What is a brute force attack
The Brute force attack is the simplest possible method of attacking an SBC. The method is straightforward – use cheap computing resources to keep guessing the password for an account. Think like this: a hacker learns your username and figures out the login page. Now all the hacker will do is incessantly enter your username and try one word after another (automatically, of course, that’s what computers are for!) until the right password is found.
Why do hackers use brute force to hack SBCs
As seen from its name, brute force does not rely on elegance or intelligence. It is usually undertaken by script kiddies – people who rely on simple, off the shelf hacking software to attack systems, precisely because it is easy to understand and try. It can be frustrated by some simple hygiene, and yet up to 5% of all successful attacks have been the result of brute force.
In the case of SBCs, it is entirely possible that brute force attacks are actually more successful – because of the distressingly simple requirements that many companies have for extensions and passwords.
How do they brute force your SBC
A brute force attack requires at least 3 pieces of information: the connection point, the extension, and the security code. Sharing any of these critical bits with a hacker simplifies his or her job.
Imagine a hacker has decided to hack into your company’s communication network – the first thing he (a significant majority are male) would need would be a point at which he can connect to – an IP address and port through which your regular users access your infrastructure. Once he has found this information, the hacker needs to know an extension to hack. If the hacker knows an extension, the last bit – the password (or the security code) comes into play.
With these pieces of information, the hacker attempts to get a login prompt, enters the extension, and then attempts the password. Each piece of information is therefore critical.
How do you prevent your SBC from getting brute forced
At the highest level, you can prevent your communication network from being attacked by limiting the circulation of the three critical bits.
- The path to login (the IP address and port) is usually the easiest for a hacker to find, especially because most communication systems have a standard, approved port for remote agents to log in to. If you have a system that allows you to customize the port, doing so to a non-standard port reduces the chances of an attack, simply by foiling a vast majority of probes.
In an SBC, setting up a URI filter is a great way of protecting against probes – you can set up your SBC to ensure that only queries from approved URIs are responded to, the rest go into a black hole. - Extension ranges. Companies with simple, standard extension ranges make it easy for hackers – they will first try the standard extension ranges and look for a response. Ensuring that extensions have a larger number of digits makes life difficult for the hacker because they have to probe a larger range to get a login prompt.
- Passwords/Security codes. The longer the passwords are, the more difficult they become to hack – every one-character increase in length doubles the difficulty of a brute force attack – an increase in required character length from 8 characters to 10 means that 4 times the effort is needed by a brute force attacker. In addition, every increase in the range of allowed characters (uppercase, lowercase, specials, numbers) increases the “search space” of the attacker. Despite this being well known, several organizations require station extensions to be 4 to 6 digit numbers, which makes for predictable “usernames”. In addition, the passwords are also expected to be 4 to 6 digit numbers! Obviously, this is an invitation – please come in and hack us!
Other techniques of protection include:
- UA filters
- Certificate based authentication
- Server based TLS
- Mutual TLS
In our next blog, we will learn how these techniques are critical weapons on your defenses against SBC attacks.