8:00 AM
voipworlds.blogspot.com
There have been a slew of reports lately about VoIP being misused by criminal elements. This is hardly surprising given that even with the low cost of VoIP, talk time is still a valuable resource and is therefore a target for criminals. The modus operandi is to compromise businesses VoIP servers in such a way that hackers can use it to make free VoIP calls all over the world. At the end of the month, the business is usually hit with a massive bill that can run into hundreds of thousands of dollars!
The reason why these attacks succeed is because many firms are yet to take VoIP security seriously. Most businesses think it won't happen to them and so they don't take even basic precautions. One of the easiest ways for hackers to gain access to the servers is by using brute force attacks that focus on simplified or even non existent passwords. One is always surprised by the number of businesses who don't have a password management policy in place.
Most VoIP systems use the UDP port 5060 for their traffic and this provides attackers with an easy target. They use a procedure known as SIP scanning which searches publicly accessible spaces for weak and vulnerable servers.
One of the problems is that they typically conduct their activities from countries outside the United States and are therefore beyond the jurisdiction of law enforcement officials. There's not much that can be done to catch the culprits and this makes the entire situation even more dangerous. There have been instances however, when VoIP providers have reduced the bill when it's apparent that accounts have been hacked.
Other security measures can include enforcing limits as to how many calls can be made from a certain account within a specific time period as well as perhaps not allowing calls to or from areas and countries where the company doesn't do business with. Each firm will have to devise its own techniques to deal with the security situation depending on their specific needs.
As more and more businesses adopt VoIP, these security practices will become standard and will in fact be recommended by the VoIP providers themselves both for their own security as well as to ensure that customers don't suffer. But even now, all it requires is an understanding that VoIP systems require as much protection and security as regular computer systems.
Bhagwad is an expert consultant on Small Business VoIP. He also specializes in HD Voice Systems.
0 comments:
Post a Comment