VoIP Security

You are here

6 VoIP Security Tips to Protect your Phone System from Organized Crime

In a Press Release, US Senator for NY, Charles Schumer, announced that both businesses and service providers need to take additional precautions against phone hacking.  His office revealed that recent attacks on NY businesses may have links to Al Qaeda. 

As Schumer’s press release notes, this is a matter of phone hackers gaining access to your phone system, and placing expensive international calls on your dime. With over 10 years of experience providing businesses with telephone and internet service we have seen quite a bit of phone hacking. We have organized here a list of techniques we have developed to assist our customers in preventing phone hackers from stealing expensive international minutes. 
 
  1. Gratuitously Block Expensive Destinations
     
    If you are a Monmouth Telecom customer, you may have dialed an international telephone number and heard the message: 
     
    “This number is currently blocked. Please call your service provider.”
     
    You can eliminate a great deal of risk by simply blocking calls to all international locations. If you make calls to a particular country, then block all international calls except for that country. This will result in the occasional need to call your service provider to unblock a country that you need to call, but isn’t this small inconvenience worth the provided safety?
     
  2. Monitoring Traffic for Anything Out of the Ordinary
     
    Keeping an eye on traffic is critical. Monmouth Telecom develops traffic benchmarks for all of our customers during normal circumstances and set off alarms when traffic appears out of the ordinary. Examples of out of the ordinary could include:
     
    • Calls to destinations that have never been called before
    • Calls during times where calls usually do not occur
    • More concurrent calls than normal
     
  3. Shoot First Ask Questions Later
     
    Better safe than sorry. These fraudsters can rack up a lot of money very quickly. If fraud is suspected shut the traffic down and block calls until you can verify exactly what is going on.
     
  4. Utilize the Latest Cryptographic Features
     
    A lot of hardware and software vendors provide great security features, but they aren’t enabled by default. You need to research the available security measures and enable them.  Examples of these are Polycom and Cisco providing certificate based authentication for their VoIP Phones.
     
  5. IP Whitelisting
     
    This phone hacking is not limited to legacy style phone systems. With Business VoIP Phone Service on the rise hackers have a whole new field of attacks to perpetrate. You can eliminate a lot of potential hackers by limiting incoming connections to a known safe list of ip addresses. However this comes at the cost of requiring static ip addresses at all connecting locations. If you do not have static ip addresses, at the very least you can black list large ip blocks outside of the US.
     
  6. Use a Cloud Based Phone Service Provider
     
    There is a fundamental problem with a premise based phone system.  The business owner is responsible and financially accountable for a complex telephone system that they:
     
    • Did not configure
    • Have no expertise in maintaining
    • Have no interest in acquiring expertise to maintain
     
    This is a recipe for disaster and hackers have been taking advantage of it. With Software-As-A-Service, you have the developer and maintainer of the service responsible for the security. This moves the responsibility and accountability for the security of the system to the people with the most pertinent expertise.
     
With the world moving to cloud based services like Hosted PBX, the service provider’s motivation will increasingly be security minded. Above all else this will reduce the amount of low hanging fruit available for the phone hackers.
 
What high level security techniques do you employ? Leave insight in the comments below!

Comments

A good argument for Hosted IP/PBX, especially for small businesses that don't have the time and expertise to properly secure their systems. The provider is in a better position to secure their systems. Of course many enterprises will still host their own premise based systems and need to follow the guidance you give in the article. Of course there are solutions for this - see www.securelogix.com.

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

Monmouth Telecom

Founded as an Internet Service Provider in NJ in 1995, Monmouth Telecom has grown to offer a complete set of innovative and economical Business VoIP Phone Services and Business Internet Services.  We were NJ's first Internet Service Provider turned Telephone Company in 2000 and in 2006 we began providing businesses with increased functionality using VoIP. Learn more about Who We Are and how Hosted PBX / Virtual PBX is changing the face of business telephone service.

Contact Us

Receive a Free Consultation
877-MONMOUTH
877-666-6688
sales@monmouth.com

Customer Service
732-704-1000
customercare@monmouth.com

Technical Support
Primary:     732-704-9000
Secondary: 732-704-1400
noc@monmouth.com

Full Contact Information

Monmouth Telecom on FacebookMonmouth Telecom on TwitterMonmouth Telecom on LinkedInMonmouth Telecom on YouTubeMonmouth Telecom on Google Plus

Locations

Headquarters

10 Drs James Parker Blvd
Suite 110
Red Bank, NJ 07701

Key Data/Switching Facilities

12 N 7th Street
Camden, NJ 08102

165 Halsey Street
Newark, NJ 07102

423 Washington Av
Pleasantville, NJ 08232

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer