As reliance on unified communications, or UC, continues to grow across businesses large and small, so does its importance. Keeping your UC infrastructure secure is a fundamental part of the equation.
Like all security, unified communications security requires a multilayered approach to be effective. If you've outsourced your UC to a third-party provider, protection will be its responsibility. But, if your UC infrastructure is managed internally, a general-purpose security infrastructure that consists of a firewall, antivirus protection and password-protected systems may not be enough to guard against many UC-specific threats.
For UC specifically, the focus must be directed at providing security for voice and video applications. These applications all run using the open Session Initiation Protocol (SIP). SIP provides the session setup for voice over IP (VoIP) and video sessions, which run using the Real-Time Transport Protocol. The session border controller (SBC), meanwhile, is the infrastructure component responsible for setting up and running the VoIP and video sessions.
In years past, one would typically rely on a VoIP-aware firewall to provide network security for UC. While such firewalls would be aware of ports used for SIP and be able to stop certain attacks, like denial of service (DoS), many of these firewalls would not be session-aware and thus could not stop more subtle threats.
In recent years, some SBC vendors have integrated SIP-specific security components into their SBCs. These can replace or augment SIP and VoIP security provided by your existing firewall.
Let's take a look at three key unified communications security threats.
1. DoS. It should come as no surprise that there are a number of DoS attacks specifically targeted at VoIP systems. DoS attacks come in several varieties. Some involve flooding the system with requests to stop it from functioning. Other DoS attacks deliberately start and then paralyze sessions through actions like failing to complete protocol handshakes or by mangling the protocol.
Other attacks include call flooding, message flooding, malformed messages and disruptive signaling.
2. Theft of service. The flip side of the DoS coin is theft of service. Where DoS in action is quite evident, theft of service is not -- at least not right away. In fact, you might not even know it is taking place unless your system has usage-based billing.
Here, attackers pose as legitimate users to exploit your UC system for their own purposes. This is a modernized version of the old PBX long-distance calling hack. Then, long-distance calls were expensive, and free calling was the focus. Now, long-distance calls are no longer expensive, so the focus is typically on illicit and illegal calls.
Once inside your system, the hacker can make scam phone calls. If those on the receiving end report the calling phone number to the authorities, it leads back to your company rather than to the actual hackers. This could create trouble for your company and could, at a minimum, become a big headache as you try to prove to the authorities that your system was hacked.
3. Hacking tools. Publicly available hacking tools can be used from both outside and inside your network to cause problems. While some were initially designed as legitimate ways to audit VoIP environments, they can be used maliciously to compromise your system. SIPVicious is one such tool; the software has been around for years and is available for download from GitHub.
The SIPVicious program suite consists of multiple tools -- among them are svmap, svwar and svcrack. The first can be used to scan your network and identify the addresses of SIP servers. Svwar can identify working extensions on a PBX, and svcrack is used to crack passwords on registrar servers and proxy servers.
These attacks are only a few of the many unified communications security threats facing UC systems today. UC-specific security on firewalls, SBCs and other systems is a must. Even if UC and VoIP security don't seem to get as much press as threat scenarios such as ransomware, it's important to remember that attacks on UC components can cause significant problems if they are not detected and terminated.