With many organizations ditching traditional telephone service and moving to VoIP, security teams need to pay attention to this new source of network traffic.
Like other network traffic, VoIP calls can be targeted by attackers, including phishing, installing malware, or stealing a company’s VoIP capacity to send large volumes of call traffic for their own purposes.
Attackers who gain access to Real-time Transport Protocol (RTP) sessions can also “sniff the wire” to access the content of calls as part of social engineering schemes, says Josh Snow, a principal sales engineer at ExtraHop. “It’s kind of scary how easy it is,” he says.
In a recent video, Snow shows how simple it is to use Wireshark, a graphical network protocol analyzer, to listen to phone calls running on RTP. Of course, attackers can steal valuable company information by listening to employee phone calls.
“This is probably a really good reason to secure and listen to your VoIP calls to make sure they’re using some kind of security,” he says. Without VoIP security tools, attackers are “going to be able to play back those calls in full detail.”
RTP can be vulnerable to several kinds of attacks, including the above-described eavesdropping, voice injection, hijacking, and denial of service.
The ExtraHop Reveal(x) NDR solution monitors organizations’ VoIP traffic for security incidents. Modern VoIP networks often involve multiple systems interworked together with many different protocols, call routing, and load balancing strategies.
With the Enterprise VoIP and Video Analysis module, Reveal(x) will automatically discover devices and profile every server on the network. Regardless of the protocols or appliance vendor being used, ExtraHop is able to see and parse the traffic going to or coming from each server in real time as well as provide historical lookback.
Watch the video for more details: