Session Initiation Protocol (SIP) has become a very popular Voice over Internet Protocol (VoIP) model because of its low cost, high flexibility, and ease of deployment. However, security remains one the biggest challenges in SIP-based environments. Data breaches, toll fraud, denial-of-service (DoS) attacks, and other cyber crimes happen on even the more secured systems.
Analysts in the security industry caution that enterprises are equally vulnerable to both internal and external threats. In order to work at an optimum level, a security strategy must be able to strike a sound balance between these internal and external security needs by implementing a multi-layered approach.
The Inside Job
InsightExpress, a market research company, recently conducted research on employee behaviors that threaten corporate IT assets. The study revealed the following unusual set of employee behaviors that can result in the loss or leakage of data:
- Misuse of corporate computers
- Unauthorized network and application access
- Misuse of passwords and improper login and logout procedures
- Transferring of files from corporate devices to personal devices by remote workers
- Sending business emails from personal email accounts
Knowingly or unknowingly, employees can have easy access to IT resources if systems are inadequately secured. Even if employees do not have malicious intent in the misuse or abuse of corporate computers, breaches may still happen. But the real threat from within comes from vicious employee activities such as those from disgruntled, resigning, or fired employees.
The External Force
External attackers are persons or organizations that are well-funded and highly organized. They are knowledgeable and have adequate resources to execute their craft. It requires little effort for them to breach systems with lackluster security.
External attacks often result in security threats to confidentiality, integrity, and availability. Eavesdropping on phone conversations and leakage of customer data such as passwords, financial records, and private documentation breach confidentiality. A crack in integrity happens when voice or data content, passwords, configuration, and important information stored in the system are illegally deleted or modified. Attacks on availability often result in a denial of service triggered by resource starvation, bandwidth consumption, or programming bugs.
A Culture of Enforcement
Crafting SIP security policies may be easy to do, but enforcing them is another matter. Employees often work around the most stringent policies and procedures because they either don’t understand them or are unaware of them. Creating a culture of enforcement and commitment ensures that everyone is adhering to rules such as the following:
Create and enforce solid security policies at every layer of the security ladder.This includes the network interface layer, the network layer, the transport layer, and the application layer. Regular education, training, and information campaigns for all users can make them aware of their individual responsibilities at each layer.
Implement password and access control. From the start, IT managers should require the change of factory default passwords. They then should make it a practice to implement password aging wherein users change passwords periodically.
Protect Internet and wireless channels through encryption. Along with encryption, endpoint authentication and virtual private network (VPN) technology facilitate access to trusted networks. Session border controllers, gateways, and other SIP network access devices should, however, be able to support heavy encryption loads without compromising network performance.
Detect and block intrusion immediately. Intrusion detection systems (IDS) can detect specific attack scenarios in real time, near real time, or in historical mode. This helps SIP security officers make speedy decisions on attacks in progress or do analysis work on past anomalous activities in the network.
In a shifting IT landscape, preventing breaches is an enterprise-wide challenge. A multi-layered defense against SIP security threats is the responsibility of everyone at every level of the corporate chain.