Last weekend I read this interesting article of Kevin Riley (Sonus’ Vice President of Engineering and Chief Technology Officer) about SIP security.
With network-based attacks on the rise, enterprises need to rethink their unified communications security strategy.
Toll fraud and data breaches cause billions of dollars in damages to businesses each year, and the losses are growing as more criminals find big profits in network exploitation. The crimes themselves are well chronicled in the media from data breaches at healthcare, financial and retail companies, to hacked phone networks of small firms. In today’s connected environment, no one is immune from the risk of fraud or theft caused by a compromised network or unsecure communications.
A look at recent statistics shows the problem is getting worse. According to the 2015 Cyberthreat Defense Report, healthcare companies experienced a 60% increase in security incidents last year. At power and utility companies, the rise is staggering with 527% more attacks than in 2014. But there are clearly ways to address this upward trend, as technology companies actually saw a 17% decrease in the number of security incidents last year.
Companies can stop the rising tide of fraud, data theft and other network-based attacks by getting smart about their network security. The reason that many businesses are successfully attacked isn’t a lack of security measures — enterprises spend a significant portion of their IT budget on security solutions — but a lack of understanding about what and where to protect.
For example, in the new network landscape:
- Security attacks are increasingly targeting mobile devices as well as servers;
- Approximately half of all security attacks happen on the inside (i.e., within the network safety zone); and
- The vast majority of attacks can be traced to less than a dozen unique attack patterns.
One of the big areas where businesses need to reconsider their security strategy is around real-time unified communications such as voice, video and text/instant messaging. The cost of not taking voice security seriously can add up quickly. Stories continue to emerge like the small businesses owner who returned to work on Monday to find $100,000 in illegal toll charges over the weekend — fees that, not incidentally, businesses are often contractually obligated to pay.
The reality is that any communications application or device that uses Session Initiation Protocol (SIP) and is connected to a public network is a candidate for fraud or attack. Businesses need to look at securing SIP-based mobile access networks and ensure that mobile devices themselves are protected and policed in the event of theft, disposal or employee dismissal.
So what steps can businesses — and, by extension, the service providers that offer communications as a service — take to secure SIP networks, applications and devices from fraud and attack? Businesses and service providers should follow these five key security practices:
- Create strong security policies and enforce them consistently across offices and devices. Having a centralized policy management layer, preferably in a software-defined networking (SDN) environment, can help businesses execute and maintain these policies more effectively.
- Secure wireless and Internet channels through encryption, virtual private network (VPN) technology, and endpoint authentication. Make sure that your network access devices (e.g., gateways, session border controllers) are equipped to handle heavy encryption loads without sacrificing network performance.
- Detect and identify suspicious/malicious patterns in communications. The key here is to have a solution in place that supports heuristic models of detection so you can spot anomalous behavior as it relates to your own network and act quickly to mitigate attacks.
- Enforce call admission control for each SIP session. Allocating and enforcing network bandwidth for specific endpoints in a SIP session is not only a good way to ensure call quality, but also an effective method to prevent unauthorized log-in attempts on the network.
- Mitigate unauthorized network intrusions by “fencing” your network infrastructure with session border controller (SBC) technology. Deploying SBC technology at network ingress/egress points can prevent hackers from reaching the core network, committing toll theft or compromising network performance once they’ve gained access to the network.
Enterprises need to think differently about communications in an IP-connected world. Sloppy policy management around mobile devices and weak password protection on IP phone systems have made SIP-based attacks a source of “easy money” for criminals. As long as enterprises allow SIP-based systems to be the weakest link in their network’s armor, they will continue to be exploited by hackers.