There’s a lot to be said about VoIP and its impact on businesses in the last few years. Enterprises are heavily dependent on it for seamless communications between devices located within their intranet and external devices using the Internet. But with its multiple benefits such as flexibility, scalability, and cost efficiency, comes a downside: security concerns.
VoIP communication systems popularly use Session Initiation Protocol (SIP) to control VoIP sessions, and this protocol is most frequently targeted by cybercriminals.
Attacks that impact VoIP security
Attackers use the below methods to attack VoIP-based communication systems:
- Network system exploitation that involves the compromise of voice-based systems, softphones, hard phones, etc., for wiretapping attacks and user account credential theft. According to the Verizon Data Breach Investigation Report (DBIR), over 40% of all breaches are caused by credential theft. Over 60% of breaches within hacking involved brute force attacks or the use of lost or stolen credentials.
- Man-in-the-middle attacks that involve sniffing communication data and redirecting communications to unintended destinations.
- VoIP spams such as scam calls, robo calls, and other unnecessary calls that lead to user credential theft, fraud, and other crimes. According to the Verizon report, phishing and the use of stolen credentials are the top five methods used by cybercriminals with 36% of all data breaches involving phishing.
- Vishing attacks that involve automated calls to people who are tricked into sharing sensitive information about themselves or their businesses that resulting in massive financial losses to them.
- Toll fraud in which unauthorized calls are made to premium numbers or high-rate destinations result in large telecom bills.
- DDoS and DoS attacks in the form of TDoS attacks that aim to overwhelm and disrupt the communication system services.
The SBC defense
SBCs are the primary defense against attacks on SIP-based communication systems. They act as a border patrol of your networks by controlling and regulating the communication traffic and allowing only authorized traffic inside the network.
However, there’s a catch!
Deploying SBCs might give you a false sense of security.SBCs can only do their job of enhancing your network security if you configure them correctly and customize the settings to your network topology and the latest threat intelligence. It’s like riding a bicycle. Your bicycle could have brakes for when you want to stop, but if the brakes are rusty or not adjusted properly, where does that leave you?
Top aspects of SBC security
You need to primarily focus on the following aspects for securing your network using Session Border Controllers:
- Detecting brute force attacks.
- Using secure communication protocols, such as TLS and HTTPs.
- Monitoring calls, including spikes in the number of calls and calls to premium numbers.
- Deploying a strong user account policy.
- Configuring Call Admission Control and call session thresholds.
- Enabling Intrusion Protection System (IPS) and Intrusion Detection System (IDS) features.
- Enabling logging of communication data and actively monitoring the communication system parameters and thresholds.
Top challenges faced in SBC security
Securing SBCs such that they best work for your enterprise network topology is a challenging proposition. You must be aware of exactly how and where each network component is deployed and configured. You must also be aware of how the communication data flows through your network.
Enterprises occupy an average of five to seven networks containing multiple components within each network. This is often an asset management problem, which in turn, becomes a vulnerability management problem. Typically, securing SBCs requires configuring over 50 policies and 100 control checks. You can try doing this manually, but how many of us can confidently claim to be able to manage this mammoth task accurately?
● How do you secure SBCs and your communication security infrastructure while ensuring scalability?
● How do you maintain control of a dynamic enterprise network where different systems need multiple specific checks?
● How do you practically keep track of evolving regulations and ensure compliance in a volatile geopolitical and regulatory environment?
● How do you keep track of the latest VoIP security threat intelligence, be it attack signatures, or premium rate numbers, given the sheer volume and ever-evolving nature of attacks?
● How do you ensure that your incident response and remediation workflows stop and prevent attacks on a dynamic basis without breaking existing workflows?
The role of SBC security in VoIP security
According to the Verizon report, 22% of data breaches occur because of errors such as misconfiguration and human lapses. Even these are usually discovered by security researchers, unrelated parties, and customers. This means that very few issues are detected by people working within the enterprises. It’s a similar story even for SBCs. Even if you could manually configure them, it makes sense to evaluate if you have the specialized skills, data, and the resource bandwidth to do this.
Whatever the approach you take, make sure that regular scanning of SBCs, periodically reviewing their configurations, updating configurations dynamically based on the latest threat intelligence, are a part of your VoIP security model.
If you have any questions on SBC security, why it matters, and details of implementing SBC security best practices, please get in touch with us at sales@assertion.cloud