VoIP PBX External Network Security Scan

The convergence of voice and data is now providing organisations with tangible cost savings. Unfortunately, with the cost savings come a number of security risks which, if not addressed, could lead your company open to data loss, toll fraud and unauthorised access to your network.

What is Toll Fraud?

The most common example of Toll fraud is where an attacker manages to gain unauthorised access to a PBX, and then uses the PBX to dial premium-rate numbers. The attacker owns the premium rate numbers so they get some nice revenue. Meanwhile, your company gets hit with an hefty bill for the call charges. Without proper fraud detection, this level of access can go on for days costing a company in the region of £2000 – £4000 per trunk, per day.

We’ve had many customers become victim to toll fraud. The majority of the incidents have been due to the customer not applying some basic security measures to their PBX.

Other Risks

When you introduce VoIP to your network, your voice traffic becomes data, meaning that all the risks that are inherent in a data network now have an impact on your voice communications.

There are many tools freely available on the internet which allow hackers to capture data packets and replay the voice conversation. Think about the damage that this could do to your company if someone was able to hear every word of your internal communications, or conversations with customers and suppliers.

Similarly, consider the damage that could be done if someone was able to hijack your voice infrastructure and use it to spoof calls to your customers, pretending to be you!

What about denial of service attacks? How many calls a day does your company make? How essential is telephone communications to your sales, marketing efforts, or customer support?

What is our VoIP PBX External Network Security Scan?

We have teamed up with our sister company - NetCloud Security - to offer this service to all our customers. NetCloud Security's professional security consultants will scan your externally available network to discover what systems and services are accessible from the Internet, and provide a report on any potential vulnerabilities with recommendations on steps that should be taken to address them.

The focus for this service however is VoIP. NetCloud Security will attempt to discover any SIP or IAX based services accessible from the internet in the same manner that a potential hacker would, reporting back to you their findings and recommendations.

What is not included?

The Service identifies vulnerabilities in your externally-facing VoIP infrastructure and makes recommendations on how these vulnerabilities should be addressed. The Service does not include effort to correct these vulnerabilities on your behalf, but of course, IPChitChat or NetCloud Security would be happy to provide a quote for this work. The vulnerability scan is an external security scan against an internet-facing IP address. This service does not include manual inspection of operating system or application configurations.