About SecureLogix
description
Transcript of About SecureLogix
Communications SecurityReport to The Industry
Mark D. CollierChief Technology Officer/VP Engineering
Rod WallaceGlobal VP Services
SecureLogix Corporation
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
About SecureLogix
• SecureLogix
• UC security and management solution company
• Security solutions for UC and traditional voice networks
• Our applications are integrated into Cisco routers
• About us:
• Author of Hacking Exposed: VoIP – Working a revision
• Author of SANS VoIP security course
• Author of many SIP/RTP attack tools
• www.voipsecurityblog.com
• Experience pioneering enterprise SIP trunking
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
UC Security Introduction
• The biggest threats to UC systems are application level:
• Harassing callers, TDoS, Social engineering, and toll fraud
• These attacks are present with UC and TDM
• Incentive is financial and disruption
• The PSTN is getting more hostile – resembling the Internet
• Current UC systems are vulnerable:
• Platforms, network, and applications are vulnerable
• Many available VoIP attack tools
• But UC-specific attacks are still uncommon
• SIP trunking/UC/Internet may change the threat
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Public Network Security
Internet
TDM/SIPTrunks
TDMPhones
Servers/PCs
Modem
Fax
UC Servers
CM
Gateway
DNS
CC Admin
TFTPDHCP
VM
DB
Voice VLAN
Data VLAN
Voice Firewall SBC (CUBE)
High ThreatHarassing Calls/TDoS
Social EngineeringToll FraudModems
Medium ThreatVoice SPAM
Voice Phishing
PublicVoice
Network
InternetConnection
IP Phones
UC Clients
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Campus/Internal UC Security
Internet
TDM/SIPTrunks
TDMPhones
Servers/PCs
Modem
Fax
UC Servers
CM
Gateway
DNS
CC Admin
TFTPDHCP
VM
DB
Voice VLAN
Data VLAN
Voice Firewall SBC (CUBE)
High ThreatHarassing Calls/TDoS
Social EngineeringToll FraudModems
Medium ThreatVoice SPAM
Voice Phishing
PublicVoice
Network
InternetConnection
IP Phones
UC Clients
Low ThreatLAN Originated
Attacks
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
SIP Trunk Security
Internet
SIPTrunks
TDMPhones
Servers/PCs
Modem
Fax
UC Servers
CM
Gateway
DNS
CC Admin
TFTPDHCP
VM
DB
Voice VLAN
Data VLAN
Voice Firewall SBC (CUBE)
High ThreatHarassing Calls/TDoS
Social EngineeringToll FraudModemsPublic
VoiceNetwork
InternetConnection
IP Phones
UC Clients
Low ThreatScanningFuzzing
Flood DoS
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Hosted IP
Internet
IP PhoneTraffic
TDMPhones
Servers/PCs
Modem
Fax
Voice VLAN
Data VLAN
High ThreatTDoS/Harassing Calls
Social EngineeringToll FraudModems
Medium ThreatVoice Phishing
Voice SPAM
PublicVoice
NetworkIP PBX
CM
Gateway
DNS
CC Admin
TFTPDHCP
VM
DB
InternetConnection
IP Phones
TDMHandsets
UC Clients
Medium ThreatClient Devicesand Software
Exposed
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Harassing Callers
Automated transmission of:• Annoying/offensive calls• Bomb threats• Voice SPAM• Voice Phishing
Users
PublicVoice
Network
VoiceSystems
Social networking used tocoordinate an attack
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Social Engineering
Attacker Targets IVRSpoofs Caller IDGuesses Accounts/PasswordsMay be Brute-Force or StealthOften Automated
Attacker Targets AgentsSpoofs Caller IDUses Personal Info From InternetTries to Gather Info from AgentsAlways Manual
Contact Center Agents
PublicVoice
Network
Voice TransactionResources
(IVRs)
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
TDoS Attack Through a Botnet
Voice TransactionResources
(IVRs)
Cust
omer
s
BotnetMaster
All Transactions
Lost
TDOS Call Volume
10,0
00+
Calls
BOT BOT BOT
BOTBOTBOT
Total Network failure
Contact Center/911/311 Agents
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
UC-Specific Vulnerabilities
• UC and collaboration are introducing new vulnerabilities
• Movement to the Internet is increasing the threat
• SIP is becoming a unifying protocol (for presence too)
• Video:
• Shares many issues with voice – lucrative due to bandwidth
• Video systems are being attacked for toll fraud/eavesdropping
• Instant Messaging:
• Vulnerabilities for file transfer, eavesdropping, malware
• Social networking:
• Where should we start?
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Voice Security Threat Trending – 2011 vs 2010
0 2 4 6 8 10
Harassing Callers Social Engineering
ModemsSpecific PolicyISP Calling
Loss of Productivity
Toll Fraud
Automated TDoS
Social Networking TDoS
SIP Attacks
Relative Severity (1-10 scale)
Activ
ity In
crea
se
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Modems – Hardly Declining
10-year Average 3-year Average0
5
10
15
20
25
30
35
Modem Daily Calls Trending
20102011
Calls
/spa
n/da
y
Modem use stubbornly high – 27 calls/trunk/day
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
ISP Calling – Persistent Threat
10-year Average 3-year Average0
10
20
30
40
50
60
70
ISP Call Duration in Working Days per Year
20102011
Wor
king
Day
s/sp
an/y
ear
Unprotected enterprises have firewall bypassed >50 days/trunk
Guess how your company confidential information leaks are happening?
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Being a Harassing Caller – A Growth Industry
Jan-1
1
Feb-11
Mar-11
Apr-11
May-11
Jun-1
1Ju
l-11
Aug-11
Sep-11
Oct-11
Nov-11
Dec-11
010,00020,00030,00040,00050,00060,00070,000
2011 Single Enterprise Harassing Callers
Hara
ssin
g Ca
ll Co
unt
Unmaintained List Maintained List0
2000400060008000
100001200014000
Importance of Vigilant Harassing Caller Blocking
Effect of not managing a blocking list
Dete
cted
Har
assi
ng C
alls
3.6x increase January to December!
4.8x increase 2011 vs 2010
Like anti-virus, it is important to keep a current harassing caller list.
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Being a Harassing Caller – A Growth Industry
55.3%
27.4%
10.5%
2.9% 2.3% 1.0% 0.3% 0.3%
Harassing Caller Types - End 2011
TelemarketerDebt CollectorScammerNon-profitSurveyPoliticalFax MachinePrank
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Harassing Callers – High Volume Campaigns
Start T
ime -
By Minu
te
12:30
PM
12:26
PM
12:25
PM
12:24
PM
12:23
PM
12:22
PM
12:21
PM
12:20
PM
12:19
PM
12:18
PM
12:17
PM
12:16
PM
12:15
PM
12:14
PM
12:13
PM
12:12
PM
12:11
PM
12:10
PM
12:09
PM
12:08
PM
12:07
PM
12:06
PM
12:04
PM
1
10
100
1,000
79
21
238
109120
157
286
124
115
125
109115
174240
204321
469
797774
243
1
August Week 1 Harassing Caller Campaign
Approx. 4800 calls in 25 minutes
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Social Engineering – Quantifying the Risk No Source3.45%
Number Presented96.55%
Proportion of Calls with No Caller ID
Authen-ticated79.3%
Internet VoIP3.4%
Spoofed4.9%
Non-Creden-tialized12.4%
Caller Authentication
Source: TrustIDSource: SecureLogix
1.5% – 7% inbound calls have no source number
5% of remaining calls verifiably spoofed
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Social Engineering Targeting Contact Centers
Observing increased Social Engineering attacks on contact centers
Persistent Perpetrators – keep attempting to call after blocking policy enforced
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
High-Risk Calls and Social Engineering
Case Study - US Financial Institution: In 2 weeks, 88 calls to OFAC countries for 5 hours
Case Study - US Financial Institution: NSF check fraud perpetrated from Ghana in combination with US players
Case Study – US Financial Institution Detected multiple calls to Contact Center using Social Engineering to perform
organizational mapping: requesting locations and phone numbers etc.
• US sanctions stemming from engaging in financial transactions with OFAC countries/entities.
• Other high risk origin & destination countries: Common fraud launching points.
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
“Occupy the Phones”
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Contact Center TDoS Flash-Mob Attack
0
200
400
600
800
1000
1200
1400
Monday – Tuesday Flash Mob AttackAttack Starts
Monday at 11 AM
Thursday Friday Monday Tuesday Wednesday
Contact Center was main target
Attack calls blocked
Typical daily call volume
Typical day at Contact
Center
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Increase Call Center Effectiveness
•Busy/unanswered calls•Repeat Callers•Harassing callers•Warranty•Sales•Nuisance callers
•Outbound Unauthorized calling by employees
•Hung voice calls•Inbound Fax Spam
No Value Calls
(Constant Presence)
•Social Engineering •Hacktivism•Inbound Call Types• Modems(Scans)• Fax(Spam)• Modem Energy• Robo Dialers
•Dial Through Fraud•Call Pumping•Outbound Modem•Telephony Denial of Service
Negative Value Calls
(Variable Presence)
Contact Center
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Call Metrics, Stats & Exception Notification
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Effect of Negative Value Calls - Lost Revenue/CSAT
• Case Study: Commodity Retail Contact Center
• 3815 busy calls/month & 236,978 unanswered calls/month
• 25% of callers purchase, $35 average sale
$2.1 Million per month in lost sales
© Copyright 2009 SecureLogix Corporation. All Rights Reserved.
ETM, SecureLogix, SecureLogix Corporation, the ETM Emblem and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other
countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners.
Best Practices for UC Security
• Collect real-time data about your UC services:
• measure what is expected and what is unexpected.
• Develop a UC security policy
• Implement UC application security on perimeter
• Implement good internal data network security
• Prioritize security during UC deployments
• Use encryption where possible for authentication, confidentiality, and integrity
• Implement SIP packet-level security on perimeter