NYSE: IDT
Products

Discover how our products can revolutionize the way you communicate and collaborate.

Voice

Explore our advanced voice solutions designed to optimize your communication workflows.

Diverse range of DID number solutions designed to enhance your communication capabilities.

Experience unparalleled communication efficiency with our advanced SIP Trunking Solutions.

Cutting-edge technology to proactively detect and neutralize spam flags on your DID Numbers.

Messaging

Wherever your audience is, our platform ensures seamless messaging across diverse channels.

Build customer journeys by fostering interactive conversations, all within the framework of your app. 

Connect with your audience in a simple and effective way through our cutting-edge SMS platform. 

BYOC

Harness the power of IDT as your chosen carrier while leveraging your platform’s advanced features and services.

Integrate Twilio with our robust carrier routing platform to achieve unparalleled Voice termination system.

Experience reliable and high-quality communication services while leveraging the advanced capabilities of Genesys. 

Integrate IDT with the collaborative strength of MS Teams, unlocking efficient and feature-rich communication. 

Experience the power of our carrier network seamlessly connected to Plivo through our cutting-edge BYOC solution. 

Tools

Experience the power of our online voice tools, designed to simplify communication management. 

Ensure the authenticity and integrity of outbound calls with our STIR/SHAKEN Verification Check tool. 

User-friendly tool to verify the reputation of your business number, ensuring that it remains trusted. 

Compare and gain insights into outbound call expenses, optimize budget, and make informed decisions. 

Easily estimate and compare the costs associated with different DID numbers providers. 

Compare inbound VoIP rates among top CPaaS providers and optimize your inbound call costs. 

Learn

Empower yourself with the resources you need to thrive in the dynamic landscape of communication.

Articles covering a wide range of topics.

Get answers to common queries.

Find instructions to make the most of our products.

Find definitions of popular telecom terms.

Explore how our solutions have helped businesses.

Latest telecom trends, innovations, and market insights.

Company

A global telecom partner built to meet your needs. 

Discover the story behind our commitment to delivering innovative solutions to connect people and businesses worldwide. 

Learn about our robust network infrastructure that spans across the globe, ensuring reliable and secure connectivity. 

Got a question, feedback, or need assistance? Our dedicated team is here to help!

Find partners or sign up for partnership programs.

NYSE: IDT
Learn / Blog

VoIP Cyber Attacks & Wholesale VoIP Termination

|
|  4 min
VoIP Cyber Attacks Wholesale VoIP Termination
In this article

Any system that relies on using computers and the internet is bound to raise concerns over the risk of it being subject to cyber attack. VoIP is no exception to this; indeed attacks on systems using the SIP (Session Initiation Protocol) are happening with surprising regularity. 

IBM’s Security Intelligence Group found that as far back as 2016, attacks on SIP systems accounted for around half of all security events detected. This isn’t surprising as SIP is one of the most commonly used communication protocols. 

Understanding attack types:

Attacks on SIP systems are often carried out using specially crafted messages. These can cause servers and other equipment that is vulnerable, by not being up to date with the latest patches, for example, to fail thus leading to system outages and loss of service. 

Using proprietary protocols is no guarantee of safety either. IBM’s study found that the Cisco Skinny Client Control Protocol (SCCP) was vulnerable to attack too, although attacks on this protocol have been declining. Attacks often come in the form of probes, looking for weaknesses that the hackers can later exploit to compromise the system. 

Shared vulnerabilities

By its very nature VoIP routes calls through the same networks as other internet and network traffic. This leaves it open to the same vulnerabilities. Attackers can therefore intercept, capture or modify traffic. They can also launch assaults aimed at denial of service, making the service unavailable for legitimate users. 

It’s also common for hackers to try to steal the VoIP service to make calls on someone else’s account. This is known as ‘toll fraud’. It’s always a popular technology with scammers who are able to spoof caller IDs to make it appear that calls are originating from a legitimate business. This facilitates the launch of phishing or other attacks aimed at perpetrating frauds. Of course, it adds to the scourge of spam calls too. Attackers can also attempt to disrupt a business’ operations by flooding its network with thousands of junk calls originating from automated dialling systems. 

Securing your system

Now that we’ve looked at the nature of attacks against VoIP phone systems, what can you do to keep your system secure and protect it from abuse? There are a number of different techniques that can be applied. 

Protection starts with basic network security. Ensuring that your network traffic is secure helps to secure the voice traffic that it shares space with. Having an effective firewall that is SIP-aware is a good first step. This will protect the network while still allowing incoming calls to get through. 

Increasingly, companies are turning to encryption so that if data is intercepted it is useless to the hacker. This can be done in a number of ways and at a number of levels, but it needs to be applied with care. You can eEncrypt the signalling from your Internet gateway using something called Session Initiation Protocol over Transport Layer Security (SIP over TLS). Depending on your service provider you may find that its switch system does this for you. 

It’s best to apply encryption by segment, user, or device. This is because applying encryption indiscriminately to all traffic is likely to result in added network latency, leading to a slowing down of traffic. In addition, there is the potential to build in un-needed complexity and operational overhead. 

You should also make use of virtual private networks (VPNs). These are particularly useful for establishing network connections from remote phones such as business mobiles using the VoIP system. If HTTPS or SRTP protocols are not available, the use of a VPN to secure connections is even more essential. 

It may sound obvious, but using strong passwords to protect voicemail inboxes is important. Default passwords should be changed straight away to strong passwords. Mailbox passwords should then be changed on a regular basis in line with your company’s policy of changing system login passwords and following similar guidelines with regard to complexity, length, use of characters and so on. Passwords should never be shared, most systems will allow admin access to a voicemail box if required – if someone is on holiday say – without the need to compromise their security. Alternatively, you can ensure that calls are diverted to another team member. 

Still on the subject of voicemail, any sensitive messages should be deleted as soon as users have listened to them. Not storing voicemails in the first place is an easy and effective way of ensuring they don’t fall into the wrong hands. Staff need to be educated to report anomalies as soon as possible. A voicemail message that has been read, deleted or forwarded without the knowledge of the person to whom the box belongs may well be a sign that the system has been compromised. 

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Tags

Meet our wholesale voice routing

Fulfill all your voice calling needs with our category leading wholesale A-Z Voice Termination.
Try IDT Express for a $25 Credit

Get $25 Free Trial Credit

Get IDT Express articles in your inbox

The best source of information in the telecom industry. Join us.

    Most Popular

    What Does “Sent as SMS via Server” Mean
    |
    |  6 min
    We explain what “sent as SMS via server” means –...
    What is SMS Marketing and How to Use it for Your Business
    |
    |  7 min
    We define SMS marketing, and outline best practices and strategies...
    11 Marketing Benefits of Whatsapp Messaging for Retail Business
    |
    |  7 min
    We look at the advantages that the WhatsApp Business messaging...