SIP Protocol Attacks Still on the Rise—What Can We Do About It?

April 29th, 2016

Everywhere you turn there’s a new story about a major cyber attack. Many of the biggest incidents happen in enterprise data centers, but communications systems are certainly no exception.

Attacks on VoIP systems aren’t new by any means. In fact, just last year we discussed the fact that VoIP attacks against SIP (session internet protocol) were on the rise.

But now, reports show that SIP attacks continue to trend upward as opposed to other protocols like H.323 and Cisco SCCP. If we want to ensure our VoIP systems are secure as adoption continues to grow, something has to change.

Why Is SIP Protocol So Vulnerable?

It’s important to note that SIP isn’t a new protocol. Rather, it was standardized in 1999 and saw a major revision in 2002. By definition, SIP is a legacy protocol despite the fact that it has been updated to include new technologies such as videoconferencing, telepresence, instant messaging and more.

That being said, SIP was not built with today’s security needs in mind. Any time you open up data paths to the internet, there’s a certain level of risk and the internal/external nature of SIP shows it. In a recent article for no jitter, Andrew Prokop described SIP vulnerability this way:

“While internal hacks are very concerning, it's the external nature of SIP that makes it especially vulnerable. If breaking into an enterprise is as simple as downloading a free SIP soft client from the Apple Store, learning a company's external SIP address, and guessing at passwords, hackers are going to start there before quickly moving into even more sensitive areas.”

The reality is that the SIP protocol and the average company’s approach to securing it doesn’t take a hacking mastermind to exploit. As we’ve seen before, weak passwords are a significant problem for SIP security. Many employees will simply use their extension as a password—or worse, something like “1234” or “1111.”

Once a hacker cracks one endpoint password, they can gain access to the entire VoIP network to launch eavesdropping attacks, toll fraud, DDoS and more.

As VoIP continues to become the norm for businesses of all sizes (and SIP alongside it), we need a new approach to service management that can overcome SIP’s inherent vulnerabilities and the prominence of weak passwords.

How Are Companies Still Ignoring Intelligent Edges?

Negligence on the part of employees as they create weak passwords is a problem that could be mitigated by better security policies and training internally. However, this is only part of the answer.

Some communications service providers haven’t streamlined the processes necessary for users to change passwords, making it unlikely that people stray from default settings. Better training is great, but we also need more effective management structures to properly monitor security incidents and VoIP configurations.

In the past, discussions about VoIP security focused on a distinction between application firewalls and session border controllers. The prevailing thought from the SIP security side was that you wouldn’t let your network function without application firewalls, so you shouldn’t let your VoIP system run without an SBC.

However, SBCs as we once knew them are no longer enough—communications demands are greater than ever and companies need an infrastructure built to keep pace (both in terms of security and performance).

Network Edge Orchestration is quickly becoming a necessity for companies that increasingly rely on the SIP protocol. With a network of intelligent edges in place, you can actively monitor, secure, and optimize service quality for all traffic over the SIP protocol. And with the companion cloud-based EdgeView Service Control Center, you gain visibility into all of your intelligent edges for real-time performance and service management.

There’s no way around it—greater reliance on the SIP is leading to greater vulnerability for our VoIP systems. We can’t maintain the status quo in VoIP security and think that we’ll never experience a cyber attack against our communications systems.

Related Blog Posts

John Macario, Senior Vice President
April 15th, 2015
Walter Kenrich, Director of Solutions Marketing
November 19th, 2018
Walter Kenrich, Director of Solutions Marketing
November 14th, 2018

Ask Us Anything!

Ribbon's team of professionals are ready to answer your questions, guide you to the right solution or help you with your network design.