Network Security: Need of The Hour

Twitter0
Google+0
LinkedIn1
Facebook0
Pinterest0

With so many network security issues coming in the news on a regular basis it has become inevitable to look after good security measures. Computer network security problems should be given thought during the planning phase of any network, be it a huge organizational LAN or a small home network. All kinds of networks face different types of security problems. Solutions are available for each kind of threat.

Recently I asked this question as it became a front-of-mind topic of discussion around my peers, colleagues, and clients and it appears toll-fraud is still one of the largest IT security threats many c-level execs haven’t heard of, or don’t pay much attention to.

How did toll-fraud become a network security threat?

For those unfamiliar, Toll-Fraud & Phone Hacking is a multi-billion dollar industry with monetary damages more than double that of Credit Card Fraud.

So how did toll-fraud become a network security issue?

The answer is simple. VoIP!

VoIP is now the most prevalent form of voice communications and as the acronym suggests, it is Voice OVER IP, meaning the calls terminate over the network. With this in mind, network security professionals must add another service to their list of networked services to protect. Requiring them to implement policies and procedures that mitigate breaches and theft of service.

Unfortunately toll-fraud is typically a security risk many IT professionals learn about after it is to late.

Network Security Engineers need to understand network services, protocols, port-numbers, etc. However, telephony has become a suite of applications now known as Unified Communications. Simply protecting the edge with firewalls & access-lists is not enough. Some common forms of toll-fraud include

SIP Scripts – attempt to register as a phone or trunk to your Internet facing PBX. This is extremely common and can cause major monitory damages. If a script detects open ports Voice services on a public IP, they will launch an authentication attack which will attempt to make repeated calls, usually to a third-world country’s local exchange or call-center charging $2 – $4/min per call.

Hacking Voice-Messaging or voice-mail systems – After compromising users “pin” numbers, thus allowing the criminal to access the users private voice mails, make unauthorized calls from that user extension and make international calls through the voice-mail platform. Imagine someone having access to your executives voice-mails.

Compromising Soft-Phones -  Here again the hacker, could easily re-create the soft-phone account and would be able to eavesdrop on phone calls, and make unauthorized calls on your account as they see fit.

So why didn’t these Telco’s just disable their service?

Depending on the carrier they may or may not have real-time toll-fraud mitigation techniques in place, maybe they didn’t detect the abuse until the next day, or your system was compromised on the weekend.

So what can I do to mitigate toll-fraud?

Like all security risks, mitigating toll-fraud requires a full-understanding of the technology and where you are most exposed.

When designed properly, VoIP can be much more secure than copper-based phone systems and PBX’s. Start by consulting your Unified Communications or PBX provider about best practices; align their recommendations with your business objectives and your corporate security policy . If you believe you are experiencing toll-fraud, disconnect or disabled the compromised services until you are sure the threat is mitigated. Call your provider right away and tell them you suspect toll-fraud on your account and have them disable services.

While the toll-fraud attacks like all internet security risks will continue to happen and potentially become more sophisticated, there are ways to greatly reduced your risk by partnering with a Cloud Unified Communications company that is offering a bundled Unified Communications service.

The following two tabs change content below.

Annie Steffi Sydney

The author is a computer science engineer and she is currently pursuing MBA. She has received many National Awards in different fields.She has a passion for writing, social service and Bharatanatyam.

Latest posts by Annie Steffi Sydney (see all)