Report to The Industry Mark D Collier Chief Technology OfficerVP Engineering Rod Wallace Global VP Services SecureLogix Corporation About SecureLogix SecureLogix UC security and management solution company ID: 420512
Download Presentation The PPT/PDF document "Communications Security" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Communications Security
Report to The Industry
Mark D. Collier
Chief Technology Officer/VP Engineering
Rod Wallace
Global VP Services
SecureLogix CorporationSlide2
About SecureLogix
SecureLogix
UC security and management solution companySecurity solutions for UC and traditional voice networksOur applications are integrated into Cisco routersAbout us:Author of Hacking Exposed: VoIP – Working a revisionAuthor of SANS VoIP security courseAuthor of many SIP/RTP attack toolswww.voipsecurityblog.comExperience pioneering enterprise SIP trunkingSlide3
UC Security Introduction
The biggest threats to UC systems are application level:
Harassing callers, TDoS, Social engineering, and toll fraudThese attacks are present with UC and TDMIncentive is financial and disruptionThe PSTN is getting more hostile – resembling the InternetCurrent UC systems are vulnerable:Platforms, network, and applications are vulnerableMany available VoIP attack toolsBut UC-specific attacks are still uncommonSIP trunking/UC/Internet may change the threatSlide4
Public Network Security
Internet
TDM/SIPTrunksTDM
Phones
Servers/PCs
Modem
Fax
UC Servers
CM
Gate
way
DNS
CC
Admin
TFTP
DHCP
VM
DB
Voice VLAN
Data VLAN
Voice
Firewall
SBC (CUBE)
High Threat
Harassing Calls/
TDoS
Social Engineering
Toll Fraud
Modems
Medium Threat
Voice SPAM
Voice Phishing
Public
Voice
Network
Internet
Connection
IP Phones
UC ClientsSlide5
Campus/Internal UC Security
Internet
TDM/SIPTrunksTDMPhones
Servers/PCs
Modem
Fax
UC Servers
CM
Gate
way
DNS
CC
Admin
TFTP
DHCP
VM
DB
Voice VLAN
Data VLAN
Voice
Firewall
SBC (CUBE)
High Threat
Harassing Calls/
TDoS
Social Engineering
Toll Fraud
Modems
Medium Threat
Voice SPAM
Voice Phishing
Public
Voice
Network
Internet
Connection
IP Phones
UC Clients
Low Threat
LAN Originated
AttacksSlide6
SIP Trunk Security
Internet
SIPTrunksTDMPhones
Servers/PCs
Modem
Fax
UC Servers
CM
Gate
way
DNS
CC
Admin
TFTP
DHCP
VM
DB
Voice VLAN
Data VLAN
Voice
Firewall
SBC (CUBE)
High Threat
Harassing Calls/
TDoS
Social Engineering
Toll Fraud
Modems
Public
Voice
Network
Internet
Connection
IP Phones
UC Clients
Low Threat
Scanning
Fuzzing
Flood DoSSlide7
Hosted IP
Internet
IP PhoneTrafficTDM
Phones
Servers/PCs
Modem
Fax
Voice VLAN
Data VLAN
High Threat
TDoS/Harassing Calls
Social Engineering
Toll Fraud
Modems
Medium Threat
Voice Phishing
Voice SPAM
Public
Voice
Network
IP PBX
CM
Gate
way
DNS
CC
Admin
TFTP
DHCP
VM
DB
Internet
Connection
IP Phones
TDM
Handsets
UC Clients
Medium Threat
Client Devices
and Software
ExposedSlide8
Harassing Callers
Automated transmission of:
Annoying/offensive calls
Bomb threats
Voice SPAM
Voice Phishing
Users
Public
Voice
Network
Voice
Systems
Social networking used to
coordinate an attackSlide9
Social Engineering
Attacker Targets IVR
Spoofs Caller ID
Guesses Accounts/Passwords
May be Brute-Force or Stealth
Often Automated
Attacker Targets Agents
Spoofs Caller ID
Uses Personal Info From Internet
Tries to Gather Info from Agents
Always Manual
Contact Center Agents
Public
Voice
Network
Voice Transaction
Resources
(IVRs)Slide10
TDoS
Attack Through a Botnet
Voice Transaction
Resources
(IVRs)
Customers
Botnet
Master
All
Transactions Lost
TDOS Call Volume
10,000+ Calls
BOT
BOT
BOT
BOT
BOT
BOT
Total Network failure
Contact Center/911/311 AgentsSlide11
UC-Specific Vulnerabilities
UC and collaboration are introducing new vulnerabilities
Movement to the Internet is increasing the threatSIP is becoming a unifying protocol (for presence too)Video:Shares many issues with voice – lucrative due to bandwidthVideo systems are being attacked for toll fraud/eavesdroppingInstant Messaging:Vulnerabilities for file transfer, eavesdropping, malwareSocial networking:Where should we start?Slide12
Voice Security
Threat
Trending – 2011 vs 2010Slide13
Modems – Hardly Declining
Modem use stubbornly high – 27 calls/trunk/daySlide14
ISP Calling – Persistent Threat
Unprotected enterprises have firewall bypassed >50 days/trunk
Guess how your company confidential information leaks are happening?Slide15
Being a Harassing Caller – A Growth Industry
3.6x increase January to December!
4.8x increase 2011 vs 2010Like anti-virus, it is important to keep a current harassing caller list.Slide16
Being a Harassing Caller – A Growth IndustrySlide17
Harassing Callers – High Volume Campaigns
Approx. 4800 calls in 25 minutesSlide18
Social Engineering – Quantifying the Risk
Source:
TrustIDSource: SecureLogix1.5% – 7% inbound calls have no source number5% of remaining calls verifiably spoofedSlide19
Social Engineering
Targeting
Contact CentersObserving increased Social Engineering attacks on contact centersPersistent Perpetrators – keep attempting to call after blocking policy enforcedSlide20
High-Risk Calls and Social Engineering
Case Study - US Financial Institution:
In 2 weeks, 88 calls to OFAC countries for 5 hoursCase Study - US Financial Institution:NSF check fraud perpetrated from Ghana in combination with US playersCase Study – US Financial InstitutionDetected multiple calls to Contact Center using Social Engineering to perform organizational mapping: requesting locations and phone numbers etc.
US sanctions stemming from engaging in financial transactions with OFAC countries/entities.
Other high risk origin & destination countries: Common fraud launching points.Slide21
“Occupy the Phones”Slide22
Contact Center
TDoS
Flash-Mob AttackAttack Starts Monday at 11 AMThursdayFridayMondayT
uesday
Wednesday
Contact Center was main target
Attack calls blocked
Typical daily call volume
Typical day at Contact CenterSlide23
Increase Call Center Effectiveness
Contact CenterSlide24
Call Metrics,
Stats
& Exception Notification Slide25
Effect of Negative Value
Calls -
Lost Revenue/CSATCase Study: Commodity Retail Contact Center 3815 busy calls/month & 236,978 unanswered calls/month
25% of callers purchase, $35 average
sale
$2.1 Million per month in lost salesSlide26
Best Practices for UC Security
Collect real-time data about your UC services:
measure what is expected and what is unexpected. Develop a UC security policyImplement UC application security on perimeterImplement good internal data network securityPrioritize security during UC deploymentsUse encryption where possible for authentication, confidentiality, and integrity Implement SIP packet-level security on perimeter