INGATE

SIP Trunking Featured Article

October 12, 2009


Ingate on VoIP Theft: Layered Security, Common Sense Are the Best Protections


By
SipTrunkingReport Editor

VoIP theft – a problem that some say can total as 200 million stolen minutes per month – has emerged as a problem mainly for service providers, the president of Ingate Systems told TMCnet in an interview.


 

According to Steven Johnson – whose company develops firewall technology and products that enable SIP communications for the enterprise while maintaining control and security at the network edge – customers who see that they’ve been billed for phone calls they didn’t make simply will refuse to pay.

 

“The customer will say, ‘Gee, we never called Indonesia,’ and refuse to pay basically,” Johnson said. “It becomes a big issue for service providers because they have to pay whatever carriers there are between here and there, and they’re not getting any revenue on their side.”

 

One major cause of VoIP theft, Johnson said, is when people who install open source PBXs bother to change default settings for passwords and user names.

 

“So that if they go in with a user name of ABC and password of 123 and that’s how the PBX is delivered, it never changes,” Johnson told TMCnet. “Once someone figures that out, it becomes easy to hack into a system and hijack it for their own benefit. They wait for Friday night and wait to hack into a service, then make long-distance calls and get off on Monday.”

 

Businesses involved in IP telephony must education companies on those basic points, Johnson said.

 

“What we’re delivering, a PBX, is really like any other server on a network, and it would be v surprising to me if someone had an Oracle server or acting server or email server and left themselves completely wide open to the public Internet,” Johnson said. “And yet people are very willing to do this with a PBX. We see the phone system as the lifeblood of a business, so it’s surprising to see that level of carelessness, because it does have the potential of having things stolen from it.”

 

For Johnson, in addition to changing passwords, companies also should consider installing a session border controller – or “SBC” – and a firewall, to prevent hacking.

 

“We strongly believe that even if PBXs are strongly designed with built-in capabilities, it’s important to take a layered security approach,” he said.

 

 

It was a subject that one cyber security insider addressed recently at ITEXPO – an event that will take place again from Jan. 20 to 22 in Miami.

 

Typical VoIP sales pitches do not address critical issues of security, and problems such as the theft of IP telephony minutes often are swept under the carpet and go uncovered by mainstream media outlets, according to Paul Henry, a security analyst and consultant at central Florida-based Forensics & Recovery LLC

 

Companies that promote and sell VoIP services are short-cutting security to provide widely desired cost-savings, Henry said.

 

“Dropping VoIP in on top of network infrastructure is suicide today,” he said. “Yes, it can be simply layered into an existing network, but you are leaving yourself wide open to a myriad of issues. The ideal way to deploy it is on a dedicated network with a separate infrastructure. But all that new gear eliminates any possible savings.”

 

Some VoIP threats do not yet hit the United States as hard as they’ve hit other parts of the world, Henry said, include “VoIP Phishing,” which takes a VoIP construct and sends out an e-mail asking recipients to call a local number to correct some sort of falsified problem, as well as “SpIT” – or “Spam over Internet Telephony,” which will work like regular spam except that instead of a text message sent through e-mail, victims will receive unwanted phone calls.

 

Johnson said he hasn’t heard as much about problems such as VoIP phishing and SpIT as he has about VoIP theft.

 

Mostly likely, there are not enough residential VoIP subscribers in the United States to make that kind of massive attack worthwhile to cybercriminals, Johnson said.

 

“I know VoIP is coming up the curve, but probably at this point there isn’t enough of an installed base,” he said. “It is, again, something that a true SBC can prevent because we can block addresses and look for those anomalies of people looking to do that kind of thing before it got into your company.”


Michael Dinan is a contributing editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To read more of Michael's articles, please visit his columnist page.

Edited by Michael Dinan
Loading
Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner


Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.