SIP security best practices: Five ways to secure your SIP

Jan 10, 2017

3 minutes

Toll fraud has very clear, direct, and immediate cost to an enterprise’s bottom line.

According to the Communications Fraud Control Association (CFCA), 2015 global telecom annual fraud losses were estimated at $38.1 billion. By comparison, the worldwide losses from credit card fraud during a similar period was only $16.31 billion.

Whether an attacker is attempting to get free long distance calls for himself or you’re dealing with organized criminals who want to use your telephone system to route international calls at your cost, the result is the same: your phone bill is increased and the money is in their pocket.

Here are five ways to safeguard your session initiation protocol (SIP) network:

Session border controllers (SBCs)

Developed explicitly for voice traffic, session border controllers act as gatekeepers of your network. They have the same built in security features as a standard network firewall.

It is important to secure all voice over internet protocol (VoIP) devices and systems that have a configuration interface. This includes: phones, private branch exchange (PBX), IP Phones, Soft Clients, workstations, and other network devices.

Despite some opinions, SBCs are the best edge device for security in VoIP deployments.

Monitoring and alerts systems

When evaluating solutions, enterprises should choose a service provider that proactively monitors and alerts users to any unusual phone activity– similar to how a credit card company flags non-habitual spending amounts.

Most companies should not get calls after hours or on weekends. If this is happening, an alert to a company’s IT department about such activity is necessary.

Strong password security and heavy encryption

While less common, it is possible for man-in-the-middle attacks to intercept unencrypted call signaling information and interject fraudulent calls into unsuspecting enterprise networks.

Encryption should be used whenever possible, especially if doing so has no additional cost or performance burdens. IntelePeer offers transport layer security/secure real-time transport protocol (TLS/SRTP) on all of its SIP trunks for no additional fees.

Turn off unnecessary features and limit international calls

It is widely known that most fraudulent calls originate in the States and end up in countries like Latvia, Gambia, Somalia, and Sierra Leone.

Turning off international calling or limiting the number of available locations to which your company can call is always a smart safeguard.

Keep systems up-to-date with patches

New system vulnerabilities are detected – in some cases, weekly. Running the newest operating system patches and checking for firmware/software updates can prevent unnoticed weaknesses.

Many PBX manufacturers or resellers recommend specific firmware versions. Be sure to check with them as well.

In summary

Why are SIP networks so highly targeted? Simply, that’s where the money is.

While there are a number of security precautions to take, smart VoIP providers know to treat their customer’s phones like Internet-connected machines –which is what hackers are already doing.

Ensuring that your VoIP provider can offer these basic safeguards can be the difference between expensive fraud charges and none at all.

Knowledge is power.

Subscribe to the IntelePeer newsletter and you’ll receive monthly educational content on how to streamline communications and operations with customer service automation.