1 / 26

About SecureLogix

Communications Security Report to The Industry Mark D. Collier Chief Technology Officer/VP Engineering Rod Wallace Global VP Services SecureLogix Corporation. About SecureLogix. SecureLogix UC security and management solution company Security solutions for UC and traditional voice networks

mitch
Download Presentation

About SecureLogix

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Communications SecurityReport to The IndustryMark D. CollierChief Technology Officer/VP EngineeringRod WallaceGlobal VP ServicesSecureLogix Corporation

  2. About SecureLogix • SecureLogix • UC security and management solution company • Security solutions for UC and traditional voice networks • Our applications are integrated into Cisco routers • About us: • Author of Hacking Exposed: VoIP – Working a revision • Author of SANS VoIP security course • Author of many SIP/RTP attack tools • www.voipsecurityblog.com • Experience pioneering enterprise SIP trunking

  3. UC Security Introduction • The biggest threats to UC systems are application level: • Harassing callers, TDoS, Social engineering, and toll fraud • These attacks are present with UC and TDM • Incentive is financial and disruption • The PSTN is getting more hostile – resembling the Internet • Current UC systems are vulnerable: • Platforms, network, and applications are vulnerable • Many available VoIP attack tools • But UC-specific attacks are still uncommon • SIP trunking/UC/Internet may change the threat

  4. Public Network Security High Threat Harassing Calls/TDoS Social Engineering Toll Fraud Modems UC Servers TDMPhones PublicVoiceNetwork TDM/SIPTrunks CM VM CC Admin Modem Gateway DB TFTPDHCP DNS Voice Firewall SBC (CUBE) Fax Medium Threat Voice SPAM Voice Phishing Voice VLAN IP Phones InternetConnection Internet Data VLAN UC Clients Servers/PCs

  5. Campus/Internal UC Security High Threat Harassing Calls/TDoS Social Engineering Toll Fraud Modems UC Servers TDMPhones PublicVoiceNetwork TDM/SIPTrunks CM VM CC Admin Modem Gateway DB TFTPDHCP DNS Voice Firewall SBC (CUBE) Fax Medium Threat Voice SPAM Voice Phishing Voice VLAN IP Phones Low Threat LAN OriginatedAttacks InternetConnection Internet Data VLAN UC Clients Servers/PCs

  6. SIP Trunk Security High Threat Harassing Calls/TDoS Social Engineering Toll Fraud Modems UC Servers TDMPhones PublicVoiceNetwork SIPTrunks CM VM CC Admin Modem Gateway DB TFTPDHCP DNS Voice Firewall SBC (CUBE) Fax Low Threat Scanning Fuzzing Flood DoS Voice VLAN IP Phones InternetConnection Internet Data VLAN UC Clients Servers/PCs

  7. Hosted IP High Threat TDoS/Harassing Calls Social Engineering Toll Fraud Modems Medium Threat Voice Phishing Voice SPAM TDMPhones TDMHandsets PublicVoiceNetwork Modem IP PhoneTraffic Medium Threat Client Devicesand Software Exposed IP PBX Fax CM VM CC Admin Gateway DB TFTPDHCP DNS Voice VLAN IP Phones InternetConnection Internet Data VLAN UC Clients Servers/PCs

  8. Harassing Callers Users • Automated transmission of: • Annoying/offensive calls • Bomb threats • Voice SPAM • Voice Phishing PublicVoiceNetwork Social networking used to coordinate an attack Voice Systems

  9. Social Engineering Contact Center Agents Attacker Targets Agents Spoofs Caller ID Uses Personal Info From Internet Tries to Gather Info from Agents Always Manual PublicVoiceNetwork Attacker Targets IVR Spoofs Caller ID Guesses Accounts/Passwords May be Brute-Force or Stealth Often Automated Voice Transaction Resources (IVRs)

  10. TDoS Attack Through a Botnet Contact Center/911/311 Agents Total Network failure TDOS Call Volume All Transactions Lost Customers 10,000+ Calls Voice Transaction Resources (IVRs) BOT BOT BOT Botnet Master BOT BOT BOT

  11. UC-Specific Vulnerabilities • UC and collaboration are introducing new vulnerabilities • Movement to the Internet is increasing the threat • SIP is becoming a unifying protocol (for presence too) • Video: • Shares many issues with voice – lucrative due to bandwidth • Video systems are being attacked for toll fraud/eavesdropping • Instant Messaging: • Vulnerabilities for file transfer, eavesdropping, malware • Social networking: • Where should we start?

  12. Voice Security Threat Trending – 2011 vs 2010

  13. Modems – Hardly Declining Modem use stubbornly high – 27 calls/trunk/day

  14. ISP Calling – Persistent Threat Unprotected enterprises have firewall bypassed >50 days/trunk Guess how your company confidential information leaks are happening?

  15. Being a Harassing Caller – A Growth Industry 3.6x increase January to December! 4.8x increase 2011 vs 2010 Like anti-virus, it is important to keep a current harassing caller list.

  16. Being a Harassing Caller – A Growth Industry

  17. Harassing Callers – High Volume Campaigns Approx. 4800 calls in 25 minutes

  18. Social Engineering – Quantifying the Risk Source: SecureLogix Source: TrustID 1.5% – 7% inbound calls have no source number 5% of remaining calls verifiably spoofed

  19. Social Engineering Targeting Contact Centers Observing increased Social Engineering attacks on contact centers Persistent Perpetrators – keep attempting to call after blocking policy enforced

  20. High-Risk Calls and Social Engineering • US sanctions stemming from engaging in financial transactions with OFAC countries/entities. • Other high risk origin & destination countries: Common fraud launching points. • Case Study - US Financial Institution: • In 2 weeks, 88 calls to OFAC countries for 5 hours • Case Study - US Financial Institution: • NSF check fraud perpetrated from Ghana in combination with US players • Case Study – US Financial Institution • Detected multiple calls to Contact Center using Social Engineering to perform organizational mapping: requesting locations and phone numbers etc.

  21. “Occupy the Phones”

  22. Contact Center TDoS Flash-Mob Attack Attack Starts Monday at 11 AM Typical daily call volume Contact Center was main target Attack calls blocked Typical day at Contact Center Thursday Friday Monday Tuesday Wednesday

  23. Increase Call Center Effectiveness Contact Center

  24. Call Metrics, Stats & Exception Notification

  25. Effect of Negative Value Calls - Lost Revenue/CSAT • CaseStudy: Commodity Retail Contact Center • 3815 busy calls/month & 236,978 unanswered calls/month • 25% of callers purchase, $35 average sale $2.1 Million per month in lost sales

  26. Best Practices for UC Security • Collect real-time data about your UC services: • measure what is expected and what is unexpected. • Develop a UC security policy • Implement UC application security on perimeter • Implement good internal data network security • Prioritize security during UC deployments • Use encryption where possible for authentication, confidentiality, and integrity • Implement SIP packet-level security on perimeter

More Related