The top concerns that prospective businesses have when considering implementing or migrating to a VoIP telephony system is that of reliability and quality of the voice calls. This is understandable because I think we have all in the past have had less than stellar experiences with consumer class VoIP solutions where calls drop for no reason and the voice quality is poor. Fortunately, business class VoIP solutions can usually dispel any fears that prospective clients may have.
However, hot on the heels of reliability and quality comes the major concerns that many businesses harbor with regards security. Unfortunately, security in VoIP is not nearly so well addressed and is to this day a serious issue that needs consideration and remediation.
As with any internet application, security should be a real concern and it is therefore important that IT understand the security vulnerabilities and the inherent risk that they manifest. IT should fully appreciated the threats and be capable of mitigating the risks before committing the business to a VoIP telephony solution.
So what are the major security threats to VoIP?
- Denial of Service
- Voice Call Fraud
- Phreaking
- Eavesdropping
- Man-in-The-Middle Attack
- Call Tampering and Hijacking
- Malware, Worms and Viruses
1. Denial of Service Attacks
Denial of Service attacks are one of the most common and disruptive form of malicious attack. This is primarily because it takes very little skill and can be launched successfully using many free online tools. Hackers and other unscrupulous competitors can bring a company’s VoIP system to a halt using a simple DoS attack. The denial of service comes about when an attacker floods the main internet connection, the link or pipe to the service provider, with useless data. By flooding the businesses internet connection the attack will consume all the available bandwidth preventing any new calls from being initiated and causing severe quality issues with existing active calls.
Furthermore, the attacker may use more sophisticated attack techniques, which target the VoIP server, using SIP session initiation messages to consume available SIP resources. The attacker may also attack not just the Voice but also the data networks by targeting the internet router or firewall using sync attacks that consume resources and prevent initiation of new TCP sessions. These simple techniques can have a devastating effect on availability, reliability and the quality of the voice service.
2. VoIP Call Fraud
Voice call fraud typically involves an attacker penetrating the network and gaining permission and access to make unauthorized and free calls. There are two main types of call fraud:
- Phreaking – Phreaking is the process of illegitimately gaining access to a business’s VoIP service provider information, including account numbers, access codes and so on, and illegitimately adding phone extensions to make phone calls, or making calls on existing business VoIP lines and racking up a huge service provider bill.
- Eavesdropping – Eavesdropping is another common threat and this is when a hacker taps into a VoIP phone call and listens in to get the names of employees, their passwords, phone numbers, and other information. Eavesdropping is done thorough sniffing traffic crossing the wire or via eavesdropping wireless traffic. The hacker can then use the information captured to gain access to voice mail, calling plan details, administrative portals and billing information. Hackers will eavesdrop on business VoIP calls in order to facilitate identity theft, VoIP service theft, and corporate sabotage.
3. Man-in-the-Middle Attacks
These are sophisticated attacks, where a hacker uses software tools to fool the client into believing it is a server and vice versa. By sitting transparently between the genuine client and the genuine server, the man-in-the-middle can intercept all the traffic flowing between them, manipulate the data, and replay the messages. Man-in-the-Middle attacks are very effective in capturing sensitive information and are particularly vulnerable over wireless connections where evil twin access points can be installed to capture unwary clients. Man-in-the-Middle attacks are much harder over wired switched networks as sniffing the traffic on a dedicated LAN of VLAN is far harder and requires direct access to switches and their configuration.
4. VoIP Call Tampering and Hijacking
VoIP call tampering is technique whereby a hacker maliciously sends a stream of data packets with the intention of causing interruption to the VoIP communication stream. This attack will result in poor call quality, dropped calls, and delays in voice signaling. A third party can then intercept the VoIP call signals and then change the encryption key of the digital signature of the call, to their own public key. This can cause serious issues with authentication and privacy. This is also some-times called Phishing over VoIP.
5. Malware, Worms and Viruses
As with all network based hosts VoIP clients are prone to the effects of malware, worms and viruses. Malware and worms can consume network bandwidth and viruses can create their typical havoc with PC software, and softphones are specific targets. Malware and viruses can destroy data on hosts, steal sensitive information and provide Trojan backdoors to critical hosts. VoIP hosts and servers are just as vulnerable to malicious software as any other network client, and should be treated as such.
6. VoIP Countermeasures
Just like any other network application the best countermeasures and remediation techniques for the majority of malicious software, eavesdropping, hijacking and hacking attacks on the network is encryption. Most business VoIP solution offer encryption as an option so you should be sure to enable it on all VoIP clients and servers. In addition to encryption, there is the requirement of authentication.
7. Authentication Protocols
Authentication protocols such as PAP, CHAP, Kerberos and Radius provide various levels of authentication and identity management with Pap being the weakest, CHAP and Kerberos definite improvements and Radius the most secure but expensive and complex to implement. Identity management however is critical in today’s networks. Therefore as a matter of best practice, the VoIP system must leverage any authentication system, access management or existing identity protocols already implemented, for example MS Active Directory.
With regards malware, worms and viruses then typical antivirus, antimalware software should be installed and actively monitored to ensure hosts are updated.
For larger networks, which are hosting VoIP, IT may consider installing Intrusion Detection/Protection Systems (IDS/IPS) that can perform wire speed deep packet inspection. These devices can look deep inside data packets to spot malicious packets by looking for known signatures.
However, for more specific VoIP countermeasures and quality of service controls, IT should be considering Session Border Controllers (SBC). Session border controllers are devices used in VoIP networks to control media streams and protocol signals that can start, conduct, and stop VoIP voice calls. SBCs also provide control mechanisms for quality of service (QoS) to ensure that all VoIP calls have the best voice quality possible.
Call Fraud is best mitigated using white lists of countries employees are authorized to call. By restricting access to international calling, most call fraud can be avoided. By utilizing these VoIP security tools and security protocols that are readily available today, IT can secure the VoIP systems and provide reliable, available and confidential VoIP service for the organization.
- Full Ringcentral vs Nextiva Comparison - July 8, 2020
- Nextiva Vs Virtual PBX – in-Depth Comparison - July 8, 2020
- Five9 Call Center Software – Full Review - July 6, 2020