For as long as the telephone has existed, so have scams to exploit its weaknesses. And while the technology may have changes, VoIP phone systems are no different. In fact, exploitations of this technology are not only more frequent, they’re easier than ever to pull off. Whether they’re rerouting calls, stealing minutes, or committing outright fraud, some wrongdoers have turned phone system exploitation into a lucrative business.
As SIP trunks -- the way you connect voice and video calls on the Internet -- become more common, they’re also becoming more susceptible to attacks. Maintaining high-level security for these systems is vitally important. Without proper security for your SIP trunks, you risk a fatal security breach.
Common Areas of Weakness
The best offense is a good defense, as they say. When it comes to your SIP trunks, you’ll want to be aware of the greatest vulnerabilities in your system.
To help you keep your data and phones safe from attacks, watch out for these popular security attacks.
- Spoofing -- In simplest terms, spoofing is the use of fake numbers to trick people into thinking calls are from a credible source. Callers often appear to be from financial or government institutions to get victims to give up personal information willingly.
- Signal or Call Interception -- Unsecured networks can allow sensitive data to pass through unencrypted. When attackers gain access to this unencrypted data, they can hijack the signal and listen to your calls to retrieve sensitive business or personal information.
- Denial of Service -- A denial-of-service (DoS) attack is achieved by overwhelming your network with data to make it unavailable to users. When these attacks come from multiple computers -- which can cause much more damage in a shorter time -- they’re referred to as “distributed denial of service” attacks, or DDoS.
- Malware -- Malware is simply any type of malicious software that can extract or steal data, leak credentials, or open backdoors for continued attacks and theft. Viruses are a type of malware, as are spyware, adware, and trojans.
SIP Trunk Security Best Practices
Now that you’re aware of some of the most common types of VoIP and SIP vulnerabilities, it’s time to implement a few key security tactics to keep your data secure. There’s no guarantee these will keep you 100% safe, but they will go a long way in reducing system and network vulnerabilities.
Use Stronger Passwords
Human nature is to take shortcuts. This is why so many people have terrible passwords. Make it a common practice -- whether for your VoIP system or other systems -- that everyone has strong passwords.
Change default passwords for your PBX immediately and use a combination of numbers, letters, symbols, and capitals. Don’t over complicate it. Sometimes, substituting numbers for letters is enough. For example, if your name is Kate, something like “K8isgr8” is perfect. You’ll also want to establish a cadence where everyone updates their passwords regularly.
Deny by Default
Because VoIP numbers can be registered anywhere in the world -- normally a benefit to your business -- it can also cause security problems. Make it a default to initially deny everyone access to your PBX. Then, only grant access to authorized users you personally know about.
Disable Unused Services
If you have unused services from your VoIP provider (for example, voicemail), ask it to disable those features.
Not using it means no one in your organization is watching it. And if no one is watching, no one will notice if it’s been breached by attackers. The safest way to secure your system is to close all doors that could potentially be exploited.
Awareness Is Your Best Defense
While there have been stories in the last few years that SIP trunks are especially open to vulnerability, your VoIP and SIP trunk security is only as strong as its weakest link. Instituting some of these best practices will prevent you and your organization from becoming another story.
Other issues you may want to consider include regular software and firmware updates, limited international calls (or blocking international numbers), management interfaces that help prevent access, and encryption and authentication methods like VPN or WPA2.
This is by no means a comprehensive list of vulnerabilities, nor solutions. But it should be enough to get you started.
