January 10th, 2017
Toll fraud has very clear, direct, and immediate cost to an enterprise's bottom line.
According to the Communications Fraud Control Association (CFCA), 2015 global telecom annual fraud losses were estimated at $38.1 billion (USD). By comparison, the worldwide losses from credit card fraud during a similar period was only $16.31 billion (USD).
Whether an attacker is attempting to get free long distance calls for himself or you're dealing with organized criminals who want to use your telephone system to route international calls at your cost, the result is the same: your phone bill is increased and the money is in their pocket.
Here are five ways to safeguard your SIP network:
- Session Border Controllers (SBCs)
- Monitoring and Alerts Systems
- Strong Password Security and Heavy Encryption
- Turn Off Unnecessary Features and Limit International Calls
- Keep systems Up-to-Date with Patches
Developed explicitly for voice traffic, session border controllers act as gatekeepers of your network. They have the same built in security features as a standard network firewall.
It is important to secure all VoIP devices and systems that have a configuration interface. This includes: phones, PBXs, IP Phones, Soft Clients, workstations, and other network devices.
Despite some opinions, SBCs are the best edge device for security in VoIP deployments.
When evaluating solutions, enterprises should choose a service provider that proactively monitors and alerts users to any unusual phone activity-- similar to how a credit card company flags non-habitual spending amounts.
Most companies should not get calls after hours or on weekends. If this is happening, an alert to a company's IT department about such activity is necessary.
While less common, it is possible for man-in-the-middle attacks to intercept unencrypted call signaling information and interject fraudulent calls into unsuspecting enterprise networks.
Encryption should be used whenever possible, especially if doing so has no additional cost or performance burdens. IntelePeer offers TLS/SRTP on all of its SIP trunks for no additional fees.
It is widely known that most fraudulent calls originate in the States and end up in countries like Latvia, Gambia, Somalia, and Sierra Leone.
Turning off international calling or limiting the number of available locations to which your company can call is always a smart safeguard.
New system vulnerabilities are detected - in some cases, weekly. Running the newest operating system patches and checking for firmware/software updates can prevent unnoticed weaknesses.
Many PBX manufacturers or resellers recommend specific firmware versions. Be sure to check with them as well.
Why are SIP networks so highly targeted? Simply, that's where the money is.
While there are a number of security precautions to take, smart VoIP providers know to treat their customer's phones like Internet-connected machines --which is what hackers are already doing.
Ensuring that your VoIP provider can offer these basic safeguards can be the difference between expensive fraud charges and none at all.
To find out more about SIP security and which steps you should be taking, download our free tip sheet: Avoiding VoIP Fraud.