VAST: The Unified Communications Security Testing Suite

VAST is a free suite of Unified Communications security testing tools that can help find security weaknesses in a UC deployment.

VAST is a Linux distribution built on Ubuntu that offers a suit of UC security testing tools for penetration testers and security auditors. This article highlights a couple of the most useful tools, UCSniff and VideoJak both of which will become a welcome addition to your testing arsenal.

Quick question for you. What is the difference between a criminal and an auditor/pentester? Answer: PERMISSION! For the love of fuzzy bunnies everywhere, please get permission (preferably in writing) before using any of the tools mentioned here in a non-lab environment. I will not write you when you are in prison or lose your job. Enough said, lets dive into the fun stuff.

VoIP security assessments have become much easier with the release of VAST 2.77 from Viper Labs (the research division of Sipera). VAST stands for Viper Assessment Security Tools and is a collections of some of the best Unified Communications security test tools around. It is prepackaged for download as a live dvd and VMWare image. UCSniff, Videojak, and Videosnarf were developed by the Viper lab folks and are part of the distribution as well as metasploit, nmap, and other mainstream penetration testing tools. The current release of VAST even has the application Artemisa which is a SIP honeypot designed to look and smell like a SIP endpoint on the network, providing early warnings of attack attempts that may be targeting an organization. 

One of the most useful tools in the VAST distribution for testing Unified Communications security is UCSniff.  UCSniff includes a wide array of features that can be used to test voice vlan segmentation, foundational network security features, and whether or not phones are susceptible to eavesdropping. UCSniff will spoof a Cisco or Avaya IP phone and can automatically connect to the voice vlan if the switch is not configured to prevent unauthenticated devices through 802.1x. Once on the Voice VLAN, UCSniff will attempt to learn about other phones and their extensions, allowing the auditor to target specific phones for eavesdropping of voice, video, and dialed digits.  This tool could not be simpler to use and provides strong evidence of weak security controls protecting the voice endpoints. 

UCSiff recording phone conversations

UCSniff Capturing dialed digits

UCSniff Capturing a video call.. Hi Jason! (one of the authors of UCSniff!)

The ability to eavesdrop on Video calls is starting to become more of a concern for organization as they are actively looking for ways to reduce travel budgets through videoconferencing and telepresence. IP video cameras are rapidly replacing analog cameras for physical security as well. These technologies can be vulnerable if controls are not put in place to protect the video stream from interception. VideoJak is another tool found on VAST, which will capture live video streams and allow an auditor to alter the stream on the fly. This tool shows how someone with access to the video data path could manipulate what a security guard views on his or her screen. Remember, unified communications isn't just about voice. Video is an essential part of unified communications that should be secured as well.

VideoJack can intercept and manipulate video images

These two applications are a small sampling of how VAST can help you with auditing your Unified Communications environment. Head over to the sourceforge project and take it for a spin. I bet you will find it very useful!

http://vipervast.sourceforge.net/

• Security
• VoIP / Convergence
• auditing
• hacking
• uc security
• ucsniff
• unified communications security
• vast
• videojak