generic voice security issues
DESCRIPTION
TRANSCRIPT
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
A General presentation
By Jason Dewar
© Context Information Security Limited / Commercial in confidence
Voice edge security
Monday, April 10, 2023
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Presented by:Jason Dewar
Enterprise Telephony Management
A Presentation for Linkedin 19th June 2008
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Agenda
• Introduction to Context Information security• Voice security issues• Voice security solution• Contacts
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Context Information Security• Founded 1998 as a one-stop-shop information security consultancy.• Serves mainly financial services sector and MoD
• Major voice security projects delivered for US Army Europe (USAREUR), US Air-Force Europe (USAFE), UK Govt departments, Bloomberg, Symantec, Asda etc..
• Penetration testing activities highlight the need for a solution to mitigate security issues associated with unauthorised and insecure voice services
• Unguarded IP access to the corporate network via modem usage is regularly raised as a critical security issue.
• Initiated contact with members of the Wheel Group, creators of NetRanger IDS product, who had formed SecureLogix, to investigate how to resolve voice security issues
• CIS has had direct input into development of the Enterprise Telephony Management system
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Voice Network threats• Cross network attacks – LAN penetration through Voice lines.
• Authorised and unauthorised Modem backdoors into LAN.
• Attacks on voice system – Service theft / Toll fraud.• PBX, DISA, Voice mail…• Estimated $30 - $40 Billion annually in US (Source CFCA).
• Unauthorised ISP Connectivity – Insider theft.• Transfer of confidential information.• Upload / Download of restricted content.• Viruses.• Hacks.
• Line Misuse & Abuse. • Unauthorised calls and conversations.• Voice service Misuse & Abuse (E.G. International & premium rate calling).
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Traditional IT Security
Blocked!
Alert!
Firewall
IDS
Router
Good News – Internet devices work reasonably well
Bad news – Modem usage can bypass these devices
Typical IT Network
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Authorised Modem attacks
Alarm SystemsSprinkler Systems HVAC SystemsElevator SystemsRefinery ControlsPower Grid
Modem
Intruder
LAN
Servers
Central Office
Internet
Voicemail
PBXPSTN
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Threats to Voice & DataUn-authorised Modem attacks
LAN
Servers
Modems
Central Office
Internet
PSTN
Blocked at the perimeter
WormsTrojans Viruses
Internet traffic blocked at the LAN perimeter can be re-routed using Modems
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Threats to Voice & DataWar Dialling
War Dialing used to be the only way to find modems
In reality, war dialing discovers less than 25% of the problem
User leaves connection to ISP dialed in so when you war dial you get a busy signal
Discover the maintenance modems you already know exist
The user who was connected to his ISP all day has taken his laptop home so when you war dial all you find is the fax machine – which is entirely legitimate
War dial server ISP
PSTN
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Voicemail
PBX
FAX
Servers
Modems
LAN
Central Office
Internet
PSTN
Intruder
Remote access to PBX can allow service disruption or Theft.
Threats to Voice & DataPBX Attack
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
LAN
Voicemail
PBX
FAX
Servers
Modems
Central Office
Internet
PSTN
Intruder
Unauthorised services
Threats to Voice & Data Resource Hijacking
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Communications Fraud“Communications Fraud is the use of Telecommunications products or
services with no intention of payment”
• Toll fraud costs an estimated $72 - $80 Billion globally (Source Communications Fraud Control Association (CFCA))
• These losses represent 4.5% of global telecom revenues• Fraud (value) has increased by 34% since 2005
• Top 5 locations for communications fraud:1. Cuba2. Philippines3. Lichtenstein4. India5. U.K
Cont…..
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Communications Fraud• Top 3 communications fraud losses:
1. 29% (approx. $22Billion USD) – Subscription / Identity theft2. 20% (approx. $15 Billion USD) – Compromised PBX / Voicemail systems3. 6% (approx. $4.5 Billion USD) – Premium rate service fraud
It is important to recognise that communications fraud is not limited to those with poor PBX administration. Organised criminal fraternities are operating on a massive scale to defraud companies and individuals by compromising their telecommunications. resources and using them for financial gain.There is a reported link between some Communications fraud and global terrorism.
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
The solution
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
The solution
As with the traditional layout of the IT network, we strongly recommend the use of border security devices such as voice
firewall and Intrusion Prevention Systems.
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
The SecureLogix ETM system
LAN
Modem
PSTN Trunks
Firewall
Phones
InternetProvider
InternetConnection
Phones
PBXServiceProvider
Switch
ETM® ETM® SystemSystem
Voice Firewall:
Blocks phone line attacks. Controls voice network access and service use.
Voice IPS:
Prevents malicious and abusive call patterns such as toll fraud.
Performance Manager:Enterprise-wide dashboard. Real-time
performance monitoring & diagnostics.
Usage Manager:
Enterprise-wide, PBX-independent CDR, call accounting, & resource utilization.
Call Recorder:Policy-based recording of targeted calls. Trunk-side, cost effective solution.
The ETMThe ETM®® System System
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
The SecureLogix ETM system
TeleView® Client
Central Office
ETM® Appliances
ETM® Management
Report Database Server
IP Network
Trunks Modem
Phone
Fax
PC
PBX
Public / PrivateInternet
TeleView®
Remote Clients
PRI T1 Analogue E1 VoIP
3DES encryption
3DES encryption
Voice Security
A Presentation for Linkedin Monday, April 10, 2023
Contacts
Please contact Jason Dewar of Context Information Security:
e: [email protected]: www.contextis.co.uk: +44 (0)20 7537 7515: Context Information Security
30 Marsh WallLondonUnited KingdomE14 9TP