protect your ippbx against voip attacks
TRANSCRIPT
Secure your IPPBX against
VOIP attacks
What constitutes VoIP fraud?
What constitutes VoIP fraud?
The most vulnerable targets remain small-medium size businesses that are new to managing their own VOIP. They either don’t have the IT experience and staff to properly secure and maintain the network, or they’re unaware of the risks altogether having recently switched from a landline system. Whatever the reason, many networks are consistently left unprotected. By the time most companies realize that something is wrong with their phone expenses, it’s too late—the network security has been compromised.
Every year the number of PBX fraud victims increases dramatically. More and more companies are targeted by individuals who are looking to bring down or exploit the communications system. Some do it for fun and others for illicit profit, but the end result is always the same… It results in the telephone bill of average 5,000$ USD to 80,000$ per attack to your carrier!
How big of a problem is VoIP fraud?
Hackers targeted the phone system at Bob Foreman’s architecture firm in
Georgia, making $166,000 in calls in a weekend
In 2009 when Michael Smith, a small business owner in Massachusetts,
found that someone had hacked into his private branch exchange (PBX)
to make $900,000 worth of calls to Somalia.
A recent study from Pindrop Security found that nine out of the top ten
banks, and 34 of the top 50 banks had been victims of call fraud.
How big of a problem is VoIP fraud?
CFCA Global Fraud Key
Findings
The Communications Fraud Control
Association (CFCA) release their 2013
global fraud report. They state that there
is $4.3 billion of global fraud, up 15% from
2011. It is a great report and resource
Source: http://www.cfca.org/fraudlosssurvey/index.htm
The most common VOIP attacks on IP Phone Systems
DoS/DDoS attacks: These are designed to flood your PBX with an
exaggerated numbers of packets. Their goal is to bring down your
communication system and render it unusable.
PHREAKERs: These guys take advantage of your negligence and steal from
you without really hacking anything… They just check the most
common/default user names and passwords used and if they get lucky,
it’s a bad day for the victim.
Buffer overflow: Some VoIP fraud relies on methods typically used for computer fraud. In this case, fraudsters use buffer overflow errors in
handling INVITE or session initiation protocol (SIP) packets. The flaw might
be used to crash applications or run arbitrary code.
The most common VOIP attacks on IP Phone Systems
SIP Device Fingerprinting: The hacker will try to identify which PBX software
is running or which hardware you are using. Once he gets this info, he will
look for their weaknesses and attack accordingly.
Cross Site Scripting attacks: These are amongst the most complex and
hard to achieve. A script is injected in your PBX by the hacker and can
program it to do all kind of malicious actions such as having all your
extensions ring at once
Toll Fraud Attacks : Hackers hijack your phone system to repeatedly call long distance toll numbers that charge by the minute. The owner of the
long distance number - usually the hacker or an affiliate - charges your
company for using the toll line.
Tips to secure your VOIP infrastructure
The STM – SIP Threat Management device which is released by ALLO.COM
is installed in front of any SIP based PBX system or VOIP gateway and offers
extra layers of security against numerous types of attacks that are
targeted towards IP telephony infrastructure. The features offered by the
STM complement those of a traditional firewall or UTM, and it can be
installed in conjunction with a UTM.
Block specific IPs or countries, protect your PBX against hackers trying user
names and passwords, someone is trying to flood your PBX with a DDos
attacks? No problem!
Typical STM Installation Diagram
STM Functionality Video Link: http://www.youtube.com/watch?v=iEwfH5j9ZfE
ALLO SIP Threat Manager
Uses the SNORT based Real Time Deep packet inspection engine, our STM
analyzes each SIP packet going to your phone system, identifies the
malicious and abnormal ones blocking the originating IP
The appliance has been made to seamlessly integrate with the existing
network infrastructure and reduces the complexity of deployment.
ALLO SIP Threat Manager
Instead of losing thousands of dollars due to the victim of VOIP attacks,
invest on 300$ worth of ALLO STM, which is plug & play.
Investing in an STM to protect your communications network is a must.
For more info, visit: http://allo.com/stm.html
Test Case scenario(Basic)
Call blocker Rules:
If you want to block the specific Caller numbers or Telephone numbers from specific geographic region you can set the appropriate Call blocker rules in STM ( Security Settings Call Blocker Rules)
Is STM really blocks the unwanted Caller ID
Configure the Call blocker rule , select the
appropriate Call Blocker type from the list
and input the number need to block.
Is the CBR rules working for you?
Test Case Scenario(Basic)
Geo IP Filtering
If your PBX getting SIP packets traffic from specific country IP address which unrelated for you. Navigate (Security Settings Geo IP Filtering) and black list that Country
To test this out and see whether STM performs this functionality, check your SIP trunk provider IP address & hosting country. For Example if the SIP trunk server IP address associated to South Africa block that country in Geo IP Filter.
Is this working for you?
Test Case Scenario (Advanced)
SIPVicious:
SIPVicious is the python based tool suite that can be used to discover SIP based Deployments and User Information from the unprotected setup.
The tool suite bundled with set of tools which will enable the SIP Devices scanning, User Extensions Discovery, Password Cracking Attempts.
You can download the SIPVicious tool suite from https://code.google.com/p/sipvicious/
The svmap tool included the tool suite will enable the scanning of SIP devices available in your network
However the tool provides lot of options where the hacker can specify the template for user enumeration/password guess, etc.
Test Case Scenario (Advanced)
SIPp:
SIPp is the open source based SIP traffic generator. It can be used to send
the various types of SIP requests to SIP Gateways/Servers with customizable
options as well as initiate the multiple concurrent SIP requests with specific
SIP headers.
The tool can be downloaded from http://sipp.sourceforge.net/
The tool also provides the advanced options like substituting the SIP
parameters in the XML template with the inputs from external CSV file
during the run time.
References
References:
https://resources.enablesecurity.com/resources/22_29_storming_sip.pdf
http://www.ijcce.org/papers/263-OC0024.pdf
http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP
https://code.google.com/p/sipvicious/
http://sipp.sourceforge.net/
http://www.blackhat.com/presentations/win-usa-02/arkin-winsec02.ppt
http://startrinity.com/VoIP/SipTester/SipTester.aspx
http://www.backtrack-linux.org/
THANK YOU