full size image
Nessus (left) is a general-purpose vulnerability scanner that can be used for node discovery, configuration auditing, asset profiling, and application vulnerability checks. Although Nessus 3 is a commercial product, Nessus 2 is still available as open-source for many platforms. Nessus can also be augmented with freely-available plug-ins (e.g., eStara SoftPhone detection, Asterisk vulnerability detection).
SiVuS (right) is a publicly available SIP-specific vulnerability scanner. It can discover and then probe SIP-capable components, analyzing message headers to determine whether targets are vulnerable to buffer overflows or Denial of Service (DoS) attacks.
SiVuS also looks for authentication vulnerabilities in SIP signaling messages and determines whether secure protocols like SIPS can be used. This example run found numerous unpatched vulnerabilities (one high severity; many low severity) in a Cisco VoIP phone. Note that each vulnerability is accompanied by a description and recommendation. SiVuS can also generate reports that document scan results (see figure).
VoIPauditLite (left) is a freely-available subset of the commercial VoIP network scanning appliance sold by VoIPShield. Lite operates as a virtual appliance under VMware, running a fixed set of checks pulled from VoIPShield's database of Avaya, Cisco, Microsoft, and Nortel vulnerabilities. VoIPauditLite can discover, periodically scan, and report on "VoIP Assets." Note, however, that Lite's vulnerability database will grow stale unless you subscribe to VoIPShield's Update service.
This article was first published on VoIPPlanet.com.