Category

SIP and Asterisk Security: Combating fraud, Artificially Inflated Traffic, Brute Force Attacks …

Introduction to VoIP Security. Managing Risk of Telecom Fraud, Brute Force Attacks and Call Interception

By | SIP and Asterisk Security: Combating fraud, Artificially Inflated Traffic, Brute Force Attacks ... | No Comments

There are many aspects to phone system security which apply to both traditional and internet based telephony. Voice over IP (VoIP) systems bring additional threats, but offer some mitigations.In this article we look at VoIP Security in particular exploring some of the threats and how they can be managed. We will review some known exploits and offering some advice to mitigate and manage the risks.

As a business owner or decision maker it makes sense to concentrate on adding value to your business. There is a strong case for using a hosted managed phone service to mitigate your legitimate security concerns.

[[voxbit.net/orders|Look at Voxbit products]]

Comparing threats: On Premise  v. VoIP Security

Fraudulent calls

Fraudulent calls / Artificially Inflated Traffic (AIT)
Toll fraud, AIT, etc

Securing Devices

dictionary attacks , brute force attacks, Intrusion Detection
Management GUI security
LAN access to devices… remote dialling
Securing devices (phones and phone system security)
fail2ban speed

Securing Dialplan

Call transfer is a threat vector especially on voicemail and forwarded calls …
Securing Dialplan (voicemail and transfer features as threat)

Profiling, Monitoring and Response

Profiling, Monitoring and Automated Response

Privacy and Call Interception

Privacy / Snooping / Call Interception
Tampering / redirection / man in the middle / replay
Presence / State

Privacy and Recorded Media

Authorised Users,
Privacy of recorded media eg Call Recordings and VoiceMail
Privacy of usage data : Call Data Records (CDR’s), user details etc

Data Protection

ISO 27001

 

Conclusion and Recommendation

Managing a phone system is difficult. In particular keeping up with the changing threat environment and risk exposure is technically challenging, time consuming and potentially very expensive. Voxbit Ltd have committed a lot of time and effort to implementing and improving best practice. We have developed a secure robust managed service, allowing our customers to spend their time running their business. We look after their phones.

As a business owner or decision maker it makes sense to concentrate on adding value to your business. There is a strong case for using a hosted managed phone service to mitigate your legitimate security concerns.

[[voxbit.net/orders|Look at Voxbit products]]