SlideShare a Scribd company logo

Generic Voice Security Issues

Download as PPT, PDF
J
jasondewar

- Context Information Security is a cybersecurity firm that has identified voice security issues and developed the Enterprise Telephony Management (ETM) system to address them. Voice networks face threats like modem attacks, PBX attacks, toll fraud and communications fraud costing billions annually. - The ETM system acts as a voice firewall and intrusion prevention system to control voice network access and block phone line attacks. It provides real-time monitoring and call accounting across an organization's voice infrastructure. - The solution helps prevent threats like unauthorized modem access, toll fraud and protects confidential information from being transferred out of organizations.

1 of 18
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
A General presentation By Jason Dewar © Context Information Security Limited / Commercial in confidence Voice edge security Thursday, November 12, 2009
Presented by: Jason Dewar Enterprise Telephony Management A Presentation for Linkedin 19th June 2008
Agenda Introduction to Context Information security Voice security issues Voice security solution Contacts
Context Information Security Founded 1998 as a one-stop-shop information security consultancy. Serves mainly financial services sector and MoD Major voice security projects delivered for US Army Europe (USAREUR), US Air-Force Europe (USAFE), UK Govt departments, Bloomberg, Symantec, Asda etc.. Penetration testing activities highlight the need for a solution to mitigate security issues associated with unauthorised and insecure voice services Unguarded IP access to the corporate network via modem usage is regularly raised as a critical security issue. Initiated contact with members of the Wheel Group , creators of NetRanger IDS product, who had formed SecureLogix , to investigate how to resolve voice security issues CIS has had direct input into development of the Enterprise Telephony Management system
Voice Network threats Cross network attacks – LAN penetration through Voice lines. Authorised and unauthorised Modem backdoors into LAN. Attacks on voice system – Service theft / Toll fraud. PBX, DISA, Voice mail… Estimated $30 - $40 Billion annually in US (Source CFCA). Unauthorised ISP Connectivity – Insider theft. Transfer of confidential information. Upload / Download of restricted content. Viruses. Hacks. Line Misuse & Abuse. Unauthorised calls and conversations. Voice service Misuse & Abuse (E.G. International & premium rate calling).
Traditional IT Security Firewall IDS Router Good News – Internet devices work reasonably well Bad news – Modem usage can bypass these devices Typical IT Network Blocked! Alert!
Authorised Modem attacks Modem Intruder LAN Servers Central Office Internet Voicemail PBX PSTN Alarm Systems Sprinkler Systems HVAC Systems Elevator Systems Refinery Controls Power Grid
Threats to Voice & Data Un-authorised Modem attacks LAN Servers Modems Central Office Internet PSTN Blocked at the perimeter Worms Trojans Viruses Internet traffic blocked at the LAN perimeter can be re-routed using Modems
Threats to Voice & Data War Dialling War Dialing used to be the only way to find modems In reality, war dialing discovers less than 25% of the problem User leaves connection to ISP dialed in so when you war dial you get a busy signal Discover the maintenance modems you already know exist The user who was connected to his ISP all day has taken his laptop home so when you war dial all you find is the fax machine – which is entirely legitimate War dial server PSTN ISP
Threats to Voice & Data PBX Attack Voicemail PBX FAX Servers Modems LAN Central Office Internet PSTN Intruder Remote access to PBX can allow service disruption or Theft.
Threats to Voice & Data Resource Hijacking LAN Voicemail PBX FAX Servers Modems Central Office Internet PSTN Intruder Unauthorised services
Communications Fraud “ Communications Fraud is the use of Telecommunications products or services with no intention of payment” Toll fraud costs an estimated $72 - $80 Billion globally (Source Communications Fraud Control Association (CFCA)) These losses represent 4.5% of global telecom revenues Fraud (value) has increased by 34% since 2005 Top 5 locations for communications fraud: Cuba Philippines Lichtenstein India U.K Cont…..
Communications Fraud Top 3 communications fraud losses: 29% (approx. $22Billion USD) – Subscription / Identity theft 20% (approx. $15 Billion USD) – Compromised PBX / Voicemail systems 6% (approx. $4.5 Billion USD) – Premium rate service fraud It is important to recognise that communications fraud is not limited to those with poor PBX administration. Organised criminal fraternities are operating on a massive scale to defraud companies and individuals by compromising their telecommunications. resources and using them for financial gain. There is a reported link between some Communications fraud and global terrorism.
The solution
The solution As with the traditional layout of the IT network, we strongly recommend the use of border security devices such as voice firewall and Intrusion Prevention Systems.
The SecureLogix ETM system The ETM ® System LAN Modem PSTN Trunks Firewall Phones Internet Provider Internet Connection Phones PBX Service Provider Switch ETM® System Voice Firewall: Blocks phone line attacks. Controls voice network access and service use. Voice IPS: Prevents malicious and abusive call patterns such as toll fraud. Performance Manager: Enterprise-wide dashboard. Real-time performance monitoring & diagnostics. Usage Manager: Enterprise-wide, PBX-independent CDR, call accounting, & resource utilization. Call Recorder: Policy-based recording of targeted calls. Trunk-side, cost effective solution.
The SecureLogix ETM system TeleView ® Client Central Office ETM ® Appliances ETM ® Management Report Database Server IP Network Trunks TeleView ® Remote Clients PRI T1 Analogue E1 VoIP 3DES encryption 3DES encryption
Contacts Please contact Jason Dewar of Context Information Security: e: [email_address] www: www.contextis.co.uk  : +44 (0)20 7537 7515  : Context Information Security 30 Marsh Wall London United Kingdom E14 9TP

More Related Content

PDF
Ce hv6 module 62 case studies
Vi Tính Hoàng Nam
 
PPTX
Security concerns-with-e-commerce
Onkar Sule
 
PPTX
Cyber crime
Prachi ranpura
 
PDF
Iaetsd cyber crimeand
Iaetsd Iaetsd
 
PDF
Askozia VoIP Security white paper - 2017, English
Askozia
 
PPTX
Cell phone cloning seminar
SreedevV
 
PPT
Information Security 5 06
johnhewitt_cpp
 
PDF
Ce hv6 module 48 corporate espionage by insiders
Vi Tính Hoàng Nam
 
Ce hv6 module 62 case studies
Vi Tính Hoàng Nam
 
Security concerns-with-e-commerce
Onkar Sule
 
Cyber crime
Prachi ranpura
 
Iaetsd cyber crimeand
Iaetsd Iaetsd
 
Askozia VoIP Security white paper - 2017, English
Askozia
 
Cell phone cloning seminar
SreedevV
 
Information Security 5 06
johnhewitt_cpp
 
Ce hv6 module 48 corporate espionage by insiders
Vi Tính Hoàng Nam
 

What's hot (7)

PDF
File000144
Desmond Devendran
 
PDF
CIO Vietnam Talkshow 40th
Phuc (Peter) Huynh
 
PDF
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Steve Hood
 
PDF
File000093
Desmond Devendran
 
PPTX
Navigating Risk In Data & Technology Transactions
MMMTechLaw
 
PPTX
Test
guest833bf3b
 
PPT
Email crimes and Cyber Law-Nasscom Cyber safe 2010
Adv Prashant Mali
 
File000144
Desmond Devendran
 
CIO Vietnam Talkshow 40th
Phuc (Peter) Huynh
 
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Steve Hood
 
File000093
Desmond Devendran
 
Navigating Risk In Data & Technology Transactions
MMMTechLaw
 
Test
guest833bf3b
 
Email crimes and Cyber Law-Nasscom Cyber safe 2010
Adv Prashant Mali
 
Ad

Viewers also liked (6)

PPT
SIP iPBX
i_Ashima
 
PPT
Voice communication security
Fabio Pietrosanti
 
PPT
VOICE BASED SECURITY SYSTEM
Nikhil Ravi
 
PPT
Biometric slideshare
prachi
 
PPT
Bio-metrics Technology
Avanitrambadiya
 
PPTX
Voice recognition security systems
Sandeep Kumar
 
SIP iPBX
i_Ashima
 
Voice communication security
Fabio Pietrosanti
 
VOICE BASED SECURITY SYSTEM
Nikhil Ravi
 
Biometric slideshare
prachi
 
Bio-metrics Technology
Avanitrambadiya
 
Voice recognition security systems
Sandeep Kumar
 
Ad

Similar to Generic Voice Security Issues (20)

PPT
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
Dan York
 
PDF
Secure your Voice over IP (VoIP)
Techso
 
PPT
Securty Issues from 1999
TomParker
 
PDF
1, prevalent network threats and telecommunication security challenges and co...
Alexander Decker
 
PPTX
Fortinet k
mrehan2k2
 
PPT
The Consumerisation of Corporate IT
Peter Wood
 
PPT
VoIP Threat and Security - I
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
 
PPT
IT Security for the Physical Security Professional
ciso_insights
 
PDF
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
 
PPTX
An approach to mitigate DDoS attacks on SIP.pptx
amalouwarda1
 
PPT
Internet Telephony
SamPath KumAr M S
 
PPSX
Trust It Mini Public
Trust_IT
 
PDF
Security Strategies for UC
Digium
 
PPT
Ch12(revised 20071226)
華穗 徐
 
PPTX
Netas Nova Cyber Security Product Family
Cagdas Tanriover
 
PDF
VoIP security
Mile Blenton
 
PPTX
Mis security system threads
Leena Reddy
 
PPTX
Protect your IPPBX against VOIP attacks
Rohan Fernandes
 
PPTX
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
eFax Corporate®
 
PPT
Persentasi pembelajaran JaringanVoIP.ppt
MuhammadMaulidi5
 
E Tel2007 Black Bag Session - VoIP Security Threats, Tools and Best Practices
Dan York
 
Secure your Voice over IP (VoIP)
Techso
 
Securty Issues from 1999
TomParker
 
1, prevalent network threats and telecommunication security challenges and co...
Alexander Decker
 
Fortinet k
mrehan2k2
 
The Consumerisation of Corporate IT
Peter Wood
 
VoIP Threat and Security - I
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
 
IT Security for the Physical Security Professional
ciso_insights
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
 
An approach to mitigate DDoS attacks on SIP.pptx
amalouwarda1
 
Internet Telephony
SamPath KumAr M S
 
Trust It Mini Public
Trust_IT
 
Security Strategies for UC
Digium
 
Ch12(revised 20071226)
華穗 徐
 
Netas Nova Cyber Security Product Family
Cagdas Tanriover
 
VoIP security
Mile Blenton
 
Mis security system threads
Leena Reddy
 
Protect your IPPBX against VOIP attacks
Rohan Fernandes
 
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
eFax Corporate®
 
Persentasi pembelajaran JaringanVoIP.ppt
MuhammadMaulidi5
 

Generic Voice Security Issues

  • 1. A General presentation By Jason Dewar © Context Information Security Limited / Commercial in confidence Voice edge security Thursday, November 12, 2009
  • 2. Presented by: Jason Dewar Enterprise Telephony Management A Presentation for Linkedin 19th June 2008
  • 3. Agenda Introduction to Context Information security Voice security issues Voice security solution Contacts
  • 4. Context Information Security Founded 1998 as a one-stop-shop information security consultancy. Serves mainly financial services sector and MoD Major voice security projects delivered for US Army Europe (USAREUR), US Air-Force Europe (USAFE), UK Govt departments, Bloomberg, Symantec, Asda etc.. Penetration testing activities highlight the need for a solution to mitigate security issues associated with unauthorised and insecure voice services Unguarded IP access to the corporate network via modem usage is regularly raised as a critical security issue. Initiated contact with members of the Wheel Group , creators of NetRanger IDS product, who had formed SecureLogix , to investigate how to resolve voice security issues CIS has had direct input into development of the Enterprise Telephony Management system
  • 5. Voice Network threats Cross network attacks – LAN penetration through Voice lines. Authorised and unauthorised Modem backdoors into LAN. Attacks on voice system – Service theft / Toll fraud. PBX, DISA, Voice mail… Estimated $30 - $40 Billion annually in US (Source CFCA). Unauthorised ISP Connectivity – Insider theft. Transfer of confidential information. Upload / Download of restricted content. Viruses. Hacks. Line Misuse & Abuse. Unauthorised calls and conversations. Voice service Misuse & Abuse (E.G. International & premium rate calling).
  • 6. Traditional IT Security Firewall IDS Router Good News – Internet devices work reasonably well Bad news – Modem usage can bypass these devices Typical IT Network Blocked! Alert!
  • 7. Authorised Modem attacks Modem Intruder LAN Servers Central Office Internet Voicemail PBX PSTN Alarm Systems Sprinkler Systems HVAC Systems Elevator Systems Refinery Controls Power Grid
  • 8. Threats to Voice & Data Un-authorised Modem attacks LAN Servers Modems Central Office Internet PSTN Blocked at the perimeter Worms Trojans Viruses Internet traffic blocked at the LAN perimeter can be re-routed using Modems
  • 9. Threats to Voice & Data War Dialling War Dialing used to be the only way to find modems In reality, war dialing discovers less than 25% of the problem User leaves connection to ISP dialed in so when you war dial you get a busy signal Discover the maintenance modems you already know exist The user who was connected to his ISP all day has taken his laptop home so when you war dial all you find is the fax machine – which is entirely legitimate War dial server PSTN ISP
  • 10. Threats to Voice & Data PBX Attack Voicemail PBX FAX Servers Modems LAN Central Office Internet PSTN Intruder Remote access to PBX can allow service disruption or Theft.
  • 11. Threats to Voice & Data Resource Hijacking LAN Voicemail PBX FAX Servers Modems Central Office Internet PSTN Intruder Unauthorised services
  • 12. Communications Fraud “ Communications Fraud is the use of Telecommunications products or services with no intention of payment” Toll fraud costs an estimated $72 - $80 Billion globally (Source Communications Fraud Control Association (CFCA)) These losses represent 4.5% of global telecom revenues Fraud (value) has increased by 34% since 2005 Top 5 locations for communications fraud: Cuba Philippines Lichtenstein India U.K Cont…..
  • 13. Communications Fraud Top 3 communications fraud losses: 29% (approx. $22Billion USD) – Subscription / Identity theft 20% (approx. $15 Billion USD) – Compromised PBX / Voicemail systems 6% (approx. $4.5 Billion USD) – Premium rate service fraud It is important to recognise that communications fraud is not limited to those with poor PBX administration. Organised criminal fraternities are operating on a massive scale to defraud companies and individuals by compromising their telecommunications. resources and using them for financial gain. There is a reported link between some Communications fraud and global terrorism.
  • 15. The solution As with the traditional layout of the IT network, we strongly recommend the use of border security devices such as voice firewall and Intrusion Prevention Systems.
  • 16. The SecureLogix ETM system The ETM ® System LAN Modem PSTN Trunks Firewall Phones Internet Provider Internet Connection Phones PBX Service Provider Switch ETM® System Voice Firewall: Blocks phone line attacks. Controls voice network access and service use. Voice IPS: Prevents malicious and abusive call patterns such as toll fraud. Performance Manager: Enterprise-wide dashboard. Real-time performance monitoring & diagnostics. Usage Manager: Enterprise-wide, PBX-independent CDR, call accounting, & resource utilization. Call Recorder: Policy-based recording of targeted calls. Trunk-side, cost effective solution.
  • 17. The SecureLogix ETM system TeleView ® Client Central Office ETM ® Appliances ETM ® Management Report Database Server IP Network Trunks TeleView ® Remote Clients PRI T1 Analogue E1 VoIP 3DES encryption 3DES encryption
  • 18. Contacts Please contact Jason Dewar of Context Information Security: e: [email_address] www: www.contextis.co.uk  : +44 (0)20 7537 7515  : Context Information Security 30 Marsh Wall London United Kingdom E14 9TP