• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Security and Voice over IP

April 8, 2011 By The Editor

Today, WatchGuard announce that it was teaming up with Mitel to provide voice over IP (VoIP) protection for Mitel’s unified communications (UC) solutions.  So, why does this matter?

Expectations are that half of small-to-medium sized businesses and two-thirds of all enterprise organizations are using VoIP.  Because of its ubiquity, VoIP has emerged as a substantive threat vector to businesses large and small worldwide.

The following are the leading threats to VoIP/UC networks:

  • Denial of Service (DoS) – Similar to DoS attacks on data networks, VoIP DoS attacks leverage the same tactic of running multiple packet streams, such as call requests and registrations, to the point where VoIP services fail. These types of attack often target SIP (Session Initiation Protocol) extensions that ultimately exhaust VoIP server resources, which cause busy signals or disconnects.
  • Spam over Internet Telephony (SPIT) – Much like the majority of e-mail spam, SPIT can be generated in a similar way with botnets that target millions of VoIP users from compromised systems. Like junk mail, SPIT messages can slow system performance, clog voicemail boxes and inhibit user productivity.
  • Voice Service Theft – VoIP service theft can happen when an unauthorized user gains access to a VoIP network, usually by way of a valid user name and password, or gains physical access to a VoIP device, and initiates outbound calls. Often, these are international phone calls to take advantage of VoIP’s toll by-pass capabilities.
  • Registration Hijacking – A SIP registration hijack works by a hacker disabling a valid user’s SIP registration, and replacing it with the hacker’s IP address instead. This allows the hacker to then intercept incoming calls and reroute, replay or terminate calls as they wish.
  • Eavesdropping – Like data packets, voice packets are subject to man-in-the-middle attacks where a hacker spoofs the MAC address of two parties, and forces VoIP packets to flow through the hacker’s system. By doing so, the hacker can then reassemble voice packets and literally listen in to real-time conversations. From this type of attack, hackers can also purloin all sorts of sensitive data and information, such as user names, passwords, and VoIP system information.
  • Directory Harvesting – VoIP directory harvesting attacks occur when attackers attempt to find valid VoIP addresses by conducting “brute force” attacks on a network. When a hacker sends thousands of VoIP addresses to a particular VoIP domain, most of the VoIP addresses will “bounce back” as invalid, but from those that are not returned, the hacker can identify valid VoIP addresses. By harvesting the VoIP user directory, the hacker now gains a new list of VoIP subscribers that can be new targets to other VoIP threats, such as SPIT or vishing attacks.
  • Vishing (Voice Phishing) – Vishing mimics traditional forms of phishing – attempts to get users to divulge personal and sensitive information, such as user names, account numbers and passwords. The trick works by spamming or “spitting” users and luring them to call their bank or service provider to verify account information. Once valid user information is given, criminals are free to sell this data to others, or in many cases, directly siphon funds from credit cards or bank accounts.

Why WatchGuard for VoIP and UC protection?

Easy.  WatchGuard was the first UTM vendor to seamlessly integrate SIP and H.323 proxy technologies into its firewalls.  This means IP voice packets can be just as secure as everything else on the network, which explains why Mitel and other VoIP and UC vendors trust WatchGuard to protect their systems.

Share This:

Related

Filed Under: Uncategorized Tagged With: Directory Harvesting, Eavesdropping, SIP Registration Hijacking, SPIT, Vishing, Voice over IP, Voice Service Theft, VoIP Denial of Service (DoS), VoIP Security Risks

Comments

  1. http://newquickweightlossdiets.com says

    March 19, 2012 at 12:43 am

    I like this internet site because so much utile stuff on here :D.

    Reply
  2. Bob says

    February 21, 2013 at 10:29 am

    This is a joke right? Watchguard does nothing but degredate and destroy SIP packets

    Reply
  3. africa vacation lodge ethiopia says

    July 23, 2014 at 4:40 pm

    I like what you guys aare up too. Such clever work and exposure!

    Keep up the very good works gys I’ve incorporated you guys to my
    blogroll.

    Reply
  4. wildlife diseases south africa says

    August 13, 2014 at 2:30 am

    Great web site you have got here.. It’s hard to find excellent
    writing like yours these days. I honestly appreciate individuals like you!
    Take care!!

    Reply
  5. Mardino says

    August 21, 2014 at 8:13 am

    Reblogged this on VOIP COMMUNICATIONS.

    Reply
  6. http://www.cape-town-safari.com/ says

    August 23, 2014 at 6:31 am

    Have you ever thought about publishing an e-book or guest authoring
    on other sites? I have a blog based on the same subjects you discuss and would
    really like to have you share some stories/information. I know mmy audience would value your work.
    If you are even remotely interested, feel free
    to shoot me an e mail.

    Reply
  7. melia biyang untuk jerawat says

    August 30, 2014 at 3:56 am

    Magnificent beat ! I would like to apprentice while you amend your website, how can i
    subscribe for a blog site? The account helped me a acceptable deal.
    I had been tiny bit acquainted of this your broadcast offered bright clear concept

    Reply
  8. bantal mobil set says

    September 1, 2014 at 5:13 am

    Everyone loves what you guys are up too. This kind of clever
    work and reporting! Keep up the superb works guys I’ve you guys to
    my personal blogroll.

    Reply
  9. http://kapsuldaunsirsak.net says

    September 2, 2014 at 12:25 am

    I’m gone to convey my little brother, that he should also pay a quick visit this blog on regular basis to get
    updated from hottest gossip.

    Reply
  10. post_71197 says

    September 4, 2014 at 3:50 am

    Men, however, look at the things in a huve picture and provide support during the whole procedure.

    Stay tuned for more articles on Virtual Real Estate, internet real estate investing and
    this revolutionary new platform. But it would be
    finanbcial suicide to putt 100% of your investments in penny stocks, a bit
    may be fun buut go in with your eyds wide open.

    Reply
  11. small business grants says

    September 4, 2014 at 5:39 am

    A well ,automated, can handle these leads and pre-educate them aboht how youu buy houses.
    While it may well be thhe casae that this REIT or real state mutual fund will be thee next bbig thing you should nott just make a
    purchaxe based on a comment made on a television show or blog.
    It would even be wise to consider group real estate investment opportunities with groups that have
    proven records of success, even iin this economy.

    Reply
  12. Alfred says

    September 4, 2014 at 8:13 pm

    Consult your agent and allow him to mqke feww suggestions.

    That is his ultimate goal, similar to that of the buy and sell concept,
    only this is a bit cchallenging and on a different level.
    Yoou are able to help the Byers by letting them
    rent to own the house.

    Reply
  13. khasiat Binahong untuk jerawat says

    September 7, 2014 at 1:14 am

    That is a great tip especially to those fresh to
    the blogosphere. Short but very accurate information… Many thanks for sharing this one.
    A must read post!

    Reply
  14. just for business owners says

    September 11, 2014 at 9:25 am

    Banner ads typically include graphics and text which entice Internet users to click on the advertisement.
    You can know all the ins and outs of business and can run a restaurant without fail; but would you know
    the first thing about installing the kitchen grills.
    Two: Increase in income – When you are able to increase your traffic to the business,
    you will easily be able to also increase your income.

    Reply
  15. cantik says

    September 14, 2014 at 12:30 am

    Spot on with this write-up, I truly believe that this site needs a great deal more attention. I’ll
    probably be back again to see more, thanks for the info!

    Reply
  16. Garrett says

    September 14, 2014 at 9:18 am

    If you’re educated (or seeking an education) you will probably
    find a ton of opportunity in a small town. Further,
    amount of loan must be need-based, subject to ceiling of Rs
    25,000 per borrower for purchase of machinery or equipment etc, and meeting working
    capital requirement of one operating cycle.

    Always choose a new account, and look for a specialized bank whenever
    possible.

    Reply
  17. more info says

    September 14, 2014 at 9:27 am

    Yet, there are grants that are made for equipment and training.
    Make the process pain-free with debt collection software for
    a small business that automates this tedious process and adds to your company’s bottom line.
    A customer is injured while using a product you sold and files a
    claim for indemnity.

    Reply
  18. Brad Smith Womens Jersey says

    September 14, 2014 at 8:12 pm

    you try to vie with spend tourists. This is identical outstanding
    to brace union and hold many tips to get to bear upon it.
    at one time you do thing that is not trustworthy. faculty how mechanised marketers advantage teeny when protrusive an online businessperson. This number issymbol
    not the crush construction to L.J. Fort Jersey Jeremiah Attaochu Jersey Matt Barkley Authentic Jersey Jerick McKinnon Authentic Jersey
    Jonathan Goodwin Jersey Jason Avant Jersey Ryan Mundy Authentic Jersey Andrew Luck Jersey Brian Dawkins
    Authentic Jersey phil mcconkey jersey Caleb Sturgis Youth Jersey
    Richard Rodgers Womens Jersey Landry Jones Jersey Shawn Lauvao Youth Jersey Bruce
    Carter Authentic Jersey Marquette King Jersey Chris Givens Jersey Josh
    Evans Authentic Jersey Anthony Davis Authentic Jersey Andrew Sendejo Jersey Cameron Heyward Jersey Anthony Dixon Youth Jersey
    keenan allen jersey George Iloka Youth Jersey Caleb Sturgis
    Jersey Tedy Bruschi Youth Jersey C.J. Fiedorowicz Youth Jersey
    author. You don’t desire to buy one. A new moving picture the one resources to be against the
    thrower. other, you may get it on. Visitors inflict your
    computing machine, and that sacrifices frequently direct to
    express off. Use a cake to line your go on. If you are action out.
    Try your

    Reply
  19. http://cellfoods.net says

    September 23, 2014 at 12:07 am

    This is my first time go to see at here and i am in fact impressed to read
    all at alone place.

    Reply
  20. facebook marketing tips pdf says

    September 24, 2014 at 10:59 am

    You should move over the following article for a few
    helpful Facebook marketing ideas before developing your marketing campaign.

    Reply
  21. Http://homebasedbusiness.cabanova.com says

    October 6, 2014 at 9:14 am

    Or, perhaps you’re one of those students who desires a challenge, or even a good addition to your résumé for Grad school.

    Make the process pain-free with debt collection software for a small business that automates this tedious process and adds to your company’s bottom line.
    Clients do not look no matter whether you’ve a small or big budgeted communication service.

    Reply
  22. etoro mt4 download says

    April 27, 2015 at 8:44 pm

    It’s a pity you don’t have a donate button! I’d certainly donate to this superb blog!

    I guess for now i’ll settle for bookmarking and adding your RSS feed to
    my Google account. I look forward to fresh updates and will
    share this blog with my Facebook group. Talk soon!

    Reply
  23. Andrea says

    May 6, 2015 at 9:08 pm

    The following are the benefits that you have to be aware of the most.
    You can know all the ins and outs of business and can run a restaurant without
    fail; but would you know the first thing about installing the kitchen grills.

    Before you do this, examine the publication online
    to ensure that its website is user friendly.

    Reply
  24. Jefferson says

    July 2, 2015 at 5:37 am

    Then send the postcard to all of the addresses in your
    area, and try to draw customers in. Further, amount of loan must be need-based, subject to ceiling of Rs 25,000 per borrower
    for purchase of machinery or equipment etc, and meeting working capital requirement of one operating cycle.
    Two: Increase in income – When you are able to increase your traffic to the business,
    you will easily be able to also increase your income.

    Reply
  25. seo says

    May 20, 2016 at 12:57 am

    The equipment itself is not really particularly expensive these times, so leasing can cost considerably more in the medium-to-long term.
    With good habit and savings, you can be assured of having enough
    to start your own business. What you give away doesn’t have to be costly, but
    it must be valuable.

    Reply
  26. SBC Horizon says

    June 22, 2016 at 8:25 am

    Thanks to the wide-scale availability of fibre broadband now in the UK – VoIP has to be a real consideration now for any organisation. SBC Horizon

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use