choosing the wrong ip-pbx can cost you $$$$$...on day one!
TRANSCRIPT
www.xorcom.com
CHOOSING THE WRONG IP-PBX CAN COST YOU $$$$$...
ON DAY ONE! How You Can Avoid the Security Risks
www.xorcom.com
Agenda
1. What is toll fraud and why should I care?
2. What is SBC?
3. Who needs it and why?
4. Which solution provides the best protection against cyber-attacks in the industry?
www.xorcom.com
Toll Fraud Threats
• The telecom industry incurred annual losses of $46.3 billion due to toll fraud.*
• On average, an unprotected IP-PBX on the Internet will be hacked within 30 minutes.
• A few hours of unauthorized access can easily cost the price of an entire phone system -- many times over!
* According to the Global Fraud Loss Survey 2013 of the …Communications Fraud Control Association (CFCA).
www.xorcom.com
AVOIDING THE RISK
CompletePBX is the Best Defense Against Cyber-Attacks
www.xorcom.com
What is an SBC?
• SBC = Session Border Controller
• Hardware or software usually located between a public network (“untrusted”) and a service provider network in the enterprise (“trusted”)
• Historically, SBC was used to solve SIP NAT-related problems
• Nowadays SBC governs voice traffic on the SIP network
www.xorcom.com
SIP/RTP
What is SBC in the VoIP Network?
001100110100
Customer Network
Remote Extensions
Data Service Voice
Service
www.xorcom.com
WHO IS AT RISK?
The Ones that Pay the Price for Toll Fraud!
www.xorcom.com
Who is Responsible for IP-PBX Security?
• In the U.S., certain ancient FCC decisions indicate the customer is 100 percent liable
• Fraud negatively affects telco carriers as well • Increases operating costs
• Damages their reputation
• Regulatory requirements per country place at least partial responsibility on the telco carrier
• What about the IP-PBX manufacturer?!
• Or the system integrator…?!!!!
www.xorcom.com
COMPLETEPBX UNIQUE SELLING POINTS
CompletePBX provides the best protection against cyber-attacks in the industry.
www.xorcom.com
Camouflage
• CompletePBX Operates in Stealth Mode
• Non-standard device/port identification methods
• Secure VoIP Settings
• By default, unwanted SIP requests are rejected without disclosing the reason for rejection
• Brute-force attackers cannot easily guess SIP username and passwords
www.xorcom.com
Vigilance
• Intrusion Detection and Prevention
• Built-in detection of unauthorized access attempts based on user-defined permission parameters
• User-defined number of unsuccessful access attempts within a specific timeframe = potential intruder
• After detection, the intruder’s IP address is blocked for the defined ban period
www.xorcom.com
Defense #1: CompleteSBC™
• Software-based SBC that seals off the IP-PBX
• Acts as a “SIP firewall” for access control
• Includes predefined yet customizable rules
• Intuitive GUI interface
• Trial version built in to every cPBX system.* * Version 4.6 and up. Purchasing an electronic license will remove the call duration limitation, and can also be used to increase the number of unconditionally protected channels.
www.xorcom.com
Defense #2: Built-in Firewall
• Most vulnerable cyber-attack point is where the “untrusted” and “trusted” networks meet
• CompletePBX must be installed on a LAN protected by a firewall/NAT router
• CompletePBX also has its own built-in firewall
• Default rules can be modified to accommodate specific applications relevant to customer’s business
www.xorcom.com
Defense #3: Initially Locked
• CompletePBX is preconfigured to use restrictive security policies:
• In the default configuration SIP calls from endpoints not located on the LAN are rejected
• CompleteSBC firewall configuration must be modified to allow receipt of inbound calls from Internet sources
www.xorcom.com
Defense #4: Password Strength
• Set strong passwords for SIP/IAX2 extensions, DISA, and call-back functions
• Define passwords for all int’l outbound routes
• Built-in algorithm detects weak passwords and issues a warning
www.xorcom.com
Defense #5: Remote Access
• Use Xorcom’s Rapid Tunneling for secure remote access
• CompletePBX Web interface is accessed via SSH tunneling
www.xorcom.com
Defense #6: Admin Accounts
• Multiple levels of user-defined access
• Restrict access to specific extension range or specific set of PBX features
• Create separate accounts for personnel
• Staffing changes simply require user account removal to ensure they no longer have access
www.xorcom.com
Alert: Real-Time Alarm System
• Unauthorized activity on the phone system immediately generates real-time alerts to the system administrator’s e-mail inbox.
www.xorcom.com
DON’T TAKE A COSTLY RISK!
CompletePBX provides the best protection against cyber-attacks in the industry.