Industry View
VoIP Security: The Basics
Yes, voice-over-IP threats exist, including some new wrinkles. With care, Sonus Networks' Bob Bradley says you can mitigate risks to your networks.
By Bob Bradley, Sonus Networks
The Solution:
The same precautions should be taken with phones calls as is taken when individuals fill in forms for on-line Web-based purchases and are careful not to give out such information without proper identification. There are evolving techniques to block unwanted calls and address this threat. Device and user authentication is one measure that enables network mangers to determine that the call is coming from a legitimate firm and authorized agent, minimizing risk.
Threat #6: Free rides
The ability to make free VoIP calls across a carrier's network (toll fraud) can be achieved a number of ways, including spoofing a legitimate user, intercepting their call, or hijacking one end of the conversation. From there the hacker can have a VoIP device start sending media into the network with proper call setup (Rogue media). Another example of a "free ride" is when a SIP end point simply starts sending media to a destination without any authenticated call setup at all. Rogue calls not only mean lost revenue for the carrier but there is also no assurance that these calls are simply being made to avoid payment; they may be made for clandestine reasons and the caller does not want to leave any traceability or records of the call, putting the organization in a sensitive position.
The Solution:
There are a number of techniques to mitigate these free call attempts such as Rogue RTP protection in a secure edge element as well as caller authentication using digital certificates that can be done at the network edge to stop this practice.
VoIP: Protecting from the Inside Out
In addition to the solutions explored above, there are a host of solutions available to help manage a broad range of the potential threats against IP-enabled phones. Traditional techniques used to protect and harden web servers, database systems and email systems will certainly help, but there are also a set of carrier-class border control solutions that will help organizations manage security threats from the core of their networks all the way to the access points, where many of the above mentioned threats occur. When evaluating border control solutions enterprises should a newer generation of this technology that provides increased scalability and robust features.
Organizations can obtain a carrier grade network border solution that can easily provide enterprise-reliability and scalability to ensure constant, dependable security for both existing and emerging threats. Deploying these next generation solutions, many of which are already proven globally in carrier environments, can also provide value added services such as media management and telco grade "five 9s" reliability not found in legacy session border controllers (SBC). With these solutions in place, enterprises and SMBs can move with greater confidence to next generation networks providing unified communications (UC) for employees both on and offsite.
voip security
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
