Comms Dealer VoIP Security Article

Tuesday, 06 July 2010 12:29

Hackers are getting smarter, and it has been known for data centres to be targeted by organised crime. However, there are security measures available that should keep every call safe and give businesses absolute peace of mind. One aspect of those security issues is fraud, where people are hacking into systems, stealing data, making illicit calls or transferring calls to premium rate numbers. This is the primary threat which can impact clients and their business.

O’Sullivan points out that the hacker is able to attack systems due to the weakness of a customer’s password. “That hacker could even be an ex-employee or someone with a modicum of technical ability,” he said. “It is straightforward to presume that passwords that are easy to remember, in some cases for whole departments, are also the ones that are easiest to hack into. This is one area that is easy to confront but can often be ignored.”

Paradoxically, notes O’Sullivan, hosted VoIP can be the most secure. “With hosted platforms, the premise is that customers pay their provider to worry about all aspects of their company’s telecommunications, so they don’t have to. Voicenet Solutions was early to market with pro-active fraud management in the hosted space. We would never want to have the conversation with our customers about their weak passwords, or the disgruntled employee who’s just left, or the lack of physical security with part-time staff being the cause of large bills. It’s far less intrusive to have the system respond to patterns and pro-actively suspend service.”

O’Sullivan has also discovered that it isn’t enough just to download CDRs to clients and let them look for patterns. “Fraudsters are sophisticated and will deliberately probe for weakness, and then hammer them over a weekend,” he said. “By Monday morning it’s too late. They’ve moved on and left you with the bill.

“Safeguarding against fraud is all about making sure you aren’t the weakest link in the chain. At some point that will become the phone itself as a target, but for the next couple of years the weak point is what it has always been, weak user passwords. There are so many varying levels
of service, security and reliability that ultimately the supplier of that service will be judged upon before, during and after the contract.”

The general argument for the hosted solution is that it can provide better security than a PBX solution because of the economies of scale. “We can amortize the cost of security over a much larger user base than a single enterprise, so we are able to spend the time and money on the best security solutions. This is the real benefit of the hosted solution,” said O’Sullivan.

“Data Centres have been targeted by organised crime. That is why there should be a large investment in actual physical security. For example, at our data centre we employ the following protection: The building is bland – there are no signs showing its use, you cannot enter the building without a photo card and a PIN, you cannot leave the foyer without a photo card, you cannot enter the data floor without the photo card and live biometric data, you cannot enter our suite without another PIN, and CCTV runs 24×7 outside and inside of the building.”