According to experts, most telecom providers are losing 3 to 10
percent of their income due to fraud. Be it voicemail hacking, phishing, call
forward hacking or any other brand of con, this epidemic is growing at a rate
of 29% per year! Learning from what the carriers do to protect their networks,
we’ve compiled a list of ways that you can best detect and avoid nasty telecom
fraud within your own network, ultimately saving your business thousands of
dollars!
DETECTING:
Employ Fraud Detection Hardware or
Software
Above all, we recommend that you install fraud detection hardware
or software into your network. Companies like Cisco, Avaya, and others have
various hardware options so you can configure the system for secure access to
appropriate parties. For example, Avaya and other providers have Class of
Service restrictions on all their platforms to enforce feature access security.
Various software based solutions exist from companies such as:
NexOSS by TransNexus, Oracle and Humbug Telecom Labs. A principal VoIP fraud
detection solution can analyze call detail records for suspicious activity,
automatically sending you an alert when fraud is identified and then
self-implementing preventative measures before it’s too late.
More specifically, the VOIP detection software effectively
eliminates the problem of traffic pumping fraud for VoIP providers by employing
smart monitoring features that sense when there is an unusual spike in call
traffic to a specific destination. When a suspicious spike occurs, the system
automatically puts a temporary block on the route, ensuring that fraud losses
are kept to an absolute minimum, without interrupting legitimate calls.
AVOIDING:
1. Secure Your
Network:
It may sound like common knowledge, but the
very first line of defense between you and telecom fraud is to ensure that your
network is secured with a strong password. To maximize your protection, pick a
mixed-case, alphanumeric password that avoids sequential or repetitive numbers.
Your password is the gatekeeper; make it a stern one!
2. Proper Device
Provisioning:
Properly provisioning each of your SIP devices
is a vital initial step in protecting your network. To securely provision your
VoIP devices, complete the following checklist.
·
Eliminate insecure file transfer protocols
(TFTP, FTP).
·
Minimize the impact of necessary TFTP access by
limiting network access to only trusted parties.
·
Disable administrative interfaces on all
endpoints.
·
Change passwords on all endpoint devices.
·
Change default password of the day seeds for
eMTAs (embedded Multimedia Term Adapter).
·
Disable ssh and http interfaces on eMTAs.
·
Lastly, implement an access list to prevent
unauthorized SIP requests to the eMTA. This should prevent a denial of service
attack on the eMTA.
3. Perform Regular
Maintenance:
Hackers and fraudsters are constantly improving
their methods so you too should make sure your defense is state-of-the-art. The
key here is to perform regular maintenance on your system, in all areas. Yes,
make sure your detection software is always up to date; continually change your
passwords (never repeat), re-evaluate system securities, etc.
4. Perform a
Regular Security Audit:
Included within the regular maintenance,
performing a regular security audit on your network will ensure that it is
properly configured. Follow these steps for best results.
1.
As mentioned above, check for weak passwords
across the network but pay special attention to the voice portal passwords, web
and application access passwords and SIP authentication passwords.
2.
Check for international forwarding.
3.
Check for accounts without authentication.
5. Strategic Call
Routing:
Because there are specialized operators that
can perform a validation on a call before completing it, some providers have
chosen to strategically route known fraud countries through these operators, as
an initial line of defense. Although this process is somewhat time consuming
and questionably cost effective, this method can certainly minimize telecom
fraud.
6. Session Border
Controllers:
In addition to automated defenses, Session
Border Controllers (SBCs), which work in front of an IP connected PBX, can also
be a second-line deterrent for fraud in that they can detect and stop repeated
attempts to guess user credentials, as well as, unauthorized attempts to route
traffic. Some SBCs can even analyze call patterns and dynamically learn your
network’s typical traffic patterns, sending warnings when something deviates
from the norm.
7. Enforce SIP
Authentication:
The first step in securing your VoIP network is
to enforce SIP Authentication for all VoIP endpoint devices. Authentication
should occur at registration, call initiation and service subscription. For
secure password verification, use the HTTP digest method. SIP Authentication
should require a device to have the following three pieces of information in
order to validate a request:
·
Valid SIP URI.
·
Authentication Username.
·
20 character pseudo-random password.
8. Blanket Call
Blocking:
Perhaps the most aggressive prevention practice
of the bunch, some providers are completely blocking destination countries with
reportedly high incidences of fraud (i.e. Pakistan, Philippines and varied
African nations), or simply blocking calls to fraud related phone numbers. Of
course, the drawback here is that this risks denying legitimate traffic,
however, depending on your networks specific makeup, this may be an advantageous
cost-benefit practice.
We hope you’ve found this list of advice for
detecting and avoiding telecom fraud to be helpful. Hackers are getting
trickier each year so it’s best to stay ahead of the con, implementing these
expert tips all along the way.
Contact us
0 comments:
Post a Comment