fbpx

Enter your keyword

Don’t be a VoIP eavesdropping victim

Don’t be a VoIP eavesdropping victim

Don’t be a VoIP eavesdropping victim

In the digital world, eavesdropping is a form of cyberattack where voice over internet protocol (VoIP) phone calls are intercepted and recorded, usually to glean personal or business information. Since it does not affect call quality, it’s hard to tell if you’ve been a victim of eavesdropping. Ensure that you never become one by implementing these security strategies.

Change the default configurations

Using your VoIP phones without changing the default configurations can be the worst mistake you can make. Doing so means bad guys can search vendor documentation for things like default usernames and passwords. Depending on your VoIP solution, you should have the option of changing the default configurations on your VoIP handsets. Otherwise, you should come up with a manual process to change default configurations before rolling phones out to your staff.

Get updates from your handset vendor

In 2015, Cisco detected vulnerabilities in their VoIP phones that enabled attackers to listen in on phone conversations. Cisco quickly issued security alerts, but if they hadn’t, several companies would have fallen victim to VoIP eavesdropping. The lesson here is you must regularly monitor advisories from your hardware vendor or work with an IT provider that does so for you. Without proper monitoring, you won’t know how susceptible your corporate VoIP phones are to being eavesdropped.

Update session border controllers

Another way to combat VoIP eavesdropping is to constantly update your session border controllers (SBCs). By doing so, you’ll be updating your VoIP’s antivirus software, so your systems are better protected from constantly evolving cyberthreats. Routine SBC updates are essential for securing SIP trunking as well as responding to new threats.

Encrypt VoIP calls

If you work in a regulated industry like healthcare or finance, encrypting VoIP calls is essential to staying compliant. Work with your VoIP provider and auditors to determine the best encryption options for your communications infrastructure. Many cloud VoIP providers offer call encryption guidelines, and some even offer it as a premium service.

Build a hardened VoIP network

Make sure your VoIP network includes:

  • IP private branch exchange (PBX) using minimal services, so that the hardware can only power the PBX software
  • Firewalls with access control lists set to include call control information
  • Lightweight Directory Access Protocol lookup, and signaling and management protocol
  • Reinforced endpoint security with authentication at the endpoint level

To effectively combat VoIP eavesdropping, businesses need to take a holistic approach. This includes policies, deployment, and security practices that will keep malicious agents out of your network. Feel free to contact us for further information on how to protect your business.

Published with permission from TechAdvisory.org. Source.

Dropsuite:

Dropsuite is a cloud software platform enabling businesses and organizations globally to easily backup, recover and protect their important business information including emails, contacts, calendars and OneDrive/Sharepoint files. Compliant email backup and archive system with a 10-year retention policy.

Vade Secure:

Vade Secure is an AI-based email security solution to improve security for Office 365 and block advanced phishing, spear phishing, and advanced malware threats. Vade Secure analyzes emails, webpages, attachments, and images with machine learning and deep learning algorithms that are trained to detect behaviors and anomalies common to advanced email threats.

Office Protect:

Office Protect is a service that’s designed to help you secure your Microsoft 365 tenant. Using our powerful in-house security software, our analysts actively monitor for threats, investigate alerts, eliminate false positives, and provide guided response and remediation. Protects against account break-ins, data exfiltration, business email compromise, phishing, internal threats, lateral movement, ransomware, and attacks by nation states.

Dark Cubed:

Dark Cubed focuses on real-time monitoring, threat intelligence, predictive analytics, elegant dashboard, streamlined workflow, executive reporting and active blocking. This is another layer of security that integrates with the firewall.

ThreatLocker:

ThreatLocker is a zero-trust endpoint security tool giving companies control over what software can run, by whom, and what data can be accessed.

It keeps a full detailed audit of what applications are used and data accessed/transferred/deleted and by what users (signature tracking, etc.) If something unusual happens, such as a signature change, or a user opens an application that is out of their normal routine the administrator is alerted. This is a crucial tool in identifying malware threats, as well as helping organizations identify if users are accessing applications and/or data/ files they should not be.

ThreatLocker provides a solution that allows businesses to control the content that runs on their network. Unlike AntiVirus software ThreatLocker is not looking for known viruses or malware. ThreatLocker uses a complex set of rules to determine what can be executed on a network and stops anything that has not been approved before it can even execute.

Huntress:

Huntress is a supplement to SentinelOne. Hackers are becoming more sophisticated, and Huntress actively seeks out these threat actors with a "defend forward" mentality. This software combines both advanced security tools along with human intervention to ensure even the most advanced hackers can't penetrate your network.

SentinelOne:

SentinelOne is a comprehensive enterprise security platform that provides threat detection, hunting, and response features that enable organizations to discover vulnerabilities and protect IT operations. SentinelOne integrates static artificial intelligence (AI) to provide real-time endpoint protection and reduce false positives that derail investigations or make threat detection a capital-intensive process. This will replace Webroot in your current environment.