{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1100px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

A Hacking Threat Vector That Goes Overlooked: Your VoIP Phone System

by Jason Blalock on June 22, 2017
voip phone system

If there's one rule of online crime today, it's that if something is online, criminals are looking for ways to subvert it.  So when developing security systems for a network, it's vital to address every possible vector for attack.  Unfortunately, one key system often goes forgotten during security reviews, and that can mean very bad news for businesses: a VoIP phone system.

It's easy to take a telephone system for granted, but hackers are coming up with new ways to exploit VoIP systems all the time.  The threats presented by phone-based hacking are every bit as serious as other attack types.

Short on time? Download our free guide to buying a new phone system. 

What Hackers Can Do If They Gain Access To Your VoIP Phone System

There are a surprising number of ways a VoIP system can be subverted.  For example:

Toll Fraud:  Having gained access to your VoIP lines, the criminals then become their own private phone company - with you paying the bill.  They'll often even resell your service for their profit.

Spamnets:  Much like how a compromised computer can become part of a botnet spreading email spam, a compromised VoIP system can be used to spread voice spam - potentially even getting you into legal trouble under Do-Not-Call legislation.

Eavesdropping:  Any and all private or confidential information discussed over your phones can be captured and used against you.

Voice Phishing:  Having direct access to your VoIP system makes it easier for criminals to spoof (falsify) calls from seemingly-genuine sources, for the sake of gaining confidential information.

DDOS Attacks:  If attackers want to cripple your business, directly targeting a SIP server is a great way to do it, particularly since they usually don't have robust anti-DDOS protections.

meraki communications

Not to mention, in many cases, gaining access to a company's VoIP system ultimately allows attackers to gain access to other critical systems.  So a VoIP attack also presents all the same threats as any other network\data attack.

It's important to note that these concerns are valid whether you're receiving VoIP from a third party provider, or you run your own SIP and PBX interface on-site.  However, if you're doing everything on site, you're probably at higher risk.

Protecting Yourself From VoIP-Based Attacks

Largely, security for a VoIP system is the same as for any other major part of your network.  The problem is that so many businesses forget to give it suitable protections.  In particular:

1 - Always change the default passwords.

This should go without saying, except you'd be surprised how many businesses don't bother.

2 - Have discrete logins for any admin who controls the system.

Never share usernames and passwords between administrators.  Everyone should have unique credentials.

3 - Deploy anti-virus and anti-malware software.

Yes, there are software packages and network architectures which can provide antivirus protections to your phones too.

4 - Utilize Session Border Controllers

SBCs guard the edge of your network, such as where your VoIP system interfaces with the networks outside your building.  They're like firewalls for your VoIP.

5 - Password-protected phone calls.

It's a bit of a pain for your workforce, but will greatly reduce the ability of someone to make calls even if they gain access to your system.

6 - Always review call logs.

Regularly go over all your logs and look for any anomalies, particularly out-of-country calls to areas you don't do business in.

7 - Implement Secure Real-Time Transport Protocol (SRTP)

SRTP is end-to-end encryption on VoIP calls.  It can degrade call quality somewhat, but in many cases - particularly if you deal in sensitive information - it's a worthwhile trade off.

Are you concerned about your on-site security?  Contact Hummingbird Networks today to request a free consultation on your security measures!

Topics: VoIP, Network Security