SlideShare a Scribd company logo
1 of 4
Download to read offline
It’s time to boost VoIP network security
More businesses than ever are jumping on the Voice over IP (VoIP) bandwagon today. Aside from significant cost
savings (when compared to traditional phone services), VoIP also offers many value-added features such as
voicemail-to-email transcription, barge and whisper service, call screening, conferencing, music on hold, find
me/follow me call routing, portability, and increased flexibility and mobility for employees that are always on the
move or required to travel.
Although VoIP’s advantages have plenty to offer the business world, there is also the need for companies to secure
voice technology. While the 2015 cyberthreat landscape is beginning to look even more stealth and treacherous than
last year, let’s not forget that 2014 was dubbed “the year of the breach.”
When it comes to securing VoIP, it is time for businesses to go beyond basic compliance and become proactive in
securing VoIP technology from hackers. Since VoIP packets flow over the network (just like data packets do),
sensitive corporate information could be intercepted. Some of the same threats that affect data networks can also
affect VoIP.
Other threats that can affect VoIP systems are:
 Conversation eavesdropping/sniffing
 Default passwords
 Hacked voicemail
 Identity spoofing
 Man-in-the-middle exploits.
 Denial of Service (DoS) attacks
 Toll fraud
 Web-based management console hacks.
The Shodan search engine
Recently, I ran a query on Internet-connected devices from the Shodan search engine— I was amazed when I
discovered that beyond public-facing servers and devices — banners for voice-over-IP (VoIP) SIP servers were also
prevalent. While digging around in search, I discovered a U.S. government agency that is using an out-dated Cisco
TelePresence Video Communication Server, and if I was a malicious hacker, I would be thrilled to know that this
particular server contains two serious vulnerabilities.
If you are wondering what Shodan is — it is an Internet search engine that helps you to find vulnerable device
targets. It has been described as a search engine for hackers; an IoT device search engine; a tool for IT pros and
hackers; and frequently described as the scariest search engine on the Internet.
Null Byte states that “Shodan can find us webcams, traffic signals, video projectors, routers, home heating systems,
and SCADA systems that, for instance, control nuclear power plants and electrical grids. If it has a web interface,
Shodan can find it!”
If you want to find out if your VoIP system may be vulnerable, you can check out the Shodan search
engine here and input net:your.ip.add.ress in the search box.
Hackers for hire
Identity theft expert, Robert Siciliano recently wrote about “hackers for hire”who currently operate a website
(launched last November) called Hacker’s List. There are also hacker’s for hire on the Darknet (and plenty of them
too), in both the marketplace and on secret forums that offer VOIP hacking services. With so much hacker
availability, securing and monitoring your voice network is mandatory.
While hackers are continually discovering new ways to attack VoIP systems, there are some established favorite
approaches. Also known as ‘footprinting,’ these techniques rely on information that unsuspecting VoIP users make
publicly available.1
Social media sites (LinkedIn, Facebook), job sites, company websites, web searches, web crawlers (HTTrack), etc.
can be used to gather publicly available information about an organization’s business, employees, and network.
Company job postings can contain a plethora of information about internal network systems and often can become
an asset for a hired hacker. If you are going to write a job description, try to avoid footprinting. As an example:
Footprinting: He or she will also be responsible for integrating the SHORETEL VoIP system with CISCO VoIP.
No footprinting: He or she will also be responsible for integrating VoIP (SIP) servers, infrastructure, and
applications.
Let’s get back to VoIP security…
VoIP security is a challenge for many companies, but the bottom line is: VoIP security should operate on the same
rung as network data security — both forms of data contain valuable information. Remember this: The bad guys
never sleep; they are always looking for new and innovative ways to hack into business VoIP systems.
Best security practices should include:
1. Separating data traffic from voice traffic by creating two virtual VLANs.
2. Protecting the remote admin interface with a complex password and non-standard port.
3. Encrypting sensitive voice traffic.
4. Using Secure Session Internet Protocol (SIPS) for protection from eavesdropping and tampering.
5. Applying physical and logical protection: The VoIP server should be behind a SIP-aware firewall and
intrusion prevention system (IPS).
6. Creating user names that are different from their extensions.
7. Keeping VoIP systems always up-to-date and patched.
8. Limiting calling by device.
9. Using encryption to secure calls.
10. Setting strong security policies.
11. Utilizing traffic analysis and deep packet inspection (DPI).
12. Properly securing VoIP gateways.
13. Using a strong voicemail 6-digit passcode or device certificate.
14. Deleting sensitive voicemail messages.
15. Removing mailboxes when employees leave the company.
16. Limiting invalid login attempts.
17. Restricting type of calls allowed on the network and implementing time of day policies.
18. Disabling international calls by default.
19. Security awareness training for employees.
20. Requesting that all employees report odd occurrences.
With hacking and ongoing data breaches playing a strong lead in the headlines lately, what other security strategies
should be implemented?
Resources:
Are You Vulnerable to Voice over IP Hacking?
How to Detect and Guard against VoIP Security Vulnerabilities
SANS: Security Issues and Countermeasure for VoIP
VOIP security risks overlooked
VoIP vulnerabilities: Why firewall protection is not enough
Shodan: The scariest search engine on the Internet
Network security resources from Dell
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the
evolving world of tech. For more on these topics, visit Dell’s thought leadership site PowerMore.Dell sponsored this
article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.
1
Hadley, J. (2014, Sep. 29). Are You Vulnerable to Voice over IP Hacking? [Web log post]. Retrieved April 15,
2015, from http://www.cloudwedge.com/vulnerable-voice-ip-hacking/

More Related Content

What's hot

WP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONWP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONJohn Pinson
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 Tonex
 
Pixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionPixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionTiago Henriques
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...CODE BLUE
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Webzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandWebzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandTiago Henriques
 
Odoo iot box integration
Odoo iot box integrationOdoo iot box integration
Odoo iot box integrationCeline George
 
Top 10 Tips for Data Security
Top 10 Tips for Data SecurityTop 10 Tips for Data Security
Top 10 Tips for Data Securitylgcdcpas
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESManisha Luthra
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
Cyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionCyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionmoldovaictsummit2016
 
The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017Tiago Henriques
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Analyst sample Presentation
Analyst sample PresentationAnalyst sample Presentation
Analyst sample PresentationRichard Smiraldi
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
The Ins and Outs of Data Security: Kareo Success Summit
The Ins and Outs of Data Security: Kareo Success SummitThe Ins and Outs of Data Security: Kareo Success Summit
The Ins and Outs of Data Security: Kareo Success SummitKareo
 

What's hot (20)

WP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONWP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTION
 
IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019 IoT Security Training, IoT Security Awareness 2019
IoT Security Training, IoT Security Awareness 2019
 
U S Embassy Event - Today’S Cyber Threats
U S  Embassy  Event - Today’S  Cyber  ThreatsU S  Embassy  Event - Today’S  Cyber  Threats
U S Embassy Event - Today’S Cyber Threats
 
Pixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet versionPixels Camp 2017 - Stranger Things the internet version
Pixels Camp 2017 - Stranger Things the internet version
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are Asking
 
Webzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in SwitzerlandWebzurich - The State of Web Security in Switzerland
Webzurich - The State of Web Security in Switzerland
 
Odoo iot box integration
Odoo iot box integrationOdoo iot box integration
Odoo iot box integration
 
Top 10 Tips for Data Security
Top 10 Tips for Data SecurityTop 10 Tips for Data Security
Top 10 Tips for Data Security
 
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURESON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Cyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionCyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, prevention
 
The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017The state of cybersecurity in Switzerland - FinTechDay 2017
The state of cybersecurity in Switzerland - FinTechDay 2017
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Analyst sample Presentation
Analyst sample PresentationAnalyst sample Presentation
Analyst sample Presentation
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]
 
The Ins and Outs of Data Security: Kareo Success Summit
The Ins and Outs of Data Security: Kareo Success SummitThe Ins and Outs of Data Security: Kareo Success Summit
The Ins and Outs of Data Security: Kareo Success Summit
 
Vz scrubbed sample_2
Vz scrubbed sample_2Vz scrubbed sample_2
Vz scrubbed sample_2
 

Viewers also liked

A mathematical theory of communication
A mathematical theory of communicationA mathematical theory of communication
A mathematical theory of communicationGabriel Martinez
 
Amt coursera - imp - submission 2
Amt   coursera - imp - submission 2Amt   coursera - imp - submission 2
Amt coursera - imp - submission 2Almnth
 
The Evolution of VoIP-A look into how VoIP has proliferated into the global d...
The Evolution of VoIP-A look into how VoIP has proliferated into the global d...The Evolution of VoIP-A look into how VoIP has proliferated into the global d...
The Evolution of VoIP-A look into how VoIP has proliferated into the global d...Bradley Susser
 
June 2015 - OpenStack-fr meetup - Designing CloudWare applications
June 2015 - OpenStack-fr meetup - Designing CloudWare applicationsJune 2015 - OpenStack-fr meetup - Designing CloudWare applications
June 2015 - OpenStack-fr meetup - Designing CloudWare applicationsJean-Charles JOREL
 
050 sampling theory
050 sampling theory050 sampling theory
050 sampling theoryRaj Teotia
 
Telecommunications Industry:Trends, Challenges & Opportunities
Telecommunications Industry:Trends, Challenges & OpportunitiesTelecommunications Industry:Trends, Challenges & Opportunities
Telecommunications Industry:Trends, Challenges & OpportunitiesIBA
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation tofael1
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)habib_786
 
Chapter 3 - Data and Signals
Chapter 3 - Data and SignalsChapter 3 - Data and Signals
Chapter 3 - Data and SignalsWayne Jones Jnr
 
The effect of technology on today's society ppt
The effect of technology on today's society pptThe effect of technology on today's society ppt
The effect of technology on today's society pptoacore
 

Viewers also liked (15)

A mathematical theory of communication
A mathematical theory of communicationA mathematical theory of communication
A mathematical theory of communication
 
Amt coursera - imp - submission 2
Amt   coursera - imp - submission 2Amt   coursera - imp - submission 2
Amt coursera - imp - submission 2
 
The Evolution of VoIP-A look into how VoIP has proliferated into the global d...
The Evolution of VoIP-A look into how VoIP has proliferated into the global d...The Evolution of VoIP-A look into how VoIP has proliferated into the global d...
The Evolution of VoIP-A look into how VoIP has proliferated into the global d...
 
June 2015 - OpenStack-fr meetup - Designing CloudWare applications
June 2015 - OpenStack-fr meetup - Designing CloudWare applicationsJune 2015 - OpenStack-fr meetup - Designing CloudWare applications
June 2015 - OpenStack-fr meetup - Designing CloudWare applications
 
The future telecom
The future telecomThe future telecom
The future telecom
 
050 sampling theory
050 sampling theory050 sampling theory
050 sampling theory
 
Telecommunications Industry:Trends, Challenges & Opportunities
Telecommunications Industry:Trends, Challenges & OpportunitiesTelecommunications Industry:Trends, Challenges & Opportunities
Telecommunications Industry:Trends, Challenges & Opportunities
 
Sampling
SamplingSampling
Sampling
 
Sampling theorem
Sampling theoremSampling theorem
Sampling theorem
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation
 
Sampling theory
Sampling theorySampling theory
Sampling theory
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)
 
Chapter 3 - Data and Signals
Chapter 3 - Data and SignalsChapter 3 - Data and Signals
Chapter 3 - Data and Signals
 
Sampling theory
Sampling theorySampling theory
Sampling theory
 
The effect of technology on today's society ppt
The effect of technology on today's society pptThe effect of technology on today's society ppt
The effect of technology on today's society ppt
 

Similar to It’s time to boost VoIP network security

Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
CIO Bulletin - 10 Best Cyber Security Companies
CIO Bulletin - 10 Best Cyber Security CompaniesCIO Bulletin - 10 Best Cyber Security Companies
CIO Bulletin - 10 Best Cyber Security CompaniesCIOBulletin1
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Monique Jones
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
Year of pawnage - Ian trump
Year of pawnage  - Ian trumpYear of pawnage  - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
Domain 6 of CEH Wireless Network Hacking.pptx
Domain 6 of CEH Wireless Network Hacking.pptxDomain 6 of CEH Wireless Network Hacking.pptx
Domain 6 of CEH Wireless Network Hacking.pptxInfosectrain3
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesDan York
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2FitCEO, Inc. (FCI)
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLookout
 
Network Security Policy Statements For Few Dimensions Of...
Network Security Policy Statements For Few Dimensions Of...Network Security Policy Statements For Few Dimensions Of...
Network Security Policy Statements For Few Dimensions Of...Jean Arnett
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 

Similar to It’s time to boost VoIP network security (20)

Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
 
CIO Bulletin - 10 Best Cyber Security Companies
CIO Bulletin - 10 Best Cyber Security CompaniesCIO Bulletin - 10 Best Cyber Security Companies
CIO Bulletin - 10 Best Cyber Security Companies
 
Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )Ipsec And Ssl Protocols ( Vpn )
Ipsec And Ssl Protocols ( Vpn )
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Year of pawnage - Ian trump
Year of pawnage  - Ian trumpYear of pawnage  - Ian trump
Year of pawnage - Ian trump
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 
Domain 6 of CEH Wireless Network Hacking.pptx
Domain 6 of CEH Wireless Network Hacking.pptxDomain 6 of CEH Wireless Network Hacking.pptx
Domain 6 of CEH Wireless Network Hacking.pptx
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best PracticesE Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
 
Iot Devices Essay
Iot Devices EssayIot Devices Essay
Iot Devices Essay
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedure
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
 
voip_en
voip_envoip_en
voip_en
 
Network Security Policy Statements For Few Dimensions Of...
Network Security Policy Statements For Few Dimensions Of...Network Security Policy Statements For Few Dimensions Of...
Network Security Policy Statements For Few Dimensions Of...
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 

Recently uploaded

Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Recently uploaded (20)

Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

It’s time to boost VoIP network security

  • 1. It’s time to boost VoIP network security More businesses than ever are jumping on the Voice over IP (VoIP) bandwagon today. Aside from significant cost savings (when compared to traditional phone services), VoIP also offers many value-added features such as voicemail-to-email transcription, barge and whisper service, call screening, conferencing, music on hold, find me/follow me call routing, portability, and increased flexibility and mobility for employees that are always on the move or required to travel. Although VoIP’s advantages have plenty to offer the business world, there is also the need for companies to secure voice technology. While the 2015 cyberthreat landscape is beginning to look even more stealth and treacherous than last year, let’s not forget that 2014 was dubbed “the year of the breach.” When it comes to securing VoIP, it is time for businesses to go beyond basic compliance and become proactive in securing VoIP technology from hackers. Since VoIP packets flow over the network (just like data packets do), sensitive corporate information could be intercepted. Some of the same threats that affect data networks can also affect VoIP. Other threats that can affect VoIP systems are:  Conversation eavesdropping/sniffing  Default passwords  Hacked voicemail  Identity spoofing  Man-in-the-middle exploits.  Denial of Service (DoS) attacks  Toll fraud  Web-based management console hacks.
  • 2. The Shodan search engine Recently, I ran a query on Internet-connected devices from the Shodan search engine— I was amazed when I discovered that beyond public-facing servers and devices — banners for voice-over-IP (VoIP) SIP servers were also prevalent. While digging around in search, I discovered a U.S. government agency that is using an out-dated Cisco TelePresence Video Communication Server, and if I was a malicious hacker, I would be thrilled to know that this particular server contains two serious vulnerabilities. If you are wondering what Shodan is — it is an Internet search engine that helps you to find vulnerable device targets. It has been described as a search engine for hackers; an IoT device search engine; a tool for IT pros and hackers; and frequently described as the scariest search engine on the Internet. Null Byte states that “Shodan can find us webcams, traffic signals, video projectors, routers, home heating systems, and SCADA systems that, for instance, control nuclear power plants and electrical grids. If it has a web interface, Shodan can find it!” If you want to find out if your VoIP system may be vulnerable, you can check out the Shodan search engine here and input net:your.ip.add.ress in the search box. Hackers for hire Identity theft expert, Robert Siciliano recently wrote about “hackers for hire”who currently operate a website (launched last November) called Hacker’s List. There are also hacker’s for hire on the Darknet (and plenty of them too), in both the marketplace and on secret forums that offer VOIP hacking services. With so much hacker availability, securing and monitoring your voice network is mandatory.
  • 3. While hackers are continually discovering new ways to attack VoIP systems, there are some established favorite approaches. Also known as ‘footprinting,’ these techniques rely on information that unsuspecting VoIP users make publicly available.1 Social media sites (LinkedIn, Facebook), job sites, company websites, web searches, web crawlers (HTTrack), etc. can be used to gather publicly available information about an organization’s business, employees, and network. Company job postings can contain a plethora of information about internal network systems and often can become an asset for a hired hacker. If you are going to write a job description, try to avoid footprinting. As an example: Footprinting: He or she will also be responsible for integrating the SHORETEL VoIP system with CISCO VoIP. No footprinting: He or she will also be responsible for integrating VoIP (SIP) servers, infrastructure, and applications. Let’s get back to VoIP security… VoIP security is a challenge for many companies, but the bottom line is: VoIP security should operate on the same rung as network data security — both forms of data contain valuable information. Remember this: The bad guys never sleep; they are always looking for new and innovative ways to hack into business VoIP systems. Best security practices should include: 1. Separating data traffic from voice traffic by creating two virtual VLANs. 2. Protecting the remote admin interface with a complex password and non-standard port. 3. Encrypting sensitive voice traffic. 4. Using Secure Session Internet Protocol (SIPS) for protection from eavesdropping and tampering. 5. Applying physical and logical protection: The VoIP server should be behind a SIP-aware firewall and intrusion prevention system (IPS). 6. Creating user names that are different from their extensions. 7. Keeping VoIP systems always up-to-date and patched. 8. Limiting calling by device. 9. Using encryption to secure calls. 10. Setting strong security policies. 11. Utilizing traffic analysis and deep packet inspection (DPI). 12. Properly securing VoIP gateways. 13. Using a strong voicemail 6-digit passcode or device certificate. 14. Deleting sensitive voicemail messages. 15. Removing mailboxes when employees leave the company. 16. Limiting invalid login attempts. 17. Restricting type of calls allowed on the network and implementing time of day policies. 18. Disabling international calls by default. 19. Security awareness training for employees. 20. Requesting that all employees report odd occurrences.
  • 4. With hacking and ongoing data breaches playing a strong lead in the headlines lately, what other security strategies should be implemented? Resources: Are You Vulnerable to Voice over IP Hacking? How to Detect and Guard against VoIP Security Vulnerabilities SANS: Security Issues and Countermeasure for VoIP VOIP security risks overlooked VoIP vulnerabilities: Why firewall protection is not enough Shodan: The scariest search engine on the Internet Network security resources from Dell This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. For more on these topics, visit Dell’s thought leadership site PowerMore.Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies. 1 Hadley, J. (2014, Sep. 29). Are You Vulnerable to Voice over IP Hacking? [Web log post]. Retrieved April 15, 2015, from http://www.cloudwedge.com/vulnerable-voice-ip-hacking/