The Internet Telephony Service Providers Association (ITSPA) has released new best practise tips to help shield VoIP users from the threat of fraud.
In 2010, the industry body formed a security committee to discuss and publish best practice for its members, as well as customers of business VoIP services. The result is the ‘Recommendations for secure deployment of an IP-PBX‘ document.
ITSPA collected the best practical advice from a wide range of service providers, security experts and hardware vendors to create the document, available as a PDF here.
But why do people need to shield their system from attack? What damage can it do? ITSPA say:
“In general, people attack voice systems because they represent a source of money. This is nothing new and hackers have been attacking company telephone systems for decades, even before VoIP came along.
“An attacker may just be trying to get some free long distance calls for himself, but there are also organised criminals who want to subvert your telephone system to route international calls at your cost. Some may route calls to premium rate numbers (which they have set-up) in order to generate some phone revenue.
“In any case, the result is the same: your phone bill is increased, and the money is in their pocket.”
The document highlights current security issues, such as phone hacking and Denial-of-Service (DoS) attacks. It also recommends the key steps VoIP PBX users, whether hosted or onsite, can take to secure their systems. Top tips including using virtual private networks (VPN) and up-to-date patches, before moving on to more advanced steps like SIP security gateways and protecting ports.
ITSPA rightly highlight that “there is always a trade-off between security and convenience”, with businesses having to strike a balance between creating a flexible system for employees and protecting revenue.
With the steps contained within the document, ITSPA hopes that many businesses will find it easier to find that balance.
(Image by Rev Stan)