The Security Challenge: Combating VoIP Toll Fraud

The Security Challenge: Combating VoIP Toll Fraud

Proper security is becoming a big issue for most IT departments today. Without the correct security measures being put in to place, VoIP toll fraud attackers can gain easy access to your network and bring you and your company a load of problems. These tele-thieves often target VoIP businesses for the possibility to sell more minutes and the ease of entry over traditional land lines.

Toll fraud is frequently brought up due to the gigantic phone bill it results in, but there are other pain points these breaches can affect a business’ all-around success.  The presence of these illegal hackers affects the communication infrastructure on multiple levels including: incoming and outgoing calls, expected levels of quality and reliability, eavesdropping and message tampering.

Security Gap Left by Traditional Data Firewall

Avoid these security problems by being aware of the weak points and mistakes that grant hackers easy access to your VoIP Network:

  • PBX/Voicemail/Application Servers: These communications systems are particularly susceptible to security breaches due to the policy enforcement on these systems in limited, allowing redirects, transfers and forward to long distance and even international toll numbers without proper authorization.
  • PSTN Connectivity: Attackers typically exploit the fact that Session Border Control (SBCs) or Media gateways accept calls from anywhere and route them to the service provider with limited or no authentication. Sometimes even service providers employ only weak authentication on SIP trunks, and the Session Border Controller can be bypassed.
  • User/Device Authentication: Enterprises deploying phones over extended networks in low security networks without strong authentication – including lobby phones, guest rooms and the Internet – are especially vulnerable to exploitation. Without strong two-factor authentication, lost or stolen phones can be easily misused. Once attackers gain access to a misplaced device or are able to get credentials, they are ready to make calls as the authorized user.
  • Password Problems: The number one security related problem is linked to password encryption. Three of the most common password errors are (1) not changing the default administrative password used during the installation process (2) not creating sufficiently encrypted passwords for various extensions and (3) shutting off encryption for internal communications.

Lack of or inadequate VLAN separation for voice and data and basing security efforts solely on border controls are two more common blunders IT teams make. Not to worry toll fraud is a problem that can be prevented with the right security measures put in place.

Last year, to ensure customers had every tool needed in their unified experience, Avaya acquired Sipera. Sipera’s UC-Sec Appliances offer a range of features to secure unified communications, including VoIP security. If you are interested in learning more about VoIP Fraud Security, join Lantana at the Sipera Lab in Richardson for a Demo Day on Tuesday, August 31st. For more information on the event, contact Chelsea Nivens at cnivens@lantanacom.com.

1 Comment
Email Us or Call 1-800-345-4211