A Deeper Look into VoIP Hacking
You may feel confident in your network security because you do a good job of protecting the enterprise from various attacks and other online-intrusion techniques. But are you equally vigilant when it comes to threats presented by a simple phone call?
Yes, that’s right. Clever criminals will now use a voice call to launch a data attack on your network. How? Through sophisticated techniques for VoIP hacking, using VoIP traffic as the conduit for network attacks that are difficult to detect and stop. Here are just two examples:
- TDoS (Telephony DoS): A hacker can easily launch a denial of service (TDoS) attack against your voice network by leveraging IP network-based call signaling protocols like SIP. Manipulating caller-ID within the signaling stream and other techniques allows attackers to quickly generate huge volumes of calls, which can rapidly overwhelm traditional trunk lines, as well as IP-PBXs and other VoIP-related infrastructure.
Fortunately, there’s a solution. You need to create an effective defense against TDoS attacks that originates in a voice service. This requires security hardware that can perform deep inspection of the signaling-packet content before it reaches your voice infrastructure. Additionally, MegaPath’s managed IPS services also support real-time, anomaly-based detection for recognizing zero-day threats and other inappropriate voice/data traffic behavior.
- Telephony Malware: Attackers can embed code for malware such as viruses, worms, and spyware, leveraging Web based services on IP PBXs or phones and into the Session Initiation Protocol (SIP) signaling packets themselves. The goal? Attacking an IP phone, an IP PBX to commit toll fraud or monitor sensitive communications or even capture keystrokes containing IVR access codes, PINs and passwords.
Again, it’s possible to use a security device at your site to identify and block malware. But this choice requires an ongoing investment in IT security staff to monitor device reports and keep up-to-date with the latest security threats. Of course, that’s in addition to the cost of buying, managing and upgrading more devices for your network.
Does the idea of handling VoIP security and issues like voice phishing (vishing) and voice spam seem a little overwhelming? If so, you’ll understand why many SMBs look for a hosted service when they are ready to migrate to VoIP from an older key system, PBX or Centrex service. When you’re ready for migration to IP telephony, you’ll want to proceed with caution. Different providers have different capabilities for managing VoIP security, so you’ll want to ask about VoIP hacking threats and what equipment, staffing, and other resources the provider uses to mitigate them.
Question of the week: What aspects of voice security are of most concern to you?