Keep Your SIP Networks Safe

By Kevin Riley

Toll fraud and data breaches cause billions of dollars in damages to businesses each year, a number on the rise as more criminals are finding big profits in network exploitation. In fact, a recent report by DLA Piper reveals that in 2014, the average cost of a single data breach for enterprises in Asia Pacific was between $2 million and $3 million.

The crimes themselves are well chronicled, from data breaches at healthcare, financial and retail companies to hacked phone networks of small firms. In today’s connected environment, no one is immune from the risk of fraud or theft caused by a compromised network or unsecure communications.

A look at the recent statistics shows the problem is getting worse. According to the 2015 Cyberthreat Defense Report, healthcare companies experienced a 60% increase in security incidents last year. At power and utility companies, the rise is almost staggering – with 527% more attacks in 2014. But there are clearly ways to address this upward trend, as technology companies actually saw a 17% decrease in the number of security incidents last year.

How can companies stem the rising tide of fraud, data theft and other network-based attacks? Of course, by getting smart about their network security. The reason that many businesses are successfully attacked isn’t a lack of security—enterprises spend a significant portion of their IT budget on security solutions—but a lack of understanding about what and where to protect. For example, in the new network landscape:

• Security attacks are increasingly targeting mobile devices as well as servers;
• Approximately half of all security attacks happen on the inside (i.e., within the network safety zone); and
• The vast majority of attacks can be traced to less than a dozen unique attack patterns.

One of the big areas where businesses need to re-consider their security strategy is around real-time, Unified Communications (UC) such as voice, video and text/instant messaging. Gartner has forecasted that the UC market will grow from $40.9 billion in 2014 to $42.4 billion by 2019. This growth will be driven by organizations’ demand for cloud-based services as they undergo digital transformation, and will mostly come from emerging markets in Asia Pacific and Africa.

With the increasing adoption of UC solutions among Asia Pacific enterprises, the need to look at UC security is greater now more than ever.

The reality is that any communications application or device that uses Session Initiation Protocol (SIP) and is connected to a public network is a candidate for fraud or attack. Businesses need to look at securing SIP-based mobile access networks and ensure that mobile devices themselves are protected and policed in the event of theft, disposal or employee dismissal.

So, what steps can businesses—and, by extension, the service providers that offer communications as a service—take to secure SIP networks, applications and devices from fraud and attack? We recommend that businesses and service providers follow these five key security practices:

1. Create strong security policies and enforce them consistently across offices and devices. Having a centralized policy management layer, preferably in a software-defined networking (SDN) environment, can help businesses execute and maintain these policies more effectively.
2. Secure wireless and Internet channels through encryption, virtual private network (VPN) technology and endpoint authentication. Make sure that your network access devices (e.g., gateways, session border controllers) are equipped to handle heavy encryption loads without sacrificing network performance.
3. Detect and identify suspicious/malicious patterns in communications. The key here is to have a solution in place that supports heuristic models of detection so you can spot anomalous behavior as it relates to your own network and act quickly to mitigate attacks.
4. Enforce call admission control for each SIP session. Allocating and enforcing network bandwidth for specific endpoints in a SIP session is not only a good way to ensure call quality but also an effective method to prevent unauthorized attempts on the network.
5. Mitigate unauthorized network intrusions by “fencing” your network infrastructure with SBC technology. Deploying SBC technology at network ingress/egress points can prevent hackers from reaching the core network, committing toll theft or compromising network performance once they’ve gained access to the network.

Enterprises need to think differently about communications in an IP-connected world. Sloppy policy management around mobile devices and weak password protection on IP phone systems have made SIP-based attacks a source of “easy money” for criminals. As long as enterprises allow SIP-based systems to be the weakest link in their network’s armor, they will continue to be exploited by criminals.

(The author, Kevin Riley, is Sr VP-Engineering & CTO at Sonus Networks)