7 Steps to SIP trunking securityHow securing your network secures your phone lines.

There are stories that SIP has set

off a cyber crime wave of corporate

espionage and telephone fraud.

They say SIP opens up network

vulnerabilities, and that SIP trunking

lets anyone listen in on calls. It’s

not true.

The truth about SIP security.

SIP trunking is growing in popularity faster than any other type of phone service. Experts project SIP trunking will be used in nearly 60% of businesses by the year 2015. Beyond cutting costs and adding features, decision makers are sold on SIP trunking’s ability to centralize PSTN access, failover instantly, and provision channels as needed to deal with spikes in call volume. They are comfortable implementing SIP because they know it doesn’t add vulnerabilities or put their organization at risk for fraud.

Security is only as good as the weakest link. In most cases, when it comes to information security, organizational networks are the weakest link. SIP security is not a question of securing SIP connections. To keep SIP credentials, and all sensitive information, out of the hands of fraudsters, the entire network must be secured.

SIP trunking only transmits information you want to transmit.

SIP trunking is not an open door cut into firewalls, it’s a controlled 2-way gateway to the PSTN.

SIP trunking doesn’t make it easier to eavesdrop on call audio.

The risks of SIP trunking have been greatly exaggerated.

2+1.855.flowroute hello@flowroute.com flowroute.com

Developments in business communications technology have created new usage patterns that require anywhere, anytime access to internal networks. Cloud-based SaaS, BYOD, and a remote and mobile workforce, are all placing greater demands on network availability while poking holes in network security.

Insecure internal and cloud-based networks are the access point fraudsters use to seize control of communications accounts and sensitive corporate data. These seven steps will reinforce network fortifications, and save accounting departments from using up the bonus budget to cover fraud liability.

Securing IP communications starts with network security.

1. Update all software

In addition to feature enhancements, software updates are released to patch security vulnerabilities. On a daily basis, people all over the world are working to find weakness in network-based software. When they find it, word spreads fast, and a targeted cyber crime wave ensues. Reputable software companies employ people to find vulnerabilities first, so they can update their product to keep customers safe.

It is important to update CRM, UC, PBX, or any other software that run on or access organizational networks. The latest version will be the most secure from attacks. This applies to firmware too. So make sure router firmware is up-to-date.

3+1.855.flowroute hello@flowroute.com flowroute.com

2. Create complex passwords

Technology exists that can crack a 15 character password in a matter of minutes. It requires far more computing power than is realistically in the hands of attackers, but as Moore’s Law states, computers grow more powerful every day. As processors become more powerful, exhaustive brute-force attacks against high-level encryption will become more feasible.

An immediate threat is the ability to find dictionary words and common passwords that open account access. It is all too easy to build a crawler that will automatically attempt standard and default passwords (like 1234, etc.) in every password field it finds, until it gets one right.

Create policies that require complex passwords on all accounts, including desk phones and voicemail accounts, and require that passwords are changed regularly.

4. IP authentication

Authenticating account access based on IP address is an excellent way to deflect unwanted intruders. Lock down access by assigning a static IP address to each user, or user group, and establish a strict whitelist of approved addresses allowed network entry.

Alternatively (if mobile users need to login from a dynamic IP address), build a blacklist of IP addresses known to exhibit threatening behavior (or see step 3). Lists can be found online, and/or third party or custom built tools can be employed to monitor log files and automatically block IP addresses that have failed a preset number of password attempts.

3. Use a VPN for remote connections

Business networks are being accessed from more and more locations as employees, and their work habits, become increasingly mobile. For remote extensions such as home and satellite offices, or those workers on the move, setup Virtual Private Networks to connect rather than broadcasting connection credentials over the public Internet. If a dedicated connection is infeasible, use a non-standard SIP port (i.e. not 5060 or 5061) to disguise the transmission and access point.

4+1.855.flowroute hello@flowroute.com flowroute.com

5. Only permit trusted SIP providers

A PBX is a potential entry point for security threats that needs to be locked down. Set firewalls to only permit trusted SIP connections by adding them to an IP whitelist so that intruders will be unable to connect to unauthorized accounts.

7. Establish secure protocols

An employee accessing their organization’s internal network over a public Wi-Fi connection (e.g., in a coffee shop) opens the system to anyone watching the network if credentials are sent via clear text. Establish secure connection protocols like SSL for all access to any point in your network.

6. Separate signaling and media

This step requires homework. Research providers and how they handle call transmission. For example, on Flowroute’s platform, signaling and media are transmitted separately to deliver call audio more directly, reliably, and efficiently. Calls travel in two streams of disassociated information. Even if criminals intercept call signaling information (numbers and IDs), they’ll be missing audio. If audio is intercepted, the voices on the call aren’t attached to identifying information.

Furthermore, audio never passes through Flowroute’s servers, an advanced process that delivers stronger call security by eliminating potential interception points.

5+1.855.flowroute hello@flowroute.com flowroute.com

More often than not, the horror stories told about VoIP vulnerabilities stem from improperly secured networks. There are so many pros that it’s hard to find an argument against connecting telecommunications through a strong SIP provider. Securing your network against intruders will secure every component of your network, including Internet phone lines.

For more information on telephone security and other industry insights and updates, subscribe at blog.flowroute.com.

SIP trunking is as safe as you make it. Flowroute delivers Internet telephone services specifically engineered and optimized for Enterprises, Developers, and Service providers. Our technology dramatically reduces the cost of voice connections and gives users total control of setup and features for real-time self-serve management of their telecommunications.

To learn more about why we’re the experts’ SIP trunking choice:

www.flowroute.com

blog.flowroute.com

1-855-FLOW-ROUTE (356-9768)

hello@flowroute.com

6+1.855.flowroute hello@flowroute.com flowroute.com

© 2014 Flowroute LLC. All rights reserved. Flowroute and the swirl design logo are trademarks of Flowroute LLC. Other company names used herein may be trademarks of their respective owners and are used for the benefit of those owners.