The business community has embraced the use of Voice Over Internet Protocol (VOIP) systems for businesses accross the spectrum: small, medium or large. However, hackers have taken notice too and exploitation of VOIP systems is becoming ever more lucrative. Securing your VOIP systems is mission critical! Here’s the low down on VOIP Security:
Why do I need to secure my VOIP?
The quick answer is to avoid major financial losses and service interruption but here’s some more detail on 3 common attacks:
- Toll Fraud – Hackers can rack up massive long distance charges on your account. This can result in tens of thousands of dollars in fraudulent charges showing up on your bill. Check out my post from October, protecting yourself from toll fraud to learn more about the specifics.
- Phishing over VoIP – Phishing – you might be familiar with this term as it relates to email, where “phishers” attempt to snag consumers’ identities or account credentials. As it relates to VoIP, “phishers” can spoof “calling party identity.” Many times this comes in under the radar and it’s difficult to track and catch such callers.
- Eavesdropping – Protect your credentials, identities and proprietary information! Hackers can steal phone numbers and account pin numbers allowing them to get control of your accounts, by eavesdropping on VoIP calls
What do I need to secure my VOIP?
VoIP uses a text based signaling protocol, SIP (Session Initiation protocol). Unfortunately, hackers can utilize very simple technology tools to capture these packets. When successful, they can capture calling numbers, called numbers, user names and other kinds of information. To make VoIP secure we need to make sure that signaling and media is secure and fail proof against any security attacks.
How do I secure my VOIP?
There are many ways to address security threats against VoIP. We can apply all available measures to secure an IP link to VoIP. Some providers offer their VOIP services over the public internet, while other providers offer service over VPN. Service over VPN segregate your VoIP traffic from other customers’ traffic and the public Internet which can be more susceptible to attacks.
Encryption, encryption, encryption!! Protocol-based security is your friend. Fortunately, VoIP provides encryption for both signaling and media. Signaling (SIP) can be run over TLS (Transport Layer Security) which you may recognize as a standard practice for web browsing. Media can be encrypted by following the SRTP (Secure Real-time Transport Protocol,) which is one of the highest levels of security you can currently employ for VoIP.
Need help in navigation through all of this? Don’t worry, the Teltek team can help. Give us a call to discuss securing your VOIP.
Teltek is a Certified Avaya Business Partner, NEC Dealer, and Microsoft Partner with two locations in the Baltimore Metropolitan area. We specialize in providing one call technology support for small to mid-sized businesses and nonprofits in Maryland, Washington, DC and Virginia.