How to Address VoIP Security Challenges

With security being a major concern among businesses of all sizes, IT staffs are continuously working to identify vulnerabilities in their systems. Recently, Voice over Internet Protocol (VoIP) phone systems have been identified as possible sources of significant security challenges for organizations. Here are the top security challenges you face with a VoIP deployment, and how the move to Hosted VoIP mitigates them.

The Security Risks of VoIP

When VoIP first came to the market, few people worried about security. Enterprises were more concerned about its quality, reliability, functionality and especially, the alluring low cost.

Now that VoIP is part of mainstream technology, security has come to the forefront. Because VoIP shares critical infrastructure with the traditional Internet protocol (IP) data network, it automatically inherits all of the data network’s security vulnerabilities. In addition, VoIP has its own security issues that arise from the new network protocols and components that it brings to the IT infrastructure table.

When you put VoIP in place without considering security, critical and privileged business conversations are routed over multiple ISP networks and Internet backbones. Security protection is minimal, making you vulnerable to a number of security threats that can bring down your VoIP network, or even your entire business.

“Phreakers,” as telephone hackers were dubbed long ago, have existed since the early 1970s. Some phreakers are hobbyists, simply seeking free long-distance phone service. Others have criminal intentions such as stealing sensitive voice communications or perpetrating identity theft. Either way, you need to be careful. Here are the top VoIP security issues your business should keep in mind:

• Call Fraud: When unauthorized people hack into your VoIP system and take it over, you lose time and money to call fraudsters. These phreakers make illicit long-distance calls that rack up your expenses and steal employee names, passwords, phone numbers and other information to access private accounts and billing information. This kind of fraud can result in identity theft and even corporate sabotage.
• Malware and Viruses: Through VoIP handsets – also called “softphones” – viruses and other types of malware can hijack your VoIP system, allowing them to send spam and other malicious data to your users, or to steal or destroy corporate data. Viruses can also trace users’ keystrokes to gain credit card and other financial data.
• Denial of Service (DoS) Attack: This attack occurs when hackers flood your network server and eat up all of the available bandwidth, preventing incoming and outgoing VoIP calls. The cybercriminals can also use this attack to gain remote control of important servers within your IT environment and steal sensitive business and customer data.
• Call Hijacking: This type of attack sends “noise packets” to VoIP calls, harming the quality, delaying voice signals and even completely dropping calls. Cybercriminals can even intercept VoIP calls by altering the encryption key of a call’s digital signature. By doing so, your VoIP servers are tricked into believing that the call is still going on while the hacker does serious damage to the network.
• Man-in-the-Middle Attacks: VoIP is especially vulnerable to these types of attacks, in which a phreaker intercepts call-signaling SIP message traffic and tricks the server into thinking he or she is a participant on the call. Once the phreaker has this kind of access, he or she can hijack calls via a redirection server and eventually penetrate your business’ IT environment.

Covering All Your Vulnerabilities

Although the above security issues won’t be completely eliminated, you can significantly decrease them if you decide to trust a third-party VoIP provider with maintaining and managing your network with Hosted VoIP. Note: of course you could do all these things yourself if you’ve installed an on-premises VoIP system. But would you have the necessary staff and expertise to do them all – and do them all well? That’s the question you need to ask yourself.

Here are some of the safeguards that a leading Hosted VoIP provider will put into place to protect you.

• Virtual Private Networks (VPNs): Your business most likely already uses VPNs to secure any business communication or transaction that goes out over the Internet. It’s important to provide the same protection for the VoIP network itself to protect yourself from lurking phreakers.
• Multiprotocol Label Switching (MPLS): A step above public VPNs, MPLS networks are private IP networks that segment your voice traffic from other types of traffic, dedicating bandwidth to ensure high-quality communication. This is especially attractive to businesses that want to secure their voice communications more rigorously while boosting quality.
• Encryption: Encryption is not a magic bullet. But it is an initial – and necessary – step to take to protect your VoIP network against phreakers and hackers. A leading VoIP provider will have a strong encryption mechanism in place for all of your VoIP calls. Although this encryption won’t protect you against more sophisticated attacks, it at least makes your data useless to anyone who steals it.
• Authentication: Most of today’s VoIP systems are protected by usernames and passwords. But password authentication – also called a “two-way handshake” – is very weak and easily exploited by phreakers. A different security mechanism, called Challenge-Handshake Authentication Protocol (CHAP) – also called a “three-way handshake” – uses a three-step process to determine the legitimacy of a particular user making a call. CHAP prevents fraudulent calling by either granting or denying access to the call based on whether the encrypted messages coming from both sides match. A leading Hosted VoIP provider will have these strong authentication methods in place.
• Antivirus Software: Remember, VoIP handsets are vulnerable to viruses and other dangerous malware. Leading Hosted VoIP vendors offer antivirus protection – known as unified threat management software – as an integral part of their solutions.
• Deep Packet Inspection (DPI): DPI is an important security mechanism that leading Hosted VoIP vendors use to identify and block dangerous or unauthorized data from entering the VoIP network. VoIP providers also use DPI to improve network performance and prevent peer-to-peer abuse that may result from VoIP fraud.
• Patches and Updates: It’s not uncommon for businesses to not realize that VoIP systems require the same security updates, patches and maintenance as other software systems in their IT environments. Leading Hosted VoIP providers take over the tedious task of keeping your VoIP system updated with the latest patches and upgrades, ensuring that you don’t have any glaring vulnerabilities.
• Monitoring: Real-time monitoring is an essential part of protecting your VoIP network. Monitoring identifies when you’re under attack or have been breached. A Hosted VoIP vendor should have sophisticated monitoring tools and applications to indentify these situations.

In Summary

Security is quickly becoming the primary concern of many businesses. Protecting your VoIP network against phreakers and other hackers must be a business priority. Moving to a Hosted VoIP solution can be one answer – allowing an expert third party to handle the security burden can save you and your staff valuable time and resources, as well as allow you to sleep at night.

See how CenturyLink Hosted VoIP can help improve your workforce efficiency.

Learn More