Here is a link to an article by Sipera (there are several other sites that covered the story as well) which state that toll fraud is on the rise. I of course agree and am glad to see more voice/VoIP security vendors stating that. Sorry to harp on toll fraud, but it is really the only real-world voice/VoIP attack we are seeing. Toll fraud has been around for a long time, but insecure VoIP architectures/systems are making it easier to exploit. Here is the link:
http://www.itnewsonline.com/showprnstory.php?storyid=50098
I will add though that toll fraud is not a SIP trunking issue. Toll fraud can and does occur, whether the enterprise trunking infrastructure is TDM or SIP. I would like to learn more about how SBCs are misconfigured, allowing toll fraud to take place. However, this is really not the point. The vast vast majority of enterprise trunking, at least in North America is still TDM, especially with middle to large sized enterprises. Trying to improve the toll fraud issue with a SIP trunk security technology doesn't make a lot of sense right now, because it would be blind to 99% of the issue. I can say this with authority, because my company has a SIP-based toll fraud detection/mitigation solution. Focusing on SIP is like living in a mansion in a bad part of town and leaving all your doors and windows open, but putting an expensive set of locks on a 6x6" doggie door. Now I agree that this will change, but for now, if you want to mitigate toll fraud, you need to secure all your PBXs and provide TDM/SIP trunk security.
Comments