Imagine the following situation: your company’s phone bill keeps increasing and you can’t seem to figure out which department or terminal is responsible for this. And even worse: these unfamiliar calls begin to hinder the performance of your telephony infrastructure, overloading the devices, lowering the quality of your operations. So, what seems to be the problem? It’s time for you to consider that your PBX might have been hacked.
PBX invaded: how it happens?
“It is very common to see companies feeling secure because they have a firewall in place to protect their network, not considering that firewalls are not the proper tool to analyze voice data flows. It gets even worse when you think that there are those who don’t even imagine the risks they are taking by being this negligent,” explains Lauro Granzotto, Khomp’s Commercial Consultant.
Denial-of-service attacks, also known as DoS, are a very common threat. “The idea here is to degrade or interrupt the flow of calls, which can cause huge losses, ranging from lack of reliability to downtime,” he explains.
Another mode of operation for cybercriminals is the SIP Force Brute. “In order get a false authentication on the PBX and therefore be able to make calls from the hacked infrastructure, the attacker will bomb the server with different combinations of logins and passwords until a match is found,” he says.
The result is the scenario described at the beginning of this article. It is worth noting that security concerns are not restricted to call centers, they affect all types of companies — including carriers and service providers.
Session Border Controller
So, how can you protect your IP voice network from the attack of criminals? The solution that provides the best results is to implement a Session Border Controller (SBC) next to the gateways.
“The SBC is a tool that is specifically designed to control all incoming and outgoing VoIP data related to telephony operations. This allows you to detect unusual behaviors and malicious sources of traffic, for example, and prevent violation of the network that is being protected by the SBC,” explains Lauro.
In addition to prevention, select devices also offer capacities for developing contingency plans in order to mitigate damages in case of network invasion. “Khomp’s SBC offers the exclusive Register Authorization feature, which allows you to manage user profiles for all branches within your company, handling IP addresses, logins, passwords, and so on. This greatly reduces the success rate of SIP Force Brute attacks, for example,” he clarifies.
Is telephony security a topic that interests you? Read more on the subject by clicking here.Please follow Khomp’s blog!