IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Unified Communications: Click to talk > Test and Verify OCS Security with OAT

>>VIEW ALL POSTS

Unified Communications: Click to talk

Apr 3 2009 12:57PM GMT

Test and Verify OCS Security with OAT

Posted by: Tony Bradley

OAT, VIPER Lab, Sipera Systems, OCS Assessment Tool, Office Communications Server, unified communications security, VoIP security

At Voicecon 2009 in Orlando this week Sipera Systems announced a new free tool for assessing unified communications and VoIP security. The OCS Assessment Tool, dubbed OAT, is available as a free download from Sourceforge.

According to the OAT download site, Sipera’s “VIPER Lab created OAT because OCS and other Microsoft products are frequently being used as part of a unified communications infrastructure in many enterprises. Our mission is to help IT manager and security practitioners evaluate the security architecture of their deployments and ensure that their mission-critical communications and systems are protected.”

OAT starts off with a dictionary attack against a known user. Once the password is determined, OAT can run a variety of UC / VoIP attacks against the OCS environment. OAT can be run internally, as if an authorized user is performing malicious or unauthorized activities, or as an external attack against OCS. OAT can perform the following functions:

Online Dictionary Attack
Presence Stealing
Contact List Stealing
Single User Flood Mode (Internal)
Domain Flood Mode (Internal)
Call Walk (Internal/External)
Play Spam Audio
Detailed Report Generation

Follow me on Twitter

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Ask an IT Question

About the Blogger

Tony Bradley

Tony Bradley is Founder and President of S3KUR3, Inc., providing expertise and written content on a variety of technology subjects, but specifically focused on information security and Microsoft Unified Communications. Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He maintains his own information security blog, Essential Computer Security (www.tonybradley.com), and has also written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCTS (Microsoft Certified Technology Specialist) in SharePoint and Office Communications Server. Tony is a 4-time recipient of the prestigious Microsoft MVP (Most Valuable Professional) award for Enterprise Security. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

Blog Roll

Help

Subscribe to Alerts

RSS feed of Unified Communications: Click to talk

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map