Most things in life and business, you’ll agree, have seen and often, unseen consequences. Take, for example, the Covid-19 pandemic, the seen impact was the bigger role communication systems had to play. But what was unseen was the need for communication security. The pandemic undeniably accelerated a trend that has been slowly gaining ground over the last 15 years or so – remote working. In the collaboration and contact center space, companies like Oracle, Avaya, and Cisco have been building features that enabled remote telephony (telecommuter and road warrior modes). As a remote worker, you could, occasionally, use soft phones (for UC) and soft agents (for CC) even on the venerable H.323 protocol, using VPN. Although VPN gave you the capability to take the phone on the go, there are limitations – you had to first connect to VPN before you can use your soft phones. Additionally, tunneling voice over VPN meant that VPN gateways got overloaded and had to be enhanced. And lastly, these gateways added a hop to the audio stream i.e. precious milliseconds to each packet thereby eroding user experience (More packet loss, more jitter – poorer audio experience).
Then, a decade ago, SIP came in, and as it became more and more popular, in came Session Border Controllers (SBCs). SBCs acted as a VoIP firewall and were placed in the DMZ. They made it quicker to register (no need to connect to VPN) and improved the media experience (by doing away with the need for VPN in the middle of RTP flow). This was revolutionary and made it WAY easier to roll out remote working at a global scale. And yet, remarkably few companies actually allowed staff to work from home. Why?
One word: Security.
Opening up your communications network to large numbers of remote workers also meant opening up a whole new attack surface for attackers. To add another level of complexity, consider that SIP is one of the most attacked protocols out there. Now we can see why organizations have been leery of remote workers, under normal circumstances. But thanks to Covid-19, these are not normal times.
Working from home, even for agents has become the new reality. This means IT security and administration personnel now have to account for communication security – to learn and adapt to this new world where attempts to hack communication networks are a regular occurrence.
Late in 2019, one of the biggest logistics operators on the planet, with a globally distributed footprint, ended up getting hacked. The office had an on-prem local PBX with PSTN breakout, with cloud-hosted SBCs, and conferencing capabilities. As befits a global organization, they had some pretty good security measures in place – firewalls at each stage, custom certificates, and single sign-on were standard.
The phone hackers had started slowly – staying under the radar. Registration attempts across standard extension ranges were tried – 1000, 1001, and so on. The probes had continued for over a month. Finally, on a long weekend, the attempts ramped up, with more than 35,000 registration attempts in just 24 hours! And then the phreakers found success – they managed to break in through an extension and dialed out to premium rate numbers in Eastern Europe. Over that one weekend, the hackers ended up costing the company over USD 100,000!
Could this have been prevented?
Yes, if the right communication security controls were in place…
- The extension that was broken into used a default password. A requirement for a complex password would have made things a lot more difficult.
- The hackers had used PhonerLite, a freeware phone. A user agent filter would’ve prevented the registration attempts from unauthorized user agents.
- The SBC simply trusted the PhonerLite client when it logged into the extension. Custom client certificates would’ve prevented that.
- Repeated registration attempts were made over months. Algorithms could’ve looked for suspicious patterns in failed registration attempts or in the repeated attempts to log in from a suspicious range of IP addresses.
- Calls were made on a weekend. Rate limitations (dynamic Call Admission Control thresholds) could’ve been put in place for calls on weekends or after office hours.
- Calls were made to international numbers. These could’ve been prevented through a requirement for secondary authentication.
- Calls to well-known premium rate numbers were made. A blacklist could’ve blocked calls to these numbers.
Today, remote working has opened up a world of possibilities, and so has the growth of VoIP.
The only way to make the most of it is to make communication security a priority. The risks remote brings can be avoided, removed, reduced, mitigated, or managed; with the right security posture and the right tools. You can prevent hacks, or at least detect them early.
If you have any questions or concerns about implementing a remote VOIP communication security model for your organization, please reach out to us. We’d be happy to help.
— –
Assertion® is a leading communication security solutions provider that empowers companies to Collaborate Confidently. Our ultimate goal is to secure every conversation through our advanced AI-enabled collaboration security solutions. We also provide holistic infrastructure security for over 38 collaboration products, including full-stack collaboration security solutions for the UC and CC stack.