How To Protect Your Network from VoIP Hacks
- Big Data, Business Phones Systems, Business VOIP, call center, Call center Systems, case study, category, Cloud, cost, CRM, Digital Transformation, Door phone, IP Phones, ipphones, partnership, PBX, protection, SIP, ternds, tips, trend, video, video conference solutions, video conference systems, Video Conferencing Solutions, VoIP, VoIP Phones, VPN, yealink
- 31 Aug, 2018
As long as you have a device connected to the network, it is immediately at a potential risk for attack. Security is no longer an aspect only the large Enterprise with sensitive data needs to worry about – every company from small to mid-size to massive needs to concern themselves with solid security practices. Hackers can and will affect any device on your network that connects to the internet, and the more devices you have the more potential back doors are left wide open.
Part of the biggest criticism against the emerging Internet of Things is just this, with so many devices and so little security, there is a massive hole directly open to not only your things and their controls, but your entire network. But this relates directly to our VoIP solutions as well, regardless of whether you are using SIP Trunking, or a Hosted PBX provider.
IBM’s Security Intelligence has put together a report of the most recent VoIP attacks, the trends evolving, methods of access and even different forms of attacks being carried out. We decided to take a really close look at just exactly what’s going on.
Seriously, VoIP Hacks?
But let’s bring that back home a bit – today, right now if your business is using VoIP or Unified Communications, it is completely possible your network is susceptible to attack. And as we have seen, VoIP attacks are actually on the rise. Since VoIP sends calls directly through the same exact path that your network uses for internet and other traffic, your VoIP connections open your network to attack and exploitation. That’s right, a hacker can gain access to your network through that old IP phone down the hall. We even have new phones, like those from Mitel, that integrate directly with your smart phone – just about everything can be vulnerable.
Without getting too bogged down in the technical details, it first makes sense to understand how and why an attack on your VoIP communications, or the network surrounding your VoIP solution, could even occur. VoIP operates on a number of different specific protocols – depending on your solution, provider and setup your office might employ just one of these protocols, or multiple. For our discussion, we will focus on three specific protocols: SIP, Cisco’s proprietary SCCP, and the more recent H225 protocol.
According to IBM Managed Security Services information, the two most compromised protocols are SIP at over 51% of detected security events in 2016, with a specific uptick in the second half of the year, and SCCP with 48% of detected security events. H225, which is part of the H.323 Protocol Suite, managed to squeeze its way in with only a mere 1% of security events.
How To Protect Your Network
While not every network will be attacked, the chances are still fairly high as you can tell, and no matter what it’s better to have a secure network than an open one. If anything, your clients and customers will thank you for that. However, nothing is worse than a false sense of security stemming from bad practices, especially when the real. Helpful security practices are simple common sense.
Use Strong Passwords – It may be tempting for the ease of use, but never, ever leave the default passwords on any IP phones, routers, switches, firewalls, Session Border Controllers, or anything connected to your network at all. Using default admin passwords without a doubt the easiest method for someone unauthorized to gain access to your network. Just about every single default password for any device can be found with a simple google search – go ahead, google your router name along with the phrase “default password,” and it should pop up. In a similar note, weak passwords like your business name, your last name or a simple date are easy to break through with brute force or just completely guess.
Encrypt All the Things! – Since VoIP calls are transmitted over the internet unencrypted, they can easily be intercepted and drained of all information. Encrypting your communications can more often than not be easily turned on and enabled or configured between multiple points that already exist on your network. Depending on how your network is setup and with what hardware is employed, this might come down to your specific VoIP vendor, or settings on hardware or even software Firewalls, Session Border Controllers, or sometimes on both VoIP routers and SMB routers.
Employ a VPN – We covered this topic in depth in the past, and its worth noting again as well. A VPN, or Virtual Private Network, is one of the easiest ways to encrypt and secure the connections of your remote or off-site workers. A VPN establishes a “tunnel” through the public internet, or publically access networks your workers might be on, to filter through only secured encrypted information to and from the office network. A VPN simply allows users offsite to access the onsite network as if they were in the same building, without a massive gaping security hole available to a public network.
Test Your Network – Depending on the size of your business, your level of expertise or availability of an IT specialist, testing your network is a great way to look for any backdoors, easy routes in or vulnerabilities. A thorough test could connect all access points, connection gateways, phone and network settings to look for any weak spots – and then of course patch them up as necessary. Adding in a fancy firewall might provide a sense of security, but without proper configuration that false sense of security could lead to an unfortunate attack down the road.