Securing your voice services in 2017

February 1, 2017

Voice over IP (VoIP) services are expected to continue double digit growth well into 2020. Installing copper PRI’s is for the most part a thing of the past, as the majority of new voice circuits are now delivered over fiber and Ethernet hand offs. What was once a dedicated and secure point-to-point copper circuit has become part of the public IP domain from a transport perspective. Firewalls protect the enterprise from attack and intrusion, border controllers man the perimeter, but in amongst the defenses lurks an Achilles heel that risks exploitation.

The enemy you know

Port 5060 is the standard TCP/IP port number that SIP signaling operates on for the majority of all SIP Trunk Providers. SIP is the “instruction set” that every VoIP call uses to place a call to the public telephone network (PSTN). Depending on the enterprise, firewalls cannot effectively filter out all traffic destined to port 5060, leaving it exposed to a range of cyber-threats. Interestingly enough, one of the most common exploits originates from an application that was originally designed to protect VoIP, not expose it.

SIP Vicious was created in 2004, with the ultimate purpose of auditing port 5060 to determine whether or not a VoIP system was secure. In 2017, security is still the primary mission of SIP Vicious, as asserted by its creators at a recent conference. The unfortunate reality is that SIP Vicious is now one of the most common threats to all VoIP systems globally. In no small part this is due to its creators taking the code public, the result of which being that hackers with malicious intent have gone on to modify the code for their own various and nefarious purposes.

(Want to learn more?)

SIGN UP FOR CCG'S VOICE SECURITY WEBINAR

A layered defense strategy is the best option for VoIP security

In the current high-stakes tech security landscape, there is no single solution that covers every possible threat. Session Border Controllers (SBCs) are designed to block malicious requests from various sources, including those originating from SIP Vicious probes. The problem is that once targeted, your system is open to further Distributed Denial of Service (DDoS) attacks or even deeper probing. This is a problem that is not going to disappear anytime soon, and one that requires innovative and adaptive maneuvering in the way that your VoIP services are secured. The firewall and SBC are only part of the solution.

A defense strategy that provides multiple layers of protection at the IP port level in addition to bi-directional results is necessary. Without a robust security strategy at the packet level, toll fraud and “bots” may go undetected because they are able to infiltrate your system, gaining access to your internal network through various tactics and then generating outbound traffic. Without proper protection, your system may not detect this type of attack simply because it originates from within your perimeter and is therefore deemed safe.

Join CCG’s Voice Security Services webinar to find out more.

Keeping your communications secure means staying up to date with the latest security threats and implementing solutions that will protect you and your company from them. Join CCG Telecom for a 30-minute webinar on March 6th @ 11:00AM EST to learn more about Voice Security Services and the enterprise level options that are available. This webinar is intended to provide awareness of security threats, how to identify them and the steps you can take to ensure your company’s communications network is protected.

SIGN UP FOR CCG'S VOICE SECURITY WEBINAR

Webinar is March 6th from 11:00-11:30 AM EST