Defending your Telephone System against SIP Toll Fraud

There is a growing threat of SIP based attacks on Telephone Systems when they are connected to the internet. These attacks can result in loss of services or fraudulent use of SIP or telephone lines.

Most SIP attacks are attempts to log into a phone system by pretending to be an authorized SIP device (physical or software based phone). The attacking software attempts to hack an account by quickly scanning through a large range of phone numbers until it gets a positive response. The Samsung OfficeServ always rejects invalid SIP Registration messages, but as the system must respond to these messages the malicious software will continue to attack the system – even to the point where it appears like a denial of service attack.

Malicious software masquerading as a SIP Phone cannot register with a Samsung OfficeServ system when the OfficeServ does not have a license for SIP devices, and attacks on an OfficeServ system with SIP device licenses are unlikely to succeed as the attacker must guess both the user ID and the password. However, it is technically possible for a persistent attacker to succeed in registering with the telephone system.

Therefore, like any application that is exposed to the internet, measures need to be taken to protect your telephone system from these attacks. The best way to protect it is to filter out malicious traffic before it reaches the system.

1.      Ensure you have anti-virus and anti-malware software installed with current subscriptions and updates on all of your computers. If you are running Windows on your computers, ensure all current updates are installed.

2.      Use ‘complex’ passwords and change them regularly. Don’t use simple passwords that can be easily guessed. Always use a combination of numbers and letters and never leave your password in obvious places on or near the computer.

3.      Protect your site with a hardware based firewall. Intruders are constantly scanning networks for known vulnerabilities. Firewalls can provide some degree of protection against these attacks. However, no firewall can detect or stop all attacks, so it’s not sufficient to install a firewall and then ignore all other security measures.

4.      Restrict access to your phone system with IP address restrictions and VLANs. If possible deploy your IP PBX on its own VLAN, and only allow VoIP traffic on that VLAN. If you need to have remote extensions connecting on Port 5060, then use static IP addresses remotely and add them to the access list on your firewall.

5.      Minimize web access to your PBX. If your PBX supports web admin interface don’t make it available over the internet if possible.

6.      Check your logs regularly. Many fraudsters make a small number of calls over an extended period. If you see calls to Nigeria and you aren’t in the oil business, something may be amiss.

7.      Don’t give out sensitive information to just anyone. You should already be aware of phishing scams, in which fraudsters try to trick you into giving them your username / password / bank account details. Those same people exist in the voice world. If someone calls asking you for your voicemail password or password for your IP Phone, make sure you verify who they are before giving them anything.

8.      Be aware that some free software SIP Clients for Smartphone’s have been known to collect User ID’s and passwords and then pass this information back to fraudsters.

9.      Make sure your Smartphone’s have Anti-Virus and Malware software installed and loaded with all updates.

As a company, you are responsible for maintaining the security of your telephone system. In some instances your carrier may alert you to possible security breaches, but it is not responsible for the security maintenance on your system. Likewise eCommunications, the Samsung Communications Centre for Melbourne is limited to advising you of the possible threat and ways in which you can better protect your Samsung or Alcatel Telephone System.

No responsibility will be taken by eCommunications should your PABX become compromised and you will be required to pay any charges generated as a result.

If you are concerned about the security of your telephone system and would like a Samsung or Alcatel Telephone Technician to consult with you further on securing your PABX, please email our Service Department on service@samsungcentre.com.auor call 1800 333 033.