Expert opinion – is SIP trunking the weak link in your armour?

Expert opinion – is SIP trunking the weak link in your armour?

Paul Clarke, UK Manager, 3CX

By Paul Clarke, UK Manager, 3CX

The advent of IP telephony has not only reduced costs for companies but also enabled the adoption of flexible working conditions – both in terms of working hours and working location. Unified communications systems that take advantage of IP connections can provide a plethora of business benefits – but, as with any technology in the 21st century business, security needs to be managed correctly.

Session Initiation Protocol (SIP) trunking, the key connection between private networks and the wider Internet, forms the foundation of any IP phone system.

However at the same time, it can give an open invitation for hackers to access any IP system and so form a ripe target for attack. Unfortunately, the increased popularity of IP phone systems in the UK has made them a tempting target for cybercriminals, but companies in the digital age can’t simply disconnect from the internet. So how can organisations ensure that they aren’t letting the enemy in through the front door?

Know your weakness 

The greatest vulnerability of SIP trunking comes from its ubiquity. Connectivity, while enabling businesses to communicate with phones and other devices worldwide, also opens the organisation up to anyone listening in. SIP trunk attack tools, such as ‘SIP vicious’, are also widely available online. Attackers can use these tools to make security teams look pretty vacant, by exploiting vulnerabilities in the SIP trunking structure to enter a network.

These actions may be as direct as a denial of service attack, bringing a business’ communications or other systems down for an undefined period, or until a ransom is paid. The attackers may take sensitive information – whether intellectual property that can be ransomed or sold on, or personal data that can be used for identity theft.

Or they may even hijack communications themselves, allowing them to constantly dial expensive premium numbers and run up hefty costs for the business – as well as substantial profits for whoever owns the number. Attackers could even simply listen in to all communications made over the SIP trunk, giving valuable insight into the business and allowing them to gather information they can use for any purpose they wish.

Take steps to protect it

Largely, the threats facing SIP trunking are the same as those facing any other Internet connection. As in all these cases, protection means first understanding the level of vulnerability. Is the SIP trunk provided as a dedicated physical connection to your network, with no means of accessing it online? Or is it shared with internet access, meaning there may be a plethora of access points?

There is also the question of whether the SIP trunk has its own security measures, supplied by the provider, or whether additional protection needs to be installed on top. For instance, any solution from the best providers should provide security that not only authenticates traffic that attempts to access the trunk, but also identifies and blacklists known SIP trunking attack tools.

At the same time, connection to the SIP trunk shouldn’t be a free-for-all. To further bolster security, only devices that need to communicate with the outside world should be authorised. Employees’ desk and work smart phones should be able to access the SIP trunk, but personal devices and those used by contractors should be kept well away. By taking this approach, organisations can reduce the SIP trunk’s exposure, so they only have to check and vet approved devices to ensure they don’t harbour security threats.

Hope for the best, prepare for the worst

Regardless of what precautions a company takes there is always the possibility that the SIP trunk will be compromised and security breached. Consequently, a successful security programme should include the necessary steps to alleviate the effects of a security breach in the worst-case scenario.

For instance, to prevent the risks of communications being hijacked, it may be shrewd to implement a blacklist of specific telephone numbers or connections that devices are banned from contacting. On top of this, data and communications should be encrypted as best practice, so that any stolen information is worthless. And the business should always be watching for any unusual behaviour by a system that might signify an attack, in order to shut it down before any serious damage is done.

The dangers facing SIP trunks are virtually the same as with any other connection – ultimately it’s just another angle of attack that companies must defend against. A well thought out security strategy recognises that, like everything else, SIP trunking can be a lucrative target for criminals – but recognition of the target is no longer enough, it needs to be harder to hit.

Browse our latest issue

Intelligent CISO

View Magazine Archive