Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Similar documents
Business Phone Security. Threats to VoIP and What to do about Them

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Recommended IP Telephony Architecture

Security and Risk Analysis of VoIP Networks

Seamless ICT Infrastructure Security.

Best Practices for Securing IP Telephony

Voice over IP Security

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Voice Over IP and Firewalls

Deploying Firewalls Throughout Your Organization

COSC 472 Network Security

VOIP SECURITY ISSUES AND RECOMMENDATIONS

Chap. 1: Introduction

Ingate Firewall/SIParator SIP Security for the Enterprise

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

PART D NETWORK SERVICES

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Next Gen Firewall and UTM Buyers Guide

VoIP Security Challenges: 25 Ways to Secure your VoIP Network from Versign Security, Dec 01, 2006

An outline of the security threats that face SIP based VoIP and other real-time applications

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

VOIP THE ULTIMATE GUIDE VERSION /23/2014 onevoiceinc.com

Mitigating the Security Risks of Unified Communications

HOW WE DELIVER A SECURE & ROBUST HOSTED TELEPHONY SOLUTION

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

Solution Brief. Secure and Assured Networking for Financial Services

Top tips for improved network security

SIP Trunking Configuration with

Chapter 7 Information System Security and Control

A Reality Check on Security in VoIP

Security Services. 30 years of experience in IT business

Chapter 6: Fundamental Cloud Security

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Threat Mitigation for VoIP

CMPT 471 Networking II

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

Session Border Controllers in Enterprise

Industrial Firewalls Endpoint Security

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Network protection and UTM Buyers Guide

The Cisco ASA 5500 as a Superior Firewall Solution

Security - A Holistic Approach to SMBs

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

2010 White Paper Series. Top Ten Security Issues Voice over IP (VoIP)

Network Security - ISA 656 Review

VoIP: The Evolving Solution and the Evolving Threat. Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

Security Issues In Cloud Computing and Countermeasures

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

Securing Unified Communications for Healthcare

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Basic Vulnerability Issues for SIP Security

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Villains and Voice Over IP

Basics of Internet Security


Web Application Security 101

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

External Supplier Control Requirements

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Security Awareness. Wireless Network Security

NETWORK SECURITY ASPECTS & VULNERABILITIES

Securing SIP Trunks APPLICATION NOTE.

Advantages of Managed Security Services

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Security Issues with Integrated Smart Buildings

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Vulnerabilities in SOHO VoIP Gateways

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Virus Protection Across The Enterprise

Data Security Incident Response Plan. [Insert Organization Name]

Content Teaching Academy at James Madison University

VOICE OVER IP SECURITY

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

E-Business, E-Commerce

White Paper: Ensuring HIPAA Compliance by Implementing the Right Security Strategy

Section 12 MUST BE COMPLETED BY: 4/22

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

Firewalls, Tunnels, and Network Intrusion Detection

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure


Top five strategies for combating modern threats Is anti-virus dead?

Voice over Internet Protocol. Kristie Prinz. The Prinz Law Office

In-House Vs. Hosted Security. 10 Reasons Why Your is More Secure in a Hosted Environment

5 Common Hosted VoIP Myths Debunked

Cyber Security: Beginners Guide to Firewalls

Transcription:

Achieving Truly Secure Cloud Communications How to navigate evolving security threats

Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical. Organizations must fully understand the different types of threats in order to combat them effectively. Common VoIP Security Threats: Call Fraud Eavesdropping Phreaking Malware and Viruses Denial of Service Attacks Call Hijacking

VoIP Call Fraud Call fraud involves tapping into a VoIP line and commandeering it to make unauthorized calls. The two main types are eavesdropping and phreaking. Eavesdropping Eavesdropping on VoIP calls is a tool used in identity theft, VoIP service threat (also called VoIP fraud), and corporate sabotage. Hackers tap into VoIP phone calls, listening to steal employee names, passwords, phone numbers, and other information that can give them access to voice mail, billing information, and other sensitive business or customer information. Phreaking In contrast to eavesdropping, phreaking is when hackers gain illegitimate access to a business s VoIP service provider information, stealing account numbers, access codes, and other proprietary information. They use this to either add unauthorized phone lines, or make calls on existing VoIP lines. Both result in excessive charges that are most often discovered when businesses receive an unpleasant provider bill.

Malware, Worms, and Viruses Cloud communication services utilize software and soft phones and as a result, are vulnerable to attack by malware, malicious software worms, and other computer network viruses. These viruses often take a computer system hostage and allow hackers to send spam or other types of malicious data. Some worms can specifically target information, destroying it without the possibility of recovery. They can also trace key strokes or data entry, allowing remote access of a business s computer or phone system. Hackers can then copy sensitive files and obtain credit card information. This is especially worrisome for businesses who handle customers financial data such as credit cards or account numbers. Denial of Service Attack Denial of Service (DoS) attacks occur when a network or server is flooded with information, consuming all available bandwidth and preventing incoming and outgoing VoIP calls. When a system is hijacked by a DoS attack, hackers can gain remote control of administrative servers to steal sensitive business or customer information and abuse VoIP services, making expensive phone calls on a business s service account.

VoIP Tampering and Call Hijacking With VoIP call tampering, noise packets are sent over the network to interrupt the communication stream, causing poor call quality, dropped calls, and delays in voice signal. VoIP call signals are vulnerable and can be intercepted by a malicious third party who changes the encryption key of the call s digital signature. This change tricks VoIP servers into thinking that the two original parties are still in communication and gives the hacker the opportunity to cause serious communication problems.

VoIP Security Measures Encryption Most cloud communication solution providers give customers guidelines for encryption and authentication protocols, and many offer encryption as an additional service. While all businesses should work to ensure ultimate customer protection, several specific industries must take extra measures. Retailers and other businesses that deal with sensitive customer data, as well as financial services firms and similarly regulated organizations, must ensure that all network data is encrypted, or else face serious penalties and consequences. Encrypted sensitive data that flows over an end-to-end VPN or MPLS network secure. Authentication Protocols VoIP authentication protocols vary based on the type of data being transported. They range from a typical password authentication procedure, to a complex three-way authentication process that protects servers and business VoIP from malicious attacks. Password Authentication, also called the two-way handshake, sends a password across an Internet, VPN or MPLS network link. It tells the server the user name and password entered by the end user. Users gain access and the ability to place VoIP phone calls only when the password entered matches the one on file with the server. If the password does not match, the server rejects the request and denies VoIP access. Password Authentication is highly vulnerable to attack and can be easily exploited. Many times the user name and password are not sufficiently disguised or encrypted before they are sent across the link. This risk is reduced significantly by utilizing a VPN or a secure MPLS network rather than the open Internet.

Challenge, Handshake Authentication Protocol (CHAP) When the calling client (computer or soft phone that sends data and initializes a VoIP call) links with the authenticator application located in the VoIP server, the authenticator uses a three-step process to determine legitimacy. Also called a three-way handshake, this protocol grants or denies access. Step 1. Challenge The authenticating server creates a simple text message or data packet and sends it back to the calling client. Step 2. Response The calling client sends a password or code that is known to the authenticator. It encrypts the message sent during the challenge phase and then sends it back to the server authenticator. Step 3. Success or Failure The server authenticator encrypts the challenge text to see if the results match the calling client message. If the calling client has the correct password (or encryption key), the authenticator sends a success message and grants access. An NCP link can then be established and the server can host VoIP phone calls. If the encrypted messages do not match, a failure message is sent, and access is denied to prevent VoIP calls from being made. While there are other ways of implementing CHAP, this is one of the most effective and commonly used methods.

Anti-Virus Software VoIP softphones are a part of office computer systems. As a result, it is critical to protect them from viruses and other dangerous third-party programs. These viruses often enter an organization s VoIP system through email and then attack existing security protocols to interrupt or suspend VoIP network services entirely. Installation and maintenance of anti-virus and anti-malware software programs like firewalls are critical first steps in protecting VoIP hardware from third-party attack. Often, VoIP vendors or network providers offer anti-virus software, also known as unified threat management software, as part of their service offering. Be sure to check with your provider for available options.

Deep Packet Inspection Deep Packet Inspection (DPI) locates, identifies, and classifies data packets through packet filtering. It can reroute, or even block, incoming packets with unidentified code or forbidden data, deterring unauthorized use of your wide area, local area, or VoIP network. DPI protocols monitor all incoming media and signaling streams, as well as all outgoing media streams, for altered or inserted data packets and then flags them for review. VoIP service providers maintain protocols that classify flagged data packets with priority ratings from high to low. This allows them to route data accordingly. High priority flags can be rerouted or completely blocked by the client caller. VoIP providers also use DPI to improve network performance and stopping peer-to-peer abuse that may result from VoIP fraud.

Session Border Controllers (SBC) Session border controllers are devices used in VoIP networks to control media streams and protocol signals. Functionally, they start, conduct, and stop VoIP voice calls. SBCs adhere to quality of service protocols (QoS) and ensure the safety and best possible voice quality of all VoIP calls. Stringent Authorization Policies In addition to these practices, businesses can secure VoIP lines by performing audits and creating call restrictions. By auditing administrative accounts and employee user sessions, organizations can keep track of VoIP activity and monitor accordingly. They can ensure that none of the lines are being tapped or accessed by unauthorized entities for malicious purposes. Restrict VoIP Calls to Prevent Abuse Businesses should also secure the configuration of VoIP apps by creating white lists of approved country codes for employee usage. This type of list prevents toll fraud and the occurrence of other types of unauthorized activity. Network administrators should configure VoIP settings to establish call restrictions with only approved country codes in order to keep VoIP services and networks as secure as possible

Utilizing VoIP security tools and current control protocols is the best defense against network attack. These measures ensure the continuity of a business s Internet-based telecommunications and protect sensitive, proprietary information from abuse. Partnering with the right provider enhances an organization s ability to counteract these evolving network threats. To learn more about NetFortris Cloud Communications solutions, please visit our website. www.netfortris.com/cloud-communications

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information