What Is Telephony Denial of Service and How to Prevent It

What Is Telephony Denial of Service and How to Prevent It

Most, if not all, large businesses use VoIP as their prime communications medium, usually because of the cost and functionality benefits it confers. As the market has developed, the ability to adopt a VoIP solution has extended to smaller businesses. However, as with other IT areas, VoIP has attracted the attention of miscreants, thieves and hackers intent on stealing information and disrupting business operations.

A new discipline, VoIP Security, has grown up to counteract these efforts.

In the larger IT environment, one particular thorn in the flesh has been Denial of Service (“DoS or DDoS”) attacks. These are intended to prevent normal communication with the organisations systems and services by flooding the organisations IT interfaces with large amounts of data, preventing authorised traffic from getting through. In a cloud environment, or for an Internet-based sales or service provider, this could be fatal.

It has happened and in a big way. In March of 2019, the VoIP systems of TelePacific systems were subject to a DDoS attack which brought their systems down.  

DDoS Attack

The DDoS attack came from the Internet in the form of a large number of invalid VoIP registration requests. The outcome of the attack was large-scale service disruptions for a few days in late March when the usual daily level of 34 million requests for VoIP connections suddenly dramatically increased to 69 million and flooded the TelePacific systems, removing the ability to place calls.

It cost the company several hundred thousand dollars in customer credits. When the dust had settled, the services provider, a facilities and services company based in California and Nevada, boosted its security measures to mitigate against a similar DDoS attack in the future.

For this and other unreported attacks, VoIP Security now needs to consider how to detect and prevent DDoS attacks on the organisation’s voice and video communications systems.

The first step is to define what a DDoS attack in the communications environment is. Once we know what it is, we can then develop countermeasures.

DDoS in the VoIP Environment

DDoS in the VoIP

The first thing to understand is that the VoIP systems IP protocols are exactly the same as and have the same weaknesses as the wider network IP protocols, which incidentally weren’t designed to support voice and video.

As a result, DDoS attacks in the VoIP environment have exactly the same intent and techniques as general DDoS attacks – denial of service. Because VoIP uses the same communications protocols as other network traffic, many general DDoS exploits can be easily applied to VoIP systems.

It is important to consider DDoS as one of many potential security risks that could arise in a VoIP environment, and that a properly setup VoIP security environment will guard against most DDoS attacks.

There are general security weaknesses that need to be addressed:

  1. Spam, or in the VoIP world, Spam over Internet Telephony (“SPIT”);

    Spam

    A real problem, and an increasing one in the VoIP world. Large volumes of SPIT can act as a form of DDoS attack, flooding the phone system and preventing normal communications. SIP connections are particularly vulnerable to being clogged with SPIT.

  2. Spoofing, or in general attempts to steal data; and

    Spoofing

    While not strictly speaking DDoS relevant, spoofing can be used as part of a DDoS attack to mask the origin of the attack, and cover while an attempt is made to steal data.

  3. Authentication.

    Authentication

    All networks, including VoIP networks, need authentication to prevent unauthorised access and potential misuse and theft of information. Rejecting unauthenticated traffic can go some way to reducing the DDoS traffic clogging up the system.

DDoS and VoIP Security

DDoS and VoIP Security

A general security profile that will mitigate against most DDoS attacks is made up as follows:

  1. Separate voice and data traffic. This can help to stop attacks on the general systems leaking over into the VoIP systems. A DDoS attack on the general system may not incapacitate the VoIP system, though it will be affected.   Use encryption and VPN as part of the authentication environment. You may need a separate Internet connection purely for VoIP traffic.
  2. If you are a small business, the temptation is to buy cheap and cheerful hardware and software. Don’t, these systems are often very insecure and can provide an easy entry point into your systems.
  3. Use encryption and VPNs on your VoIP network. Many proprietary systems from major manufacturers already require the use of VLANs and natively support encryption. You should also definitely use encryption if you run VoIP between buildings and remote sites.

Technical considerations will also include:

  1. Opening only those server and router ports and activating only those services needed to support VoIP.
  2. Restricting access to VoIP servers to systems administrators.
  3. Logging and monitoring all access to the server.
  4. Implementing an intrusion detection system to detect any attempts, malicious or otherwise to gain entry to the VoIP network.
  5. Implementing a defence-in-depth security strategy. It should include multiple layers, incorporating dedicated VoIP specific firewalls.

While it is not possible to defend entirely against DDoS and other malicious attacks against VoIP system, common sense and the application of standard network security will go a long way towards mitigation and prevention.

Five ways to tailor your telephone system to match your business needs

Five Ways To Tailor Your Telephone System To Match Your Business Needs

One of the more significant developments in computing in recent years has been the wholesale adoption of VoIP systems by businesses and increasingly by home and mobile users.   Simply put, VoIP systems remove the costs and restrictions imposed by the traditional PSTN service providers.

Because of digital convergence among other things, the initial objective, to replace PSTN connections with digital connections has grown by leaps and bounds into fully-fledged integrated communications environments supporting media connections, not just voice.

Businesses are now presented with options among others to improve their presence and reduce their costs.  Here are five such.

  1. Cost reductions through Call Security

    Cost reductions

    In the past, PBX systems were location based.  Extension numbers were tied to a physical location such as a desktop.  The ability to restrict calls was linked to the physical device. Anyone using the handset could only make the calls that were allowed for that extension number, for example, local calls only, no national or international calls.

    VoIP systems are by contrast person based in that an individual uses a PIN number to log-on to the VoIP system wherever they might be.  They can log-on from the traditional desktop handset or by using SIP technologies from a smart device.   Call security, therefore, becomes person based rather than location based.  The ability to make calls resides in the individual profile. Applying call security according to individual needs becomes that much easier.

  2. Business presence

    Business presence

    Using VoIP can make a business seem much larger than it actually is. Two examples are automated call forwarding and departmental assignment.

    With automated call forwarding, calls made to a local number are automatically forwarded to a central number.  In this way, a company can seem to have a local presence, but in actuality operate a central support organisation.  Many companies have done this with their call-centre operation.  For example, British Airways operated a centralised call centre in India.  All calls to a local or national call centre were automatically forwarded there.

    With a departmental assignment, different extension numbers can be published for sales, finance, procurement, and so-on.  However, they can be automatically forwarded to a single extension number.  The company looks like it has different operational departments when in reality it does not.

  3. Customer Relationship Management (“CRM”)

    Customer Relationship  Management

    An organisation that operates a call-centre to provide customer support can tailor its VoIP system to support a CRM environment.  The VoIP system can be linked to a database application.  In this environment, the call-centre operative will have customer information displayed on a local computer screen when that customer calls in.  The data is retrieved using the incoming telephone number.  The operator can then answer the call with “Good day <customer name> “ giving a much more personal and warm aspect to the interaction.

    Often details of previous and current interactions with that customer are shown giving the ability to deal more effectively with the customer.  VoIP provides that capability.

  4. Automated Documentation Support

    Automated Documentation Support

    A large part of customer support is providing documentation, usually product related.  This obviously can be accomplished via a website application, but most VoIP systems can also provide this facility.

    The requestor dials a number, taken for example from a media advertisement and is presented with the option to email a document to a specified address.   In this way, the requestor receives the information they want, and the company has an email address for future marketing activity.   All without any manual intervention thanks to VoIP.

  5. Automated Call Handling

    Automated Call Handling

    There is nothing more frustrating than calling an organisation and being forwarded from extension to extension as your call is not answered. The use of calling, hunting and auto-forwarding groups maintained by the VoIP system can significantly ease that pain.

    While they are similar there are differences between calling and hunting groups.  Calling groups allow anyone in that group to pick up a call for anyone else in the group.   For example, a call to an extension where the normal answerer is unavailable can be picked up by someone else nearby.  This is especially useful after hours where desks are unattended.

    Hunting groups automate this process.  If a call is not answered after a certain time interval it is automatically forwarded to another extension number.   Calling and Hunting groups often work together to improve customer service.

    Auto-forwarding is particularly useful for support and alarm calls.  The VoIP system can be programmed to auto-forward calls to a particular number to another number, for example, the duty engineer. The forwarding can be done manually by manually programming the number into the extension profile itself, or in some cases can be accomplished via a calendar. In this way, incoming calls should be answered, not just ring out.

    The increasing sophistication of VoIP systems now enables small businesses to punch above their weight and bring improved customer service levels at little or no cost.

Why SIP trunk providers can save your business money

Why SIP trunk providers can save your business money?

Even before digital convergence gave fresh impetus to the VoIP revolution, VoIP was being adopted by small and large businesses worldwide.

The development of SIP and the emergence of SIP Trunk providers allowed further progress to be made by providing mobility and integration with other digitally based communications to provide a Unified Communications environment.

SIP Trunks work by using a SIP capable PBX to replace the physical connections provided by traditional POTS suppliers.  In essence, a SIP Trunk is the virtual equivalent of the physical wire provided by the POTS supplier, instead of running over a digital connection (data circuit).  It can support voice, data, streaming media, and video services, an ideal combination of services for businesses seeking to implement that Unified Communications environment.Continue reading

How Business VoIP solutions can impact a company

How Business VoIP solutions can impact a company

Most will agree that the Internet has given rise to a major upheaval in Unified Communications, including Voice over IP (“VoIP”).   Business worldwide is embracing VoIP solutions as a tool to reduce communications costs, increase communications effectiveness and increase company profile.

It’s not just in the ability to make toll-free or low-cost calls that VoIP Solutions are having an effect.  Company culture is changing too.

If we take the cost benefits of VoIP Solutions as read, there are many other ways in which they can impact a company.Continue reading

What is the difference between VoIP and IP Telephony?

In recent times there has been a quantum increase in the use of digital communications, both in the business and domestic sectors. Businesses use IP Telephony to reduce their communications costs, improve interactions and service levels with staff and customers and present a better business image to the world at large.

Domestic users can now use VoIP to talk with and see far-flung friends and relatives easily and cheaply over long distances from their smart devices using VoIP capable apps like Skype and WhatsApp. No more expensive long-distance calls.

The terms VoIP and IP Telephony are often used interchangeably to describe digitally based communications.  Are they, in fact, the same thing, or are there technical and non-technical differences?Continue reading

VoIP As a Powerful Tool in Disaster Recovery

It’s not a question of if, but when a disaster will hit your company.  A prudent company has a disaster recovery plan, covering all components of recovery, and including a public relations/communications plan.  It should also include various scenarios for keeping the company running normally as far as is possible while the full recovery process unfolds.     

In short, not disaster recovery, but business continuity.

Obviously, the recovery steps and how long it takes to implement them depends on the nature of the disaster.  However, all have the common theme of an interruption to normal business that needs to be managed.Continue reading

How VoIP Affects Business Mobility

It is difficult nowadays to find a business that does not use Business VoIP. The cost and business benefits of it are undeniable.  Allied to improvements in digital telephony and digital convergence, most large and medium-sized businesses use it extensively as part of their internal and customer-facing processes.

One of the major benefits embraced by business is the ability to improve mobility and accessibility of staff.

In the past, whenever an employee left the office they were mostly uncontactable.  At best they were contactable in the evening at home or in their accommodation on the road. This made communications between staff and the office difficult at best.Continue reading

How to protect VoIP from scammers

How to protect VoIP from scammers

VoIP for Business provides a range of benefits, including substantial cost-savings that make it a must-have for most businesses.  However, as with most IT advances, VoIP has attracted the dark side of the developers.   Hackers and scammers are using VoIP for Business as a way to steal data and execute hacking exploits.

As with other types of malware attacks, business need to be aware of how these exploits are executed and what preventative measures they can take.

The first thing to understand is that most successful hacking attacks are by having users provide sensitive information. Scammers are becoming more sophisticated, and they are increasingly using VoIP to steal personal and company data or just cause mischief.Continue reading

Different type of VoIP services you need to know

Different type of VoIP services you need to know

The scope of VoIP Services has grown dramatically since they first appeared some years ago.  In size they are available from the Big Iron on-site replacements for the PABX to the small desktop-based software VoIP systems and in location from onsite to hosted.   In a similar way, the VoIP services offered have matured and grown in scope and applicability.

If we start with the assumption that VoIP is an essential for modern businesses of all sizes, then the question becomes what VoIP Services should a business consider.  What different types of VoIP services are there?

In essence, there are three types of VoIP Service: In-house, hosted and hybrid.Continue reading

Reasons why Cloud VoIP can help your Business

Reasons Why Cloud VoIP Can Help Your Business

The benefits that VoIP for Business can bring to your business are undeniable.  Add to that Cloud VoIP, hosted or on-site  and you have a winning combination that can add significantly to your business profile.

Depending on the size of the business, either implementation can be applicable.  However, having said that, a cloud-based approach can fit more easily with an existing cloud-based environment, either on‑site or hosted.

Before choosing a particular approach, it is best to consider firstly whether on-site or hosted VoIP is better suited to the business, and secondly, whether a Cloud-based architecture is appropriate.Continue reading