The Conundrum that is DoS
One of the biggest threats enterprises face daily is the possibility of a malicious user bombarding an enterprise with Denial of Service (DoS) attacks. If left unchecked, vast amounts of traffic will flood the network and significantly reduce or end a user’s real-time application experience with voice, video or data share. As more enterprises shift to a unified, Internet Protocol (IP)-based network, the potential increases for attacks that disrupt Voice over Internet Protocol (VoIP) and Unified Communications (UC) sessions.
When I discuss DoS with most people, they seem to not have a full understanding as to why it is so prevalent in telecommunications. Why would someone spend the time to inundate a network with bad traffic? Well, there are a few reasons. First, attackers find that it is fun to conduct DoS attacks. We could go further into the psychological aspects that make hackers want to ruin an enterprise’s structure, but that would be inessential to our discussion. Second, attackers can receive profit if the attack is paid for by a competitor. It is not ethical, but these attacks are difficult to trace back to the source. Third, the network becomes a source for hackers to direct calls to at no cost. The DoS attack is used to look for point of entry; a hacker can advertise their “low-cost connection” to an international country and provide service for an immediate profit on their end. This can run into tens of thousands of dollars of costs in a matter of minutes, which is crippling for any small- to medium-sized business. (I will discuss the use of a policy engine in locking down calls from hackers to international high-fraud countries in my next blog.)
Session Border Controllers (SBCs) have the necessary tools to limit the chances that an attacker goes unnoticed. An SBC works like a funnel that guides some type of substance into a small opening; in telecommunications terms, it comes in contact with all connections trying to enter the network. The SBC dynamically opens ports through the monitoring of SIP signaling to bring in good connections and block any connections detrimental to the enterprise. However, there is always the slim chance of a nefarious user deceptively gaining access to the network. Even under the most safeguarded network, there is no guarantee of total protection from an attack by at least one malicious user in its lifespan. It’s best stated by John Steinbeck: “The best laid plans of mice and men often go array.” Fortunately, Sonus SBCs go the extra mile by identifying DoS attacks and alerting enterprises, thereby giving them the necessary time and information to work upward and reverse or stop the damage.
Understanding DoS is especially critical as the widespread deployment of VoIP and UC continues in enterprises worldwide. How do you secure your network from a DoS attack? I would love to hear your viewpoints.