slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
About SecureLogix PowerPoint Presentation
Download Presentation
About SecureLogix

Loading in 2 Seconds...

play fullscreen
1 / 26

About SecureLogix - PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on

Communications Security Report to The Industry Mark D. Collier Chief Technology Officer/VP Engineering Rod Wallace Global VP Services SecureLogix Corporation. About SecureLogix. SecureLogix UC security and management solution company Security solutions for UC and traditional voice networks

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'About SecureLogix' - mitch


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Communications SecurityReport to The IndustryMark D. CollierChief Technology Officer/VP EngineeringRod WallaceGlobal VP ServicesSecureLogix Corporation

about securelogix

About SecureLogix

  • SecureLogix
    • UC security and management solution company
    • Security solutions for UC and traditional voice networks
    • Our applications are integrated into Cisco routers
  • About us:
    • Author of Hacking Exposed: VoIP – Working a revision
    • Author of SANS VoIP security course
    • Author of many SIP/RTP attack tools
    • www.voipsecurityblog.com
    • Experience pioneering enterprise SIP trunking
uc security introduction

UC Security Introduction

  • The biggest threats to UC systems are application level:
    • Harassing callers, TDoS, Social engineering, and toll fraud
    • These attacks are present with UC and TDM
    • Incentive is financial and disruption
    • The PSTN is getting more hostile – resembling the Internet
  • Current UC systems are vulnerable:
    • Platforms, network, and applications are vulnerable
    • Many available VoIP attack tools
    • But UC-specific attacks are still uncommon
  • SIP trunking/UC/Internet may change the threat
slide4

Public Network Security

High Threat

Harassing Calls/TDoS

Social Engineering

Toll Fraud

Modems

UC Servers

TDMPhones

PublicVoiceNetwork

TDM/SIPTrunks

CM

VM

CC

Admin

Modem

Gateway

DB

TFTPDHCP

DNS

Voice Firewall SBC (CUBE)

Fax

Medium Threat

Voice SPAM

Voice Phishing

Voice VLAN

IP Phones

InternetConnection

Internet

Data VLAN

UC Clients

Servers/PCs

slide5

Campus/Internal UC Security

High Threat

Harassing Calls/TDoS

Social Engineering

Toll Fraud

Modems

UC Servers

TDMPhones

PublicVoiceNetwork

TDM/SIPTrunks

CM

VM

CC

Admin

Modem

Gateway

DB

TFTPDHCP

DNS

Voice Firewall SBC (CUBE)

Fax

Medium Threat

Voice SPAM

Voice Phishing

Voice VLAN

IP Phones

Low Threat

LAN OriginatedAttacks

InternetConnection

Internet

Data VLAN

UC Clients

Servers/PCs

slide6

SIP Trunk Security

High Threat

Harassing Calls/TDoS

Social Engineering

Toll Fraud

Modems

UC Servers

TDMPhones

PublicVoiceNetwork

SIPTrunks

CM

VM

CC

Admin

Modem

Gateway

DB

TFTPDHCP

DNS

Voice Firewall SBC (CUBE)

Fax

Low Threat

Scanning

Fuzzing

Flood DoS

Voice VLAN

IP Phones

InternetConnection

Internet

Data VLAN

UC Clients

Servers/PCs

slide7

Hosted IP

High Threat

TDoS/Harassing Calls

Social Engineering

Toll Fraud

Modems

Medium Threat

Voice Phishing

Voice SPAM

TDMPhones

TDMHandsets

PublicVoiceNetwork

Modem

IP PhoneTraffic

Medium Threat

Client Devicesand Software

Exposed

IP PBX

Fax

CM

VM

CC

Admin

Gateway

DB

TFTPDHCP

DNS

Voice VLAN

IP Phones

InternetConnection

Internet

Data VLAN

UC Clients

Servers/PCs

harassing callers

Harassing Callers

Users

  • Automated transmission of:
  • Annoying/offensive calls
  • Bomb threats
  • Voice SPAM
  • Voice Phishing

PublicVoiceNetwork

Social networking used to

coordinate an attack

Voice

Systems

social engineering

Social Engineering

Contact Center Agents

Attacker Targets Agents

Spoofs Caller ID

Uses Personal Info From Internet

Tries to Gather Info from Agents

Always Manual

PublicVoiceNetwork

Attacker Targets IVR

Spoofs Caller ID

Guesses Accounts/Passwords

May be Brute-Force or Stealth

Often Automated

Voice Transaction

Resources

(IVRs)

tdos attack through a botnet

TDoS Attack Through a Botnet

Contact Center/911/311 Agents

Total Network failure

TDOS Call Volume

All

Transactions Lost

Customers

10,000+ Calls

Voice Transaction

Resources

(IVRs)

BOT

BOT

BOT

Botnet

Master

BOT

BOT

BOT

uc specific vulnerabilities

UC-Specific Vulnerabilities

  • UC and collaboration are introducing new vulnerabilities
  • Movement to the Internet is increasing the threat
  • SIP is becoming a unifying protocol (for presence too)
  • Video:
    • Shares many issues with voice – lucrative due to bandwidth
    • Video systems are being attacked for toll fraud/eavesdropping
  • Instant Messaging:
    • Vulnerabilities for file transfer, eavesdropping, malware
  • Social networking:
    • Where should we start?
modems hardly declining

Modems – Hardly Declining

Modem use stubbornly high – 27 calls/trunk/day

isp calling persistent threat

ISP Calling – Persistent Threat

Unprotected enterprises have firewall bypassed >50 days/trunk

Guess how your company confidential information leaks are happening?

being a harassing caller a growth industry

Being a Harassing Caller – A Growth Industry

3.6x increase January to December!

4.8x increase 2011 vs 2010

Like anti-virus, it is important to keep a current harassing caller list.

harassing callers high volume campaigns

Harassing Callers – High Volume Campaigns

Approx. 4800 calls in 25 minutes

social engineering quantifying the risk

Social Engineering – Quantifying the Risk

Source: SecureLogix

Source: TrustID

1.5% – 7% inbound calls have no source number

5% of remaining calls verifiably spoofed

social engineering targeting contact centers

Social Engineering Targeting Contact Centers

Observing increased Social Engineering attacks on contact centers

Persistent Perpetrators – keep attempting to call after blocking policy enforced

high risk calls and social engineering

High-Risk Calls and Social Engineering

  • US sanctions stemming from engaging in financial transactions with OFAC countries/entities.
  • Other high risk origin & destination countries: Common fraud launching points.
  • Case Study - US Financial Institution:
    • In 2 weeks, 88 calls to OFAC countries for 5 hours
  • Case Study - US Financial Institution:
    • NSF check fraud perpetrated from Ghana in combination with US players
  • Case Study – US Financial Institution
    • Detected multiple calls to Contact Center using Social Engineering to perform organizational mapping: requesting locations and phone numbers etc.
contact center tdos flash mob attack

Contact Center TDoS Flash-Mob Attack

Attack Starts Monday at 11 AM

Typical daily call volume

Contact Center was main target

Attack calls blocked

Typical day at Contact Center

Thursday

Friday

Monday

Tuesday

Wednesday

effect of negative value calls lost revenue csat

Effect of Negative Value Calls - Lost Revenue/CSAT

  • CaseStudy: Commodity Retail Contact Center
  • 3815 busy calls/month & 236,978 unanswered calls/month
  • 25% of callers purchase, $35 average sale

$2.1 Million per month in lost sales

best practices for uc security

Best Practices for UC Security

  • Collect real-time data about your UC services:
    • measure what is expected and what is unexpected.
  • Develop a UC security policy
  • Implement UC application security on perimeter
  • Implement good internal data network security
  • Prioritize security during UC deployments
  • Use encryption where possible for authentication, confidentiality, and integrity
  • Implement SIP packet-level security on perimeter