Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Session Initiation Protocol (SIP) is a protocol associated with Voice over IP (VoIP). SIP, which allows administrators to remotely run commands on other devices, is a popular target for attackers. Brute force attacks on SIP are low cost and relatively easy to perform. Even though this type of brute force attack is noisy, it can be highly effective due to the commonality of weak and repurposed passwords.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
An attacker looking to remotely run commands on target devices over Session Initiation Protocol (SIP) must first acquire valid credentials. A brute force attack is a method for guessing a weak user password. Brute force attacks can occur manually through trial and error or automation tools.
Limit the number of Session Initiation Protocol (SIP) login attempts and then block users that exceed this number
Implement strong authentication methods for remote access services
Implement network segmentation and firewall policies to limit how devices can communicate and enforce security zones
Review access controls to ensure that only necessary users can connect to remote access services with SIP
Review authentication methods and enforce policies for secure credential creation and multi-factor authentication
