4 key unified communications security threats to watch for
Keeping your unified communications system safe requires tools that are specifically geared to voice and video apps. Learn how to take a multilayered approach to UC security.
As reliance on unified communications, or UC, continues to grow across businesses large and small, so does its importance. Keeping your UC infrastructure secure is a fundamental part of the equation.
Like all security, unified communications security requires a multilayered approach to be effective. If you've outsourced your UC to a third-party provider -- say, through UC as a service -- protection will be its responsibility. But, if your UC infrastructure is managed internally, a general-purpose security infrastructure that consists of a firewall, antivirus protection and password-protected systems may not be enough to guard against many UC-specific threats.
For UC specifically, the focus must be directed at providing security for voice and video applications. These applications all run using the open Session Initiation Protocol (SIP). SIP provides the session setup for VoIP and video sessions, which run using Real-Time Transport Protocol. The session border controller (SBC), meanwhile, is the infrastructure component responsible for setting up and running the VoIP and video sessions.
Not too long ago, organizations would typically rely on a VoIP-aware firewall to protect UC network traffic. These firewalls were aware of ports used for SIP and able to stop certain attacks, such as denial of service (DoS), but they weren't necessarily session-aware, which meant they couldn't stop more subtle threats.
In recent years, some SBC vendors have integrated SIP-specific security components into their SBCs. These can replace or augment SIP and VoIP security provided by your existing firewall.
Let's take a look at four key unified communications security threats.
1. DoS
It should come as no surprise that a variety of DoS attacks specifically target VoIP systems. Some involve flooding the system with requests to stop it from functioning. Other DoS attacks deliberately start and then paralyze sessions through actions such as failing to complete protocol handshakes or by mangling the protocol.
Other security attacks include call flooding, message flooding, malformed messages and disruptive signaling.
One way to combat UC-oriented DoS attacks is to determine which of your network components --switches, routers or firewalls -- support rate limiting. If the feature is present, consider activating it on ports connecting to key UC components. That way, the network device keeps the flood from ever reaching the UC components.
Keep in mind that DoS attacks don't necessarily come from external sources. Businesses today can have a sizable number of IoT devices on their internal networks. These can include video cameras, various sensors and other devices. Many of these components, especially low-cost ones, have rudimentary security and are easily compromised. Hackers can take control of these devices and launch DoS and other attacks on internal resources located behind the firewall, which are then unprotected.
2. Theft of service
Theft of service is the flip side of the DoS coin. Where DoS in action is quite evident, theft of service is not -- at least not right away. In fact, you might not even know your service is being used illegally unless your system has usage-based billing.
Here, attackers pose as legitimate users to exploit your UC system for their own purposes. This is a modernized version of the old private branch exchange (PBX) long-distance calling hack. Then, long-distance calls were expensive, and free calling was the focus. Now, long-distance calls are no longer expensive, so the target is illicit and illegal calls.
Once inside your system, hackers can make scam phone calls. If those on the receiving end report the calling phone number to the authorities, it leads back to your company rather than the actual hackers. This could create trouble for your company and could, at a minimum, become a big headache as you try to prove to the authorities that your system was hacked.
3. Hacking tools
Attackers can take advantage of publicly available tools to cause problems. Some of these apps were initially designed as legitimate ways to audit VoIP environments, but they can be used maliciously -- from both outside and inside your network -- to compromise your system.
SIPVicious is one example. The suite consists of multiple tools, among them svmap, svwar and svcrack. The first can be used to scan your network and identify the addresses of SIP servers. Svwar can show working extensions on a PBX, and svcrack is used to crack passwords on registrar servers and proxy servers.
4. UC in a box
The Zoom era, fueled by the COVID-19 pandemic and remote work, ushered in a new set of UC security concerns. Zoom and its brethren, Cisco Webex, RingCentral, Microsoft Teams, 8x8, Amazon Chime and others, are essentially UC in a box -- a software box, that is. These systems deliver an entire UC ecosystem within a single application, including video conferencing, IM and telephony. The massive installed base of some of these systems -- Zoom and Teams in particular -- can make them a big target for hackers, which can turn into a big problem for you.
Zoom software has become the de facto UC system for many businesses. A security issue that compromises Zoom -- or Teams or Webex -- could cause a companywide UC outage. Worse, hackers might not be concerned with merely degrading Zoom or any UC service. Once inside a user's computer and inside your firewall, attackers could use the UC platform to launch other internal attacks. UC systems are complex systems with lots of components, so there are many places for hackers to attack.
Finding ways to protect your UC infrastructure
What can you do? First, know which UC systems your end users are using. I get calendar invites from multiple people that essentially include a "download our UC-of-choice" link for the meeting. Over time, I may have five or six UC applications idling on my desktop. If you are only checking the security of those UC systems you are actively using, you could be guarding the front door while leaving the back door open.
Second, if you have a cloud access security broker installed, you can use that system to monitor and track the use of UC apps or to block those UC apps your users are not authorized to use.
Third, while it is more work for you, you can track the revision history of your main UC system and control how often updates are made. "Automatically update" might be a convenient option, but significant feature upgrades may also be accompanied by new vulnerabilities ripe for exploitation. Monitor UC and collaboration app releases, and control their deployments to your user base until you are satisfied they don't carry any security holes along with them.
These attacks are only a few of the many unified communications security threats facing UC systems today. UC-specific security on firewalls, SBCs and other systems are a must. Even if UC and VoIP security don't seem to get as much press as threat scenarios, like ransomware, it's important to remember that attacks on UC components can cause significant problems if they are not detected and terminated.
Ultimately, it is all about layered security. The more layers available to protect your UC, the less likely you will be compromised.