VoIP Monitoring Featured Article

Mind Your VoIP Security

May 01, 2015

By Mae Kowalke, VoipMonitoringZone Contributor

The Shodan search engine has been described as the “scariest search engine on earth,” and with good reason: It is a search engine that helps hackers find vulnerable target devices. If you’ve ever wondered how hackers find computers, VoIP servers and Internet-of-Things devices to exploit, now you know.

Just as the Internet and the cloud have made communications easier, it also has in many ways made it less secure.

VoIP is no exception. Hackers can exploit VoIP for conversation eavesdropping/sniffing, default passwords discovery, hacked voicemail, identity spoofing, man-in-the-middle exploits, denial of service (DoS) attacks, toll fraud and Web-based management console hacks.

“While hackers are continually discovering new ways to attack VoIP systems, there are some established favorite approaches,” notes Bev Robb on the Dell (News - Alert) Power More blog. “Also known as ‘footprinting,’ these techniques rely on information that unsuspecting VoIP users make publicly available.”

With footprinting, hackers use information publically available online to gain an edge for hacking their VoIP target.

For instance, a hacker has hit gold when he finds write-ups such as this online: “He or she will also be responsible for integrating the SHORETEL VoIP system with CISCO VoIP,” as Robb has noted.

The takeaway is that businesses need to be more conscious of VoIP as a potential hacking target, and to take specific remedies to keep their communications safe in the digital age.

These include separating data traffic from voice traffic by creating two virtual VLANs, protecting the remote admin interface with a complex password and non-standard port, encrypting sensitive voice traffic using Secure Session Internet Protocol (SIPS) for protection from eavesdropping and tampering, applying physical and logical protection, creating user names that are different from their extensions, and keeping VoIP systems always up-to-date and patched.

Business also should limit calling by device, use encryption to secure calls, set strong security policies, utilize traffic analysis and deep packet inspection (DPI), and properly secure VoIP gateways. Further, using a strong voicemail 6-digit passcode or device certificate helps, as does deleting sensitive voicemail messages and removing mailboxes when employees leave the company.

As with all things digital, protecting against hacking should be a priority for businesses using VoIP.

Article comments powered by Disqus

Popular Case Study

Xerox Integrates ReliaTel to Move Service Business Forward

Delivering IT Outsourcing solutions to many of the world's largest organizations...

Popular Articles

Featured Education

Featured Whitepaper

How to Bullet-Proof Your VoIP QoS and UC Service Levels

This in-depth White Paper provides insight and answers to ensure you can deliver the rock-solid communications platform needed to drive your business - without breaking your budget!

Featured Resource

End to End Service Level Management for the Entire Cisco Unified Communications Ecosystem

The ReliaTel VoIP and Unified Communications Management Solution is the ideal platform to monitor, manage, and optimize the Cisco VoIP, UC, and collaboration ecosystem that drives business communications for many of the world's largest organizations.

VoIP Monitoring for Your Business

VoIP Monitoring for Your Platform

VoIP Monitoring Latest Blog Post