Voice over Internet Protocol (VoIP) is one of the best things that ever happened to business communications. Unfortunately, cybercriminals agree — and have their sights set on the treasure trove of valuable data that awaits them at financial institutions, professional service firms, big retail stores, universities, and government agencies.
Since VoIP is Internet-based, it is vulnerable to the same types of attacks on all other web connections. Security experts believe that attackers are improving their techniques to make them capable of launching new threats. Phone eavesdropping has become a lucrative business for hackers, raking in thousands of dollars from stolen phone lines.
Threats and Warning Signs
The web is a virtual playground for attackers, who constantly search for potential victims and fine-tune their craft to launch new attacks. Depending on the gravity of the methods used, a SANS Institute paper identifies the following common threats:
- Call recording
- Call eavesdropping
- Voicemail tampering
- Worms and viruses
- Denial of Service (DoS)
- Registration hacking
- Caller ID spoofing
- VoIP toll fraud
- Data theft
- Voice spam
Call eavesdropping and recording and voicemail tampering are intended to breach privacy by leaking sensitive information or compromising corporate secrets. Attackers can then resort to blackmail and extortion.
The telltale signs of worms, viruses, and DoS are service outages and degraded service quality, such as the inability to open files or get a connection. Availability is the target of these threats, with the aim to disrupt services.
Faking authenticity through registration and caller ID spoofing is another method hackers use to create chaos. Toll fraud and data theft are two of the most dreaded threats that can cost companies financial losses as well as the leakage of critical financial information.
VoIP administrators should also be wary of warning signs. A sudden spike in the volume of calls in unlikely area codes could indicate that a hacker has successfully made an intrusion. Other signs are fake antivirus messages where there is an enterprise-grade antivirus program in place, mysteriously activated microphones, webcams, and other hardware, and unofficial Internet changes.
Securing the VoIP Network
Hackers of all flavors — from the neophyte who wants to have fun to the professional cybercriminal who wants to become rich — will continue to exploit existing vulnerabilities. This VoIP dilemma is not without hope, however, as long as companies give serious effort to beefing up security.
While users are divided on the relevance of encryption to VoIP, security-conscious companies want their data encrypted as it travels across the VoIP network to prevent hijacking. Security vendors have a number of encryption solutions, but it remains unclear which method can be considered as the encryption standard for VoIP.
Strong and Unique Passwords
Password security is one of the first lines of defense in many Internet-based systems. Strong passwords are those that use, among others, eight or more characters that include letters, numbers, symbols, and upper and lower case characters. Additionally, a good rule of thumb is to change passwords as often as possible.
Firewalls are one of the most important tools for VoIP security. They help control incoming and outgoing traffic on the VoIP network in much the same way as they do for other web-based traffic.
Proactive VoIP security is paramount to any communications system. Contact our experts at Copper State Communications to learn more about how you can make your voice communications work in a secure environment.