3 Security Flaws to Avoid When Provisioning a SIP Trunk
The same security concerns that you have for the data on your computer are the same ones that you should worry about for your SIP trunk.
Toll fraud was a threat for traditional TDM trunks which also exists on SIP trunking. And since your SIP trunk is on an IP network it opens up the possibility for a DoS (denial of service) attack.
DoS attacks are initiated by hackers who flood your network and bandwidth with information preventing or, denying, you internet or email access.
A layered security solution at the enterprise edge is the best strategy for safeguarding your SIP trunk.
Using multiple layers of protection instead of relying on a single device or one specific software feature to ward off threats is a better strategy to ensure that your SIP trunk traffic is routing correctly and applying verification and authentication policies; thereby reducing the possibility of attacks.
Here are three security flaws to avoid when you’re provisioning a SIP trunk.
Using Only a Firewall to Prevent DoS Attacks
You can’t rely on just a firewall to protect your SIP trunk from a DoS attack.
They should be used to complement your line of defense to help withstand attacks and make it harder for someone to initiate one.
Firewalls are useful as a foundation for recovering quickly from an attack and for protecting your LAN from being breached.
Not Changing SIP Listening Port to a Non-Default Setting
The beauty of SIP is that it’s a commonly used protocol for communication and media.
The downside is that its prevalence makes it an easier target for hackers.
Hackers can find your default SIP listen port to initiate toll fraud and leave you stuck paying the bill for calls that you never made.
If you change the SIP listening port to a non-default setting (may require service provider assistance) you can protect yourself against a large number of hacker attacks.
Use the Same Toll Fraud Protection as Your Old TDM Trunk
Making unauthorized calls from your SIP trunk by someone inside or outside your organization is just as possible as it was to hack into your old analog TDM trunk.
The risk is the same so be sure to take the same measures to protect your SIP trunk from toll fraud as you did your TDM trunk.
One simple way to reduce toll fraud is to password protect toll free numbers and international calls so that access is restricted by having to enter a password before the call is made.
Even with security measures in place you’ll want to keep an eye on your SIP trunk by using an intrusion detection system (IDS) that can automatically alert you when an attack is in progress.
The are other security steps that you can take but if you start with a few simple ones first and remain watchful you’ll be on your way to protecting your identity, the privacy of your conversations, and the stability of your network.