Posted on Thursday April 27, 2017
Eavesdropping is the intentional act of secretly listening in on a conversation, usually not for the best of intentions. Although today the act also includes VoIP telephone systems, it's not a recent trend. As exemplified by the SIPtap attacks of 2007 and the Peskyspy trojans of 2009, cybercriminals have had their eye on VoIP ever since it was introduced to the market. Here are five tips to combat VoIP eavesdropping:Never deploy with default configurations Everyone wants to get things rolling as quickly as possible, but this often results in VoIP phones being deployed with their default configurations. You don't want to do this because it allows the bad guy to search vendor documentation. Depending on your VoIP solution, you should have the option of changing default handset configurations. Otherwise, you'll need to come up with a manual process to change phone defaults when you roll handsets out to your employees.
Listen to your handset vendors An ideal example of VoIP handset vulnerabilities happened in 2015, when Cisco detected vulnerabilities in IP phones which enabled an unauthorized attacker to listen in on phone conversations. If it weren't for those security alerts, several companies could have found themselves victims of VoIP eavesdropping. The lesson learned here is you must regularly monitor advisories from your hardware vendor. Without proper monitoring, you won't know how susceptible your corporate VoIP phones are to being eavesdropped.
Update session border controllers Another tactic to combat VoIP eavesdropping is to constantly update your session border controllers (SBCs). By doing so, you'll be updating your VoIP's antivirus software; because cyber threats are constantly evolving, your security products should as well. Routine SBC updates are essential for secure SIP trunking as well as responding to new threats.
Encrypt VoIP calls Many cloud VoIP providers offer call encryption guidelines, and some even offer it as a premium service. If you work in a regulated industry like healthcare or finance, encrypting VoIP calls are essential to staying compliant. Work with your VoIP provider and auditors to determine the best encryption options for your communications infrastructure.
Build a hardened VoIP network Another method to fend off VoIP eavesdropping is to build a hardened VoIP network that includes: