The security built into a VoIP phone system
What kind of security is built into a VoIP phone system?
We all hear the internet is a dangerous place. How many times have you dealt with a virus, spyware, an email account or Facebook (or MySpace back in the day) getting ‘hacked into’.
Many of our customers share a very normal sense of uncertainty when looking into VoIP phone systems for their business or office. Anything that’s connected to the internet could be susceptible to a malicious action, including VoIP phone systems.
Fortunately, there are many methods that we employ to ensure that our customer base is not at risk to the vulnerabilities inherent of the technology that could compromise a VoIP telephone system. We provide robust security features to make sure that your system doesn’t become compromised.
Common security vulnerabilities on a VoIP phone system.
A voice network works much in the same way as a data network and is therefore susceptible to the same types of exploits. Fortunately, there are ways to prevent these exploits by configuring the voice network using industry standards and best practices. There are varying methods used to compromise an IP based system and new exploits are discovered and patched every day.
In order to understand how we keep you safe, let’s go over some of the more commonly used exploits when it comes to VoIP systems.
Denial of Service (DoS)
This is similar to a DoS attack on a data network. DoS attacks will flood the system with fake requests to the point where Voip services begin to fail. During a DoS attack the system would disconnect calls and inbound callers would receive busy signals.
This is the result of a compromised system or phone that is programmed to forward to an outside number. Usually this outside number is an international number so that the compromised system can be used to make international calls.
This is the result of leaving the default password set on a voicemail box. Unauthorized access can be obtained by brute force using publicly known default passwords, e.g. the extension number of the mailbox.
This is an attack that is used to disable a valid SIP registration and replace it with the attacker’s IP address. This allows the attacker to intercept, control and manipulate the calls.
Vishing (Voice Phishing)
This attack is similar to traditional phishing where the phisher pretends to be a legitimate business in order to get the target to reveal confidential information such as usernames and passwords.
How we protect you from security issues on a VoIP phone system.
The first step to protecting your network against these attacks is to know what they are in the first place so that you can take preventative measures to ensure that you will never fall victim to one of these exploits.
We understand the importance of network security and use best practices to keep your network safe from unauthorized intrusions. We configure Trusted Hosts on our hosted platform which allows us to lock down the system based on the customer’s IP address. This prevents access from any IP addresses that are not configured as trusted on the system from communicating with the system.
We also configure trusted hosts on the customer’s firewall. This prevents Denial of Service attacks on the firewall that can halt the firewall from processing valid requests due to the amount of repeated fake requests that firewall is being flooded with.
Toll fraud can be prevented by ensuring that all ports on the firewall are closed to prevent an intruder from accessing a phone on the network via an open port. This would prevent remote access to the phone. However, it does not protect again local access.
Changing the default password on the phone adds another layer of protection against the unauthorized access of the phone. As a second layer of defense against toll fraud possible is the system allows us to lock down international calling with a pin code. Upon dialing an international call the caller is prompted to enter the pin code and without the pin code the call will not be processed.
We strongly suggest that customers change their voicemail passwords during the initial setup of their mailboxes. This prevents unauthorized access to personal voicemails that could contain confidential client information. You should never share confidential information such as passwords or logins with anyone that calls in, unless you know who you are speaking with, as this is the quickest and most efficient way to grant unauthorized access to the network. Social engineering has always and will always be the easiest method for gaining unauthorized access to a network.
Staying ahead of security issues is your best bet to keep your VoIP phone system safe.
Clearly, the best way to keep your network safe is by taking preventative measures to keep it locked down and secure. We here at TDS stay vigilant and are always looking for new exploits and enjoy the challenge that each new attack brings with it.
By Jay Morales
Project Coordinator, Tele-Data Solutions
E-mail: [email protected] | Direct Line: (908) 378-1204
My name’s Jay, and I’m an engineer at Tele-Data Solutions. I’ve been in the telecom industry for two years and have been working in information technology for fifteen years, with a focus on system administration in the legal field. I specialize in remote support, and I always prioritize customer satisfaction!