As Halloween season is far behind us, we don't mean to scare you. But we do mean to keep you on your toes and aware as possible. So beware--VoIP networks are vulnerable to many forms of common network attacks and devices that support these infrastructures are also vulnerable to similar issues. So go ahead and grab someone you feel safe with and turn on all the lights; this can get scary as we present to you the 6 most common ways to suffer a VoIP attack.
Even if you take every precaution, your server is still susceptible to attacks. Security is always in a struggle with convenience. Many changes that make systems more secure also make them less convenient. You’ll need to find a happy medium between secure and convenient; always keeping in mind what that convenience could cost you. We hope this post will in assist in giving you direction to prevent the majority of attacks and mitigate loss if for some reason, your security does fail. Security failure? Now that's scary. You don't want that!
Here are six common ways to suffer a VoIP attack:
1. SIP Scan and Bruteforce – SIP Scan and Bruteforce breaches occur when SIP-enabled targets using INVITE, REGISTER, and OPTIONS signal messages to enumerate valid SIP usernames with the goal of hijacking that device.
2. TFTP attacks – The infrastructure systems are the backbone of voice communication. These appliances, whether hardware or software, can be attacked much like any other technology with a TCP/IP stack can be attacked. For example, a vulnerable Cisco router running TFTP is not much different than a Cisco IP phone running TFTP. Both devices are vulnerable to all attacks that fall under the TFTP umbrella.
3. Phone vulnerabilities – Phone vulnerability remains one of the easiest ways for fraudsters to gain access to your network but it is also one of the easiest counter measures used as well. Regardless of your phone manufacturer, any type of hard phone comes with security issues. One security issue is when the manufacturers default username and password are not changed. This is the simplest way for fraudsters to anonymously gain access to your network. Simply changing the manufacturers default username and password credentials will help you prevent these types of attacks.
4. Signaling Attacks - Session Initiation Protocol (SIP) has become the call control protocol of choice for VoIP networks because of its open and extensible nature. However, the integrity of call signaling between sites is of utmost importance and SIP is vulnerable to attackers when left unprotected. Secure SIP is a security mechanism defined by SIP RFC 3261 for sending SIP messages over an encrypted channel. Secure SIP is an optional item for SIP user agents but more SIP-based endpoints provide it. Network administrators should take a look at implementing this technology within their SIP-based networks to gain from the added level of security that Secure SIP can provide.
5. PBX web interface vulnerabilities - Other areas you will want to lock down are PBX and Administrative Interfaces as well as Shell Access. Administrative interfaces (such as Webmin or FreePBX/Trixbox GUIs) as well as direct shell access (SSH or telnet) are potential security holes that need attention. The easiest way of handling security for these is to block any and all outside traffic from getting to them (or disable them completely if they’re not used). Whether that’s through interface binding or firewall/ACL is up to you. Be aware, this can cause issues whenever attempting to manage/fix issues from remote locations but you should be able to work around this by setting up a VPN to your internal network. At the very least, you should block everything except specific IP addresses that you frequently manage your system from into an “allow list.” Regardless of whether or not you are blocking these interfaces, you should also have a secure username/password for everything. These should include the standard uppercase, lowercase, numbers, and symbols.
6. User Extensions - One of the more common ways of breaking into a switch is also the simplest; namely, attacking a user extension on the phone system. The ‘hacker’ somehow gets the username and password of a user/extension on your switch and begins sending traffic. The most prevalent root cause is insecure passwords. The great thing about SIP user passwords is that you should really only need to type it in once (during the customer setup). Using passwords that you can remember is typically not the best thing to do. Especially if the password is the same as, or similar to the extension or username (for example, extension 1000 has username=1000/password=1000). The best thing to do is use an online random password generator (or let your pet or children walk on the keyboard). Using randomly generated passwords greatly decreases the chance of the password being “guessed” by either a brute force attack or possible social engineering attack.
There are some pentesting (short for “penetration testing”) programs and program suites that allow you to test your network and servers (including SIP specific ones) available on the internet. These could help you find exactly where you’re most vulnerable and help direct your focus when attempting to secure your network. But take note--Using these programs on servers that are not yours can be construed as a break-in attempt; this is at the very least discourteous but could attract legal trouble so be aware.
Once your security is set, knowing what’s going on in your network is the next big part of the battle. At the very least, daily reporting on usage will give you an idea of what is going on and will save you a lot of headaches in the future. This usage report does not have to be granular but can be a snapshot to guide you in understanding your security holes. VoIP security definitely must have a proactive approach to be successful. If you would like to try an online random password generator click here. Hope we didn't scare you too much, but if so, it's only for your own good! Be safe out there...