www.xorcom.com

CHOOSING THE WRONG IP-PBX CAN COST YOU $$$$$...

ON DAY ONE! How You Can Avoid the Security Risks

www.xorcom.com

Agenda

1. What is toll fraud and why should I care?

2. What is SBC?

3. Who needs it and why?

4. Which solution provides the best protection against cyber-attacks in the industry?

www.xorcom.com

Toll Fraud Threats

• The telecom industry incurred annual losses of $46.3 billion due to toll fraud.*

• On average, an unprotected IP-PBX on the Internet will be hacked within 30 minutes.

• A few hours of unauthorized access can easily cost the price of an entire phone system -- many times over!

* According to the Global Fraud Loss Survey 2013 of the …Communications Fraud Control Association (CFCA).

www.xorcom.com

AVOIDING THE RISK

CompletePBX is the Best Defense Against Cyber-Attacks

www.xorcom.com

What is an SBC?

• SBC = Session Border Controller

• Hardware or software usually located between a public network (“untrusted”) and a service provider network in the enterprise (“trusted”)

• Historically, SBC was used to solve SIP NAT-related problems

• Nowadays SBC governs voice traffic on the SIP network

www.xorcom.com

SIP/RTP

What is SBC in the VoIP Network?

001100110100

Customer Network

Remote Extensions

Data Service Voice

Service

www.xorcom.com

WHO IS AT RISK?

The Ones that Pay the Price for Toll Fraud!

www.xorcom.com

Who is Responsible for IP-PBX Security?

• In the U.S., certain ancient FCC decisions indicate the customer is 100 percent liable

• Fraud negatively affects telco carriers as well • Increases operating costs

• Damages their reputation

• Regulatory requirements per country place at least partial responsibility on the telco carrier

• What about the IP-PBX manufacturer?!

• Or the system integrator…?!!!!

www.xorcom.com

COMPLETEPBX UNIQUE SELLING POINTS

CompletePBX provides the best protection against cyber-attacks in the industry.

www.xorcom.com

CompletePBX: Four-Pronged Security

www.xorcom.com

Camouflage

• CompletePBX Operates in Stealth Mode

• Non-standard device/port identification methods

• Secure VoIP Settings

• By default, unwanted SIP requests are rejected without disclosing the reason for rejection

• Brute-force attackers cannot easily guess SIP username and passwords

www.xorcom.com

Vigilance

• Intrusion Detection and Prevention

• Built-in detection of unauthorized access attempts based on user-defined permission parameters

• User-defined number of unsuccessful access attempts within a specific timeframe = potential intruder

• After detection, the intruder’s IP address is blocked for the defined ban period

www.xorcom.com

Defense #1: CompleteSBC™

• Software-based SBC that seals off the IP-PBX

• Acts as a “SIP firewall” for access control

• Includes predefined yet customizable rules

• Intuitive GUI interface

• Trial version built in to every cPBX system.* * Version 4.6 and up. Purchasing an electronic license will remove the call duration limitation, and can also be used to increase the number of unconditionally protected channels.

www.xorcom.com

Defense #2: Built-in Firewall

• Most vulnerable cyber-attack point is where the “untrusted” and “trusted” networks meet

• CompletePBX must be installed on a LAN protected by a firewall/NAT router

• CompletePBX also has its own built-in firewall

• Default rules can be modified to accommodate specific applications relevant to customer’s business

www.xorcom.com

Defense #3: Initially Locked

• CompletePBX is preconfigured to use restrictive security policies:

• In the default configuration SIP calls from endpoints not located on the LAN are rejected

• CompleteSBC firewall configuration must be modified to allow receipt of inbound calls from Internet sources

www.xorcom.com

Defense #4: Password Strength

• Set strong passwords for SIP/IAX2 extensions, DISA, and call-back functions

• Define passwords for all int’l outbound routes

• Built-in algorithm detects weak passwords and issues a warning

www.xorcom.com

Defense #5: Remote Access

• Use Xorcom’s Rapid Tunneling for secure remote access

• CompletePBX Web interface is accessed via SSH tunneling

www.xorcom.com

Defense #6: Admin Accounts

• Multiple levels of user-defined access

• Restrict access to specific extension range or specific set of PBX features

• Create separate accounts for personnel

• Staffing changes simply require user account removal to ensure they no longer have access

www.xorcom.com

Alert: Real-Time Alarm System

• Unauthorized activity on the phone system immediately generates real-time alerts to the system administrator’s e-mail inbox.

www.xorcom.com

DON’T TAKE A COSTLY RISK!

CompletePBX provides the best protection against cyber-attacks in the industry.

www.xorcom.com

THANK YOU

www.xorcom.com