However, hashed passwords no longer suffice to protect VoIP systems against elaborate authentication attacks. Hackers can now crack MD5 cash and gain access to a SIP authentication header with a Network Analyzer or perform a brute-force attack.
Spoofing Caller ID
Caller ID doesn’t have enough protection in SIP and hackers have plenty of tools for changing the SIP INVITE Request Message from the header to perform the spoof. In particular, this is a common method of voice fraud used to compromise PBX systems. Thus, if you want to avoid roaming fraud or call hijacking, you need to protect that endpoint too.
How Telecoms Can Protect Their VoIP Services
Mitigating attacks in VoIP environments requires a systematic approach. Build your protection from the bottom up starting with IP phones and ending with comprehensive network security testing and occasional penetration tests.
More info: technical recruiter
On a network level, you should also consider implementing the following solutions against VoIP attacks:
Voice packet encryption to/from any VoIP phone. You can configure your device to add SIPS instead of SIP at the start of address by default to auto-execute call encryption using Transport Layer Security (TLS). Alternatively, you can consider setting up a virtual private network (VPN) or virtual LAN (VLAN) to protect your connection further.
Segregate voice on a separate voice VLAN. Doing so can help you further protect all the voice traffic.
Set up a SIP-capable firewall to sift through message contents and capture malware, along with other types of spoofing.
Regularly evaluate your VLAN configuration, user authentication mechanisms, and the security of configuring and signaling methods. As you do so, also verify that you are compliant with HIPAA, SOX, or PCI recommendations if those apply to you.
IP PBXs Security.