What’s common between VoIP security and a jar of jam on your kitchen table? Read on to find out.
Ever looked at a jar of jam and the line of ants near its lid? Look closer and you’ll see what got them there. You probably left the jar just a little bit loose – which is enough for one ant, and another, and then another, and then a whole queue of them.
In the case of enterprises, an unsecured SBC is to attackers what loose lids are to ants – just enough of a path to make it through.
Attackers on the internet are a lot like ants – may be a lot more focused and persistent. Once they learn how vulnerable and weak your systems are on the inside, they’re going to keep trying till they make their way in.
An unsecured SBC: A weak link that turns into a gateway
In our experience of scanning hundreds of SBCs, we’ve seen how little attention companies pay to basic security elements like the cloud posture of SBCs.
The same cannot be said of attackers though. They are constantly scouting for SBCs with public IPs. Once they are able to lay their hands on such internet-exposed/facing SBCs, they look for security loopholes to exploit and to get an entry into the company’s communications network. These weaknesses tell them a lot about what they need to know about a company’s security practices.
Going back to the jam jar analogy, by discovering the SBC weaknesses exposed on their public IP addresses, attackers have found their loose lid.
What does this mean for a company?
Any security gaps or vulnerabilities observed in the configuration of a company’s SBC can be used to plan and launch malicious attacks on one or more servers of the organization.
Probing SBCs’ cloud posture as part of reconnaissance
An unsecured SBC can be used as part of a reconnaissance attack to uncover vulnerabilities in the entire organization’s server infrastructure. Data from such a reconnaissance attack gives attackers critical information about the certificates used on the chain.
And just like that, a mostly-ignored aspect in your cloud posture is the reason why your company is now on the radar of attackers.
It’s only a matter of time before they find and exploit other servers/IPs linked to this chain.
For instance, weak cipher strength of your SBC or the usage of weak transport layer security signals to attackers that man-in-the-middle attacks are an easy way to break into your network. Attackers can launch phishing attacks by using certificate issues found on the unsecured SBC.
Think about this: Any expired/vulnerable certificate of your SBC can be exploited, and even traded on the dark web. This means that a certificate linked to your company can be used for illegal or unauthorized activities online. Think about the massive reputational loss this poses to your company.
A weak SBC posture is about much more than weakened VoIP security. It provides attackers intelligence and data on your company’s security practices, placing at risk every other public-facing server and system.
Fixing your SBC’s cloud posture for improved VoIP security, and MUCH MORE
Ports and services, certificates, ciphers, and encryption practices. These are the security elements, attackers are looking to exploit to gain entry into the system. It’s easy to understand how the longer the cloud posture is left unsecured, the higher the chances of attacks from multiple sources.
By exposing the weak links in your SBC’s cloud posture to the internet for an extended duration, you are practically inviting attackers to attack your systems.
What’s worse is that companies often have no idea of what the public/internet-facing posture of their SBCs looks like. Assertion’s 2021 State of SBC Security report found that nearly 50% of internet-facing SBCs have unsecured configurations.
Are you making the same mistakes? Talk to us to find out how your current VoIP security model is working for you, and what you need to change.