Eavesdropping is a form of cyberattack that has been around for years. Cybercriminals have been listening in on Voice over Internet Protocol (VoIP) phone calls since the technique was proven to be effective in obtaining valuable information, and they are showing no signs of stopping their malicious activities anytime soon. Fortunately, there are some things you can do to combat VoIP eavesdroppers.
Change the default configurations of your VoIP systemUsing your VoIP phones without changing the default configurations can be the worst mistake you can make. These days, it’s easy for hackers to search vendor documentation for things like default usernames and passwords. Depending on your VoIP provider and phone model, you should have the option of changing the default login credentials on your handsets.
Get updates from your handset vendorIn 2015, Cisco detected vulnerabilities in their VoIP phones that enabled attackers to listen in on phone conversations. Cisco quickly released security alerts to inform their customers about these vulnerabilities, giving them enough time to address the issues. The lesson here is you must regularly monitor advisories from your hardware vendor or work with an IT provider that does so for you. Without proper monitoring, you won’t know how susceptible your corporate VoIP phones are to eavesdropping.
Update session border controllersAnother way to combat VoIP eavesdropping is to constantly update your session border controllers (SBCs). By doing so, you’ll be updating your VoIP’s antivirus software, which means your systems are better protected from constantly evolving cyberthreats. Routine SBC updates are essential for securing SIP trunking as well as responding to new threats.
Encrypt VoIP callsIf you work in a regulated industry like healthcare or finance, encrypting VoIP calls is essential to staying compliant. Work with your VoIP provider and auditors to determine the best encryption options for your communications infrastructure. Many cloud VoIP providers offer call encryption guidelines, and some even offer it as a premium service.
Build a hardened VoIP networkMake sure your VoIP network has:
- IP private branch exchange (PBX) using minimal services, so that the hardware can only power the PBX software
- Firewalls with access control lists set to include call control information
- Lightweight Directory Access Protocol lookup, and signaling and management protocol
- Reinforced endpoint security with authentication at the endpoint level