Telephony has often been an aside issue in most companies, far from priorities of risk managers and lPBX systems operators. It is rarely taken into account in global security policies. From now on, associated risks have severe consequences on the IT systems of the company. In addition, the number of historical threats and vulnerabilities of telephony systems extends as it uses IP protocols.

Many companies that have already implemented VoIP have known security issues they were not prepared to counter. Security must be deeply considered when a company plans to migrate to VoIP.

5 most important threats existing on telephony networks:

IP convergence inherits vulnerabilities from both traditional telephony and IP networks.

1. Denial of service

This is one of the most feared attack. It aims to make the telephony system inoperative. It is also possible to attack each IP phone individually. This attack is easy to perform and can interrupt the company's telephony system and its activity.

2. Toll fraud

The attacker takes control of the PBX and reconfigures in order to make calls, at company's expense. It is also possible to use the misconfigurations of a PBX to make profit and generate a substantial financial impact for the company.

3. Illegal eavesdropping

Like fraud, eavesdropping is very simple to perform, whether in order to monitor calls (internal but also external) or even to exploit the voicemail. This manipulation is made possible by misconfigurations (intentional or not). Functionalities offered by the PBX directly allow spying, information theft, etc...

4. IT network hacking (telephony acting like a backdoor)

PBX systems are now servers connected to both external media (ISDN, SIP trunk, MPLS) and internal IT networks to communicate with phones, softphones, unified messaging and convergent applications. It is necessary to control and limit access and their extent. Companies need to segment their networks using firewalls, virtual networks, and to protect its telephony links with appropriate security tools.

5. Scams, identity theft and traffic hijacking

The many functionnalities offered by the PBX systems allow phones to show themselves with a falke identity, invented or theft. It is also possible to hijack calls and to pretend to be the legitimate user. This attacks allow the implementation of various scams that may affect the company image (theft and public disclosure of confidential information...).

Our solutions:

CheckPhone Technologies proposes products and services to secure your telephony network :

Risks appraisal (automated audits, process reviews, network architecture, ...),

Vulnerabilities identification (data extraction of PBX configuration files),

Voice network hardening (in accordance with the security policy targets).

ETSS® solutions provide real-time protection supporting most used equipments of the market  (TDM, Full IP or hybrid).