VoIP Security

Insufficiently protected VoIP systems can pose a serious threat to the information security of the its owner. Frequent fraud scenarios include:

  • unauthorized calls at the expense of the operator
  • unauthorized calls at the expense of the end customer (PBX fraud)
  • interception/recording and modification of calls (hence exposing private data to third parties)

Attacks on VoIP systems can be performed directly via the VoIP-protocol itself (for example SIP) or via supplementary services and systems such as web interfaces, configuration servers or insecure applications running on the same system.

Damage associated with fraud can quickly exceed several thousand Euros within a few hours, particularly on systems providing a large number of circuits into the PSTN, and hence allowing a large number of parallel fraud calls.

Countermeasures

Typical "classic" counter measures against IT security risks are firewalls, secure passwords and encryption. However, such measures are typically insufficient against VoIP security problems, since most attacks happen on the application level, and happily bypass most firewall and encryption perimeters. Addionally, firewally typically don't prevent attacks on secondary system components such as web interfaces.

IPcom's VoIP Security Services

IPCom conducts professional VoIP Security Audits. Those Audits are performed in two steps - "Black box" and "white box" audits. During a "black box" audit, an IPCom VoIP security expert examines the system without any special knowledge about the setup and configuration - with information identical to what a hacker would have access to. For "white box" testing, the operator discloses internal details of the system and its configuration, which allows for in-depth analysis of potential security problems that have not been discovered in the "white box" audit. Additionally, any web interfaces are screened and analyzed with custom Web-Screening tools.

All auditing work is performed with automated tools as well as "handcrafted" attacks against a specific system.

After the audit, the operator receives an extensive report, listing and describing all Security issues discovered - and estimating the fraud potential of the security leak. Additionally, the report includes suggestions on how to close such leaks.

Of course our VoIP security experts can also secure your system after the VoIP audit has been performed.

Based on the VoIP security screenings performed so far, 80% of the examined carrier VoIP systems exposed at least one security leak that allowed to induce serious financial damage to the operator. Most systems exposed several such serious leaks, putting their operators at risk of massive losses from the operation of the insecure system.

If you want to know the security level of your VoIP system, contact us for an non-binding offer.