Five tips to prevent VoIP eavesdropping - Integrated Telemanagement Services - ContactCenterWorld.com Blog
Eavesdropping is the intentional act of secretly listening in on a conversation, usually not for the best of intentions. Although today the act also includes VoIP telephone systems, it’s not a recent trend. As exemplified by the SIPtap attacks of 2007 and the Peskyspy trojans of 2009, cybercriminals have had their eye on VoIP ever since it was introduced to the market. Here are five tips to combat VoIP eavesdropping:
Never deploy with default configurations
Everyone wants to get things rolling as quickly as possible, but this often results in VoIP phones being deployed with their default configurations. You don’t want to do this because it allows the bad guy to search vendor documentation. Depending on your VoIP solution, you should have the option of changing default handset configurations. Otherwise, you’ll need to come up with a manual process to change phone defaults when you roll handsets out to your employees.
Listen to your handset vendors
An ideal example of VoIP handset vulnerabilities happened in 2015, when Cisco detected vulnerabilities in IP phones which enabled an unauthorized attacker to listen in on phone conversations. If it weren't for those security alerts, several companies could have found themselves victims of VoIP eavesdropping. The lesson learned here is you must regularly monitor advisories from your hardware vendor. Without proper monitoring, you won’t know how susceptible your corporate VoIP phones are to being eavesdropped.
Update session border controllers
Another tactic to combat VoIP eavesdropping is to constantly update your session border controllers (SBCs). By doing so, you’ll be updating your VoIP’s antivirus software; because cyber threats are constantly evolving, your security products should as well. Routine SBC updates are essential for secure SIP trunking as well as responding to new threats.
Encrypt VoIP calls
Many cloud VoIP providers offer call encryption guidelines, and some even offer it as a premium service. If you work in a regulated industry like healthcare or finance, encrypting VoIP calls are essential to staying compliant. Work with your VoIP provider and auditors to determine the best encryption options for your communications infrastructure.
Build a hardened VoIP network
Another method to fend off VoIP eavesdropping is to build a hardened VoIP network that includes:
- IP private branch exchange (PBX) using minimal services so that the hardware can only power the PBX software
- Firewalls with access control lists set to include call control information
- Lightweight Directory Access Protocol lookup, and signaling and management protocol
- Reinforced end point security with authentication at the endpoint level
In order to effectively combat VoIP eavesdropping, businesses need to take a holistic approach. This includes policies, deployment, as well as security practices to ensure malicious agents are unable to tap into your calls. Feel free to contact us for further information on how to protect your business.
Publish Date: April 27, 2017 5:00 AM
2020 Buyers Guide Recruitment Products/Services
|2.)||TactiCall Recruitment Services|
TactiCall Recruitment Services
Temporary / Labour Hire / Contingent and Contract Hire
Recruitment Consulting Services
Assessment Centre Design and Facilitation
PH: 07 3831 6333
View more from Integrated Telemanagement Services
Recent Blog Posts:
|Unified communications defined||January 13, 2020 5:00 AM|
|Your future is with VoIP telephony systems||December 25, 2019 5:00 AM|
|TDoS: An attack on VoIP systems||December 4, 2019 5:00 AM|
|What is VoIP theft of service?||November 18, 2019 5:00 AM|
|How CRM boosts business revenue||November 12, 2019 5:00 AM|
|What you need to know about your VoIP’s QoS||October 30, 2019 5:00 AM|
|VoIP tips to get ready for the holidays||October 15, 2019 5:00 AM|
|Tips and tricks for collecting customer data||October 9, 2019 5:00 AM|
|3 Things to consider with virtualization||October 2, 2019 5:00 AM|
|3 Cloud service models for your business||September 24, 2019 5:00 AM|