Lock Up Your VOIP Trunks

ZDnet is reporting that some businesses are losing thousands of dollars in attacks against poorly protected VOIP services.

The way the scam works is that the hackers use the Internet to break into a company's VOIP service, and then use the VOIP service to make calls to premium overseas numbers (pay per minute) etc. They collect the revenue from the pay per minute service while the company is left with a massive bill. It's yet another inventive way to use the Internet to try and rip people off.

The scam often works because it crosses International boundaries and because Telcos can be remarkably unsympathetic to the plight of customers who have quite obviously had some funny business happening on their phone system.

So - how does a business protect itself?

First things first - while VOIP is about telephones it's also just as much about computer networks - your telephone and network people need to work together.

Secondly - you need to take advice on which ports etc to leave open from your security, firewall and network people, not your phone people. No offence to the phone people but in general they know next to nothing about network security.

Third - if you are exposing your own hosted SIP service to the Internet it would be well worth getting some vulnerability assessment and assurance performed.

Finally - as always good operational monitoring provides the final backstop. Not only is there a good chance you would pick up the increased network traffic, but it will also help you manage your ICT more effectively.