Cape Town, 22 Jul 2013
Hacks, spoofs and false registrations.... these can result in your company paying for someone else's telephone calls all over the world.
VOIP fraud is on the rise. If you and/or your company have not protected your PBX and/or VOIP account, you are at serious risk. The risk is so devastating that, if not secured, your business could be closed down within weeks.
Globally, VOIP fraud has cost business and individuals hundreds of thousands of US dollars. In Australia alone, VOIP fraud is up 35% since 2010 and received 83 000 fraud complaints alone in 2011.
It is imperative that business or individuals ensure that the VOIP solutions are implemented correctly and securely to prevent the potential loss of tens of thousands of rands.
South Africa has been deemed an easy target, especially from Eastern Europe. We notice anything from 15 to 45 attack attempts per day on our IP PABX solutions. Fortunately, we have secured our solutions and have integrated firewalls in place.
"Local and international fraudsters cracking a poorly-installed VOIP switchboard can put a small business out of business in minutes," says Greg Massel, MD of VOIP solutions provider, Switch Telecom.
Below are a few pointers to protect yourself and/or your company:
* Ensure all manufacturer default passwords for system administration are altered promptly, using lengthy and complex alphanumeric passwords.
* Lock out administrative access ports after three successive invalid access attempts.
* Configure the system to send an alert of the lock-out to system administrators.
* Ensure all remote access to system administration portals is with encrypted challenge/response authentication.
* Ensure all VOIP system administration ports are on a secure subnet, with access control lists allowing only specific IP addresses necessary for maintenance and administration.
* Ensure all multimedia and voice messaging interfaces to call managers or PBXes are appropriately restricted.
* Ensure access to system speed dialling is controlled by business need.
* Review and control all thru-dialling and out-mission from adjunct gear. Do not allow default entries in restriction/permission lists.
* Set and enforce standards for complex passwords for voice message mailboxes. Ensure period password resets for these mailboxes and regularly check for default passwords in end-user mailboxes.
* Check transfer restrictions in all integrated peripheral and adjunct gear. Block access to ARS codes and trunk access codes.
* Check endpoint targets for keyed entry and time-out transfers in call dispensation mailboxes and auto attendants.
* Verify all off-net target endpoints in ACD vectors and VDNs.
* Protect often-abused features with forced account codes, authentication codes or barrier codes.
Share