VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======



Similar documents
TELECOM FRAUD CALL SCENARIOS

VOIP THEFT OF SERVICE: PROTECTING YOUR NETWORK ======

International Dialing and Roaming: Preventing Fraud and Revenue Leakage

INTRODUCTION TO VOIP FRAUD

White Paper. avaya.com 1. Table of Contents. Starting Points

How To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A

Securing SIP Trunks APPLICATION NOTE.

Safeguarding Networks Against Fraud. Connections 2014

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

HOW WE DELIVER A SECURE & ROBUST HOSTED TELEPHONY SOLUTION

WHAT THE FRAUD? A Look at Telecommunications Fraud and Its Impacts

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

PBX Fraud Educational Information for PBX Customers

nexvortex SIP Trunking Implementation & Planning Guide V1.5

The #1 Issue on VoIP, Fraud!

Concept Note. powering the ROC. PBX Hacking.

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

PBX Security in the VoIP environment

VOIP THE ULTIMATE GUIDE VERSION /23/2014 onevoiceinc.com

Recommended IP Telephony Architecture

Founded in 2003, Worldwebnet Telecom is a fast growing Canadian owned and operated carrier that specializes in providing voice services to the

DHCP Option 66 Auto Provisioning Guide

SIP SECURITY JULY 2014

CTS2134 Introduction to Networking. Module Network Security

How To Choose A Hosted Voice Over Ip (Voip) Solution

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Broadvox SIP Trunking. Frequently Asked Questions (FAQs)

Grandstream Networks, Inc. UCM6100 Security Manual

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

Hosted PBX Platform-asa-Service. Offering

Security & Reliability in VoIP Solution

NICC ND 1438 V1.1.1 ( )

PENTEST. Pentest Services. VoIP & Web.

Mitigating the Security Risks of Unified Communications

Recommendations for Provisioning Security

Avaya G700 Media Gateway Security - Issue 1.0

FOR COMPANIES THAT WANT TO EXPAND AND IMPROVE THEIR TELEPHONE SYSTEM

Session Border Controllers in Enterprise

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

VoIP: The Evolving Solution and the Evolving Threat. Copyright 2004 Internet Security Systems, Inc. All rights reserved worldwide

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Business Telephony Security

Security Features and Considerations

Ingate Firewall/SIParator SIP Security for the Enterprise

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

ATA: An Analogue Telephone Adapter is used to connect a standard telephone to a high-speed modem to facilitate VoIP and/or calls over the Internet.

VoIP Solutions Guide Everything You Need to Know

CREATE A CUSTOMER... 2 SIP TRUNK ACCOUNTS...

Intelligent SIP trunking for experts. Service guide

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

VoIP Security. Customer Best Practices Guide. August IntelePeer

Oracle s Unified Communications Infrastructure Solution. Delivering Secure, Reliable, and Scalable Unified Communications Services

VOIP Security Essentials. Jeff Waldron

Key Elements of a Successful SIP Device Provisioning System

Network Security: Introduction

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

SIP Trunking to Microsoft Lync (Skype for Business) Server

Avaya TM G700 Media Gateway Security. White Paper

An outline of the security threats that face SIP based VoIP and other real-time applications

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

nexvortex Setup Guide

FIGHTING FRAUD ON 4G. Neutralising threats in the LTE ecosystem

Selecting the Right SIP Phone for Your IP PBX By Gary Audin May 5, 2014

IP PBX SH-500N

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

HOW IT WORKS: THE GOVERNMENT EMERGENCY TELECOMMUNICATIONS SERVICE Introduction

FFIEC CONSUMER GUIDANCE

Cisco Introduces Broad Support for SIP across Packet Voice Products

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

VoIP Resilience and Security Jim Credland

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

Brochure. Dialogic BorderNet Session Border Controller Solutions

VoIP Security regarding the Open Source Software Asterisk

BROADSOFT PARTNER CONFIGURATION GUIDE VEGASTREAM VEGA 100

Grandstream Networks, Inc.

Configuration in TeliCore

Remote Access Security

Device Provisioning in Cable Environments

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Beyond passwords: Protect the mobile enterprise with smarter security solutions

SIP and VoIP 1 / 44. SIP and VoIP

THINKTEL COMMUNICATIONS 3CX PHONE SYSTEM V.11. 3CX Phone System THINKTEL SIP TRUNK from scratch

VoIP Security Methodology and Results. NGS Software Ltd

A Guide to Connecting to FreePBX

VoIP / SIP Planning and Disclosure

Transcription:

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

Table of Contents Introduction to VoIP Security... 2 Meet Our Expert - Momentum Telecom... 2 BroadWorks... 2 VoIP Vulnerabilities... 3 Call Fraud... 3 PBX Hacking... 3 Phishing... 3 Eavesdropping... 3 Best Practices... 3 Enforce SIP Authentication... 3 Device Provisioning... 4 Voice Portal... 4 Perform a Regular Security Audit... 4 Utilize Fraud Detection Software... 4 Summary... 5 About TransNexus... 6 About Momentum Telecom... 6 About BroadSoft... 6 [1]

Introduction to VoIP Security VoIP (Voice over IP) services have been widely adopted by businesses of all sizes. As with any popular technology, VoIP is getting attention from people with the wrong intentions. As VoIP becomes a more and more common enterprise solution, it becomes more lucrative for people to exploit. As VoIP has become more accessible and popular, security threats have become a serious problem for service providers. A single fraud event can easily cost a company between three and fifty thousand dollars. In many cases, this number can be even larger. Most experts agree that total loss from VoIP fraud is somewhere between 3 and 10 percent of income. This translates to a total global losses of somewhere between 30 and 50 billion dollars per year. This is a problem that is only increasing. According to a report from the CFCA, phone fraud is growing at a rate of 29% per year. As the popularity of VoIP continues to grow, the problem of VoIP fraud will become an increasing threat to the industry. Meet Our Expert - Momentum Telecom At TransNexus, we want to help our customers prepare their best defense against the VoIP security threats. For help, we turned to an expert in enterprise communications security, Anthony Orlando, VP of Operations and Engineering at Momentum Telecom. Anthony is responsible for Momentum s core telecommunications network, research and development, and the Network Operating Center (NOC). Anthony is widely recognized as a VoIP pioneer. In his own words, he has lived, breathed and slept Voice over IP for more than 12 years as one of the original technical experts in the field. BroadWorks Momentum Telecom uses BroadSoft s BroadWorks application server, the most widely deployed application server for SIP services. The security best practices described in this paper are based on a BroadWorks operation, but may apply equally well to any VoIP network. The BroadWorks communications application server enables service providers to offer a comprehensive portfolio of business and consumer communications applications and value added applications from a common network platform. BroadWorks delivers communication solutions that integrate video, fax, voice and email communications for businesses and consumers worldwide whether through IP PBX/Centrex, Mobile PBX, Business Line, Trunking and consumer solutions. [2]

VoIP Vulnerabilities VoIP is based on IP transport so it is vulnerable to all threats related to IP. However, there are certain specific threats the VoIP networks that we should be aware of. Here is a brief overview. For more information on these threats, download the Introduction to VoIP Fraud white paper available on the TransNexus website. Call Fraud By taking advantage of VoIP vulnerability fraudsters can send calls pretending to be someone else and can route long distance, international and premium rate calls. This can cause major financial loss in very short time. Fraud is a common problem across all industries, but it has become a major issue for VoIP users and providers. PBX Hacking Fraudsters who can exploit the vulnerabilities of the IP Private Branch Exchange (PBX) are able to generate a significant amount of traffic. PBX hacking is the common technique used to perpetrate the Domestic and International Revenue Share Fraud and Call Transfer Fraud as well as a number of other schemes. Phishing Phishing is very common in email world. Phishers use social engineering to get consumers identities or account credentials. In the VoIP world where phishers can spoof calling party identity, these attempts become more effective. Also, the nature of VoIP makes it more difficult to track and catch such callers. Eavesdropping Eavesdropping This is a common way for someone to steal credentials, identities and proprietary information. By eavesdropping on VoIP calls hackers can steal phone numbers and account pin numbers allowing them to get control of users accounts. Best Practices Fortunately, with proper planning and foresight, network managers can integrate VoIP capabilities into an enterprise network without compromising security, performance, or manageability. Not only can enterprises take concrete measures to secure enterprise applications from VoIP network operations and vice-versa they can do so while supporting high-quality voice communications. Enforce SIP Authentication The first step in securing your VoIP network is to enforce SIP Authentication for all VoIP endpoint devices. Authentication should occur at registration, call initiation, and service subscription. For secure password verification, use the HTTP digest method. [3]

SIP Authentication should require a device to have the following three pieces of information in order to validate a request: Valid SIP URI Authentication Username 20 character pseudo-random password Device Provisioning Properly provisioning each of your SIP devices is a vital initial step in protecting your network. To securely provision your VoIP devices, complete the following checklist. Eliminate insecure file transfer protocols (TFTP, FTP) Minimize the impact of necessary TFTP access by limiting network access to trusted parties Disable administrative interfaces on all endpoints Change passwords on all endpoint devices Change default password of the day seeds for emtas (embedded Multimedia Term Adapter) Disable ssh and http interfaces on emtas Finally, implement an access list to prevent unauthorized SIP requests to the emta. This should prevent a denial of service attack on the emta. Voice Portal It seems simple, but ensuring that your network passwords can be one of the best ways to avoid security threats. We recommend increasing your networks password strength requirements, and well as improving your default password strength. For maximum protection, voice portal passwords should not be sequential or repeated numbers, or your own extension. To limit the impact of any compromised passwords, we recommend disabling voice portal dialing. Perform a Regular Security Audit Consider performing a regular security audit on your network to ensure that it is properly configured. STEP 1: Check for weak passwords across the network. Pay special attention to the voice portal passwords, web and application access passwords, and SIP authentication passwords. STEP 2: Check for international forwarding. STEP 3: Check for accounts without Authentication Utilize Fraud Detection Software Taking steps to ensure your network is securely configured is not a 100% guarantee against VoIP security threats. You should be proactive in managing fraud threats by integrating a fraud detection toll to [4]

analyze your ongoing call traffic. The best tools will analyze your Call Detail Records (CDRs) in near real time (processing CDRs at least every 5 minutes). In addition, the tool should allow you to customize fraud detection thresholds such as international dialing for users and groups based on legitimate calling patterns. TransNexus has developed a number of solutions to detect and prevent fraud in VoIP networks. The most popular is SDReporter. SDReporter monitors VoIP networks for unusual spikes in call traffic to a specific destination. When a suspicious spike occurs, it sends automated Email and SNMP alerts. TransNexus solutions analyze CDRs or RADIUS records, and can identify fraud by IP address, or by group or user id. TransNexus has partnered with top industry leaders like Acme Packet and BroadSoft to ensure that the solutions operate smoothly with any network. Summary Fraudulent activity across VoIP networks is increasing, and will continue to be a major problem for service providers in the coming years. However, with proper planning and maintenance, as well as the proper monitoring tools, this threat can be successfully managed [5]

About TransNexus TransNexus is a software development company specializing in applications for managing wholesale VoIP networks. TransNexus provides its Operations and Billing Support System (OSS/BSS) software platform to major VoIP carriers worldwide. Important carrier features offered by TransNexus are least cost routing, number portability, fraud detection, profitability analysis and QoS controls. For more information, online demonstrations, and free downloads, please visit www.transnexus.com. About Momentum Telecom Momentum is a leading cloud PBX provider that offers smart, personalized business communications solutions to direct subscribers and more than 350 independent cable operators, municipalities, value added resellers and managed services providers nationwide. As the industry s most reliable provider, Momentum leverages a geo- redundant network to deliver carrier-grade services, superior voice quality and 100% uptime. Momentum offers an expansive product line that includes hosted VoIP, SIP trunking, collaboration tools and unified communications services. Learn more at www.gomomentum.com. About BroadSoft BroadSoft is the leading provider of software and services that enable mobile, fixed-line and cable service providers to offer Unified Communications over their Internet Protocol network. The Company's core communications platform enables the delivery of a range of enterprise and consumer calling, messaging and collaboration communication services, including private branch exchanges, video calling, text messaging and converged mobile and fixed-line services. Learn more at www.broadsoft.com. [6]

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information