Based on SIP implement VoIP system security testing mechanism

• Main Authors: Zuo-Ren Liou, 劉作仁
• Other Authors: Tung-Ming Koo
• Format: Others
• Language: zh-TW
• Published: 2008
• Online Access: http://ndltd.ncl.edu.tw/handle/95115533506235475132

碩士 === 雲林科技大學 === 資訊管理系碩士班 === 96 === In recent years, with advances in IT, modern people living in the use of IT in increasing the proportion, together with the information technology brought about by the convenience, its products and services related to modern life has gradually become an integral part of the life. At the same time, due to the vigorous development of the Internet, in addition to the phone, cellular phone, fax and other means of communication, the other communication tools which developed on the Internet, such as: e-mail, instant messaging and VoIP (Voice over IP, VoIP) and so on, also bring modern people more options to choosing communication medium. Many of the emerging information technology like a double-sided blade, in the community only see that these are often only brought about by information technology facilities of the Department, hardly realize that they hide behind a lot of unknown crisis. For instance, SIP, the most use of the VoIP, is a protocol that designed based on the Internet; it inherited the current available on the Internet vulnerability. In order to solve the information security issue, the more and more vulnerability scanner to be born. The report produced by vulnerability scanner for lack of experience of system managers can only inform the current system has vulnerabilities which might be used, and no way to find the correlation between each vulnerabilities. Therefore, this study uses penetration test and attack tree designing a mechanism to inspect VoIP system security. Managers who are lack of experience forward to helping the system administrator to find out within the organization by the operation of the VoIP system in the existence of leaks, and provide the solution to the leaks.