The number of end points continues to increase dramatically. As such, they are drawing the attention of hackers globally. Just as smartphones using Apple OS and Android are attracting the attention of hackers, as noted with the increase in benign and malicious phone apps, so too has the IP community become a target. In addressing this increase, service providers must work in conjunction with their sales channels and customers to make every effort to prevent or minimize the exposure.
Dan York completed a book earlier this year, the "Seven Deadliest Unified Communications Attacks", to provide a better understanding of the types of attacks, risks involved and actions a business might take. This is his list of the deadliest attacks:
1) The Ecosystem: Unified Communications (US) integrates voice, video and data to provide for true presence, collaboration and transparency of location, time and method of interaction. The IP ecosystem includes the obvious IP based equipment (phones, PBXs, routers, etc.) but the ecosystem also includes applications that we use every day (email, search tools, document creation, database access, etc.). The transition from TDM to IP exposes voice and video applications to the same security challenges that data has always faced.
2) Insecure Endpoints: Hackers cruise the Internet looking for open/insecure access points into a network. IP Phones, routers, IP PBXs all require increased vigilance. Just as the smartphone is integrating the functions of a computer and wireless phone, IP Phones have security issues. IT management needs to apply similar methods and procedures for insecure endpoints as they always have for access to business IT networks and applications. IT must formalize efforts to control and strengthen passwords, usage, certified devices, patch management, etc.
3) Eavesdropping/Modification: as always, the easiest place to listen in on conversations or alter information is within the enterprise or business. These man-in-the-middle style attacks are both the most difficult to prevent, occur the most often and result in the greatest loss of money/value. Certain activities such as instant messaging and social networking traffic increase this risk.
4) Control Channel: This vulnerability leads to toll/international calling fraud, fuzzing, and spam. Denial-of-service attacks may also be a consequence of a hacker gaining access to the control channel.
5) SIP Trunking and PSTN Interconnection: Authenticate of traffic that crosses from legacy to IP networks and vice versa is important. Although, the authentication effort lies mostly with the service provider. Dynamic registration improves the mobility of the user but increases the exposure to hackers.
6) Identity/Spoofing: It is possible to spoof/change Caller ID information on IP connections resulting in phone phishing misleading recipients into providing potentially confidential information. Interestingly, certain businesses actually request DID spoofing in order to hide their identity (credit collections is an example) and they do so without concern to the ethical issues. Both types of spoofing require changes in approval processes and access.
7) The "end of geography": Perhaps no such much the end of geographical limits but the expansion of potential victimization. A business can implement a very secure environment and then have it all exposed due to a connection to a partner is not secure. Dan York's thoughts relate to "the sheer proliferation of endpoints, in both number and type..."
Mr. York has created a website for the book. If you can, take a few minutes to see if this information can improve your practices or those of your customers.
See you on Friday.