twitter Here are a few tips to get better snaps on your #smartphone📱📸 Get you started. #photography #tips
security padlock

VoIP Security Guide and Protection Checklist

ATurton / 14 February, 2017

Since Voice over Internet Protocol (VoIP) technology began to take off in 2004, VoIP has enticed millions of consumers and businesses with the promise of lower costs, increased efficiency and added convenience.

And the market is still growing – fast! Growth is forecast at 9.87% CAGR between 2017-2021, and will be driven by consumer and business demand for low cost international calls, mobile VoIP and reduced infrastructure.

However, issues surrounding VoIP security are stopping some businesses and individuals from benefiting from the technology.

To help you understand and minimise VoIP security threats, we’ve created the VoIP Security Guide and Protection Checklist.


Types of VoIP Attack and How to Prevent Them
VoIP Security Checklist
WMX Global Support 


Types of VoIP Attack and How to Prevent Them

The aspects of VoIP which make it so powerful – its flexible, open and distributed design – are the same as those which open it up to potential threats. There is no central body responsible for designing, implementing and monitoring VoIP. And that makes VoIP security particularly complex. Below is a list of some of the most common attacks and what you can do to prevent them.




Phishing is the practice of sending emails purporting to come from a reputable company to encourage individuals to reveal confidential information, such as passwords and credit card information.

Voice Phishing – or Vishing – applies this concept to voice calls. Skilled “vishers” can manipulate common VoIP features – such as caller ID and interactive voice response systems (IVR) – to appear more respectable. Vishing attacks are very difficult to trace.


How to Prevent It

Education and awareness is the best defence against vishing. Every member of your team should:

  • Verify the legitimacy of anyone requesting sensitive information.
  • Request to call back the caller using the listed number of the organisation they claim they are from.
  • Never call back the number any suspicious callers give you.


Denial of Service Attacks (DoS)DoS

By flooding a network with excessive amounts of data, attackers can disrupt services and render your network temporarily unavailable.

A variant of DoS attacks is the Distributed Denial of Service attack (DDoS). These use multiple computers to increase the amount of data transmitted and are therefore more powerful.


How to Prevent Them

By following VoIP security best practice strategies, you can reduce the size of DoS and DDoS threats and make it difficult for even a sophisticated attack to be successful.

Aimed at VoIP, DoS and DDoS attacks often aim to overload the handsets with call-signalling messages sent over the Session Initiation Protocol (SIP). When the handset receives a flood of traffic it may be forced to reset. To prevent this:

  • Install a SIP aware firewall system at the VoIP network perimeter in a two-phase filtering architecture. This will two phase approach will differentiate between malicious and legitimate SIP traffic and filter out the former.

To prevent a DDoS attack on servers and software used to run the phone system:

  • Set up routers and switches with rate-limiting capability, traffic shaping, deep packet inspection and access control lists.
  • Use intrusion protection to block certain attacks that follow known signature patterns.
  • Use a DoS defence system to block protocol- and rate-based attacks.

No system can be completely insulated from the threat of DoS and DDoS attacks. However, with the right measures in place, the threat can be significantly reduced. It’s far better to prepare in advance than get caught out.


Call Interruption Call Interruption

VoIP communications are no more, and no less, vulnerable to interception or hacking than landline phones – a practice which has gone on for years.

There are different techniques for intercepting a VoIP call. For example, an attacker can connect to the same frequency or URL as a VoIP phone and begin listening. Or, by placing a “bug” in the server, an attacker can intercept voice packets being sent and received.


How to Prevent It
  • Encryption is the most obvious way to prevent anyone intercepting your calls. Many VoIP providers have encryption servers that encrypt and decrypt packets being sent and received.
  • Softphones are more vulnerable to attacks. By using VoIP handsets and headsets you minimise the risk of interception.
  • Use a separate LAN for your VoIP network. This will protect internal calls and local use.
  • Ninety percent of data theft occurs through attacks on Wi-Fi networks. VoIP runs over your computer network, so make sure you have high-quality, current firewalls and anti-malware software in place. You may want to use a jammer to ensure that your network is kept in-house and is not accessible from a distance.


Spamming over Internet Telephony (SPIT)SPIT

Spamming over Internet Telephony (SPIT) involves the bulk broadcast of unsolicited VoIP messages. Irresponsible marketers can use spambots to accrue large numbers of VoIP addresses or may hack into a computer used to route VoIP calls. Because it is hard to trace calls routed over IP, attackers may use SPIT techniques to defraud people.

A common misconception is that VoIP systems are more vulnerable to SPIT than non-VoIP systems. This is not true. SPIT attackers use VoIP on the sending side, not the receiving side. This means that POTS destinations are just as vulnerable.


How to Prevent It
  • Enforce device authentication and authorisation of user endpoint devices, and limit excessive call traffic from a single source.
  • Consider creating whitelists (only callers on the list will be approved), blacklists (only callers on the list will be blocked) and grey lists (unknown callers are rejected the first time they call, but accepted if they call back within a short period).
  • Use reputation systems, which assign a reputation value to each caller. These “rank” a caller’s SPIT level by assigning positive and negative reputation values to them.
  • Setup Turing tests and computational puzzles. These present callers with a challenge that is easy for a human to solve but impossible for a machine.


Caller ID Spoofing    Caller ID Spoofing

Caller ID spoofing is the practice of causing a telephone network to indicate that a call is originating from a false station. Attackers will often make it looks as though their call is originating from a trustworthy source – such as a bank – to induce victims to reveal confidential information.


How to Prevent It
  • If you suspect you are being spoofed, put the caller on hold and call the displayed number. If the number is busy they may be telling the truth.
  • If the number rings, ask if the person is calling on behalf of the company.
  • Google the number to see if the company lists the number on their site and whether they have mention of a scam that is going on.
  • Don’t give out confidential information.



A blanket term used to describe malicious software, malware includes viruses, spyware, adware, worms and Trojans. As with any internet application, VoIP networks are vulnerable to malicious code.


How to Protect Your Network
  • Implement stringent authorisation policies to prevent unauthorised access – e.g., authentication for administrative and user account access.
  • Audit administrative and user sessions and service-related activities.
  • Install and maintain a server firewall, antimalware and antitampering measures.
  • Create safeguards to prevent misuse – for example, a whitelist of callable country codes to thwart illicit call forwarding that may result in toll fraud.


War DiallingWar Dialling

War dialling involves automatically scanning and dialling large volumes of numbers – often every number in a local area code – to search for modems, computers, computer servers and fax machines. This information can then be used by attackers to achieve multiple things: guessing user accounts, locating entry points or even just for fun.


How to Prevent It

A war dialling penetration test looks for weaknesses in your VoIP system. This will:

  • Create a footprint of phone ranges.
  • Connection test discovered ranges.
  • Access discovered services (including modems, PABX DISA services, voicemail systems and menu systems).

A penetration test allows your organisation to test whether an attacker can discover and access services, as well as provide recommendations to keep you safe.


Man-in-the-middle AttacksMan In The Middle Attack

By relaying and possibly altering communication between two parties who believe that they are directly communicating with each other, man-in-the-middle attacks can be a significant disturbance for companies. Attackers use man-in-the-middle attacks to eavesdrop or to interfere with information being communicated.


How to Prevent Them
  • Set up an Intrusion Detection System (IDS). This will monitor your network and provide an immediate alter if someone attempts to hijack traffic flow.
  • Consider using the virtual private network (VPN). This will provide an additional layer of security.
  • Ensure proper process auditing and network monitoring.


Registration HackingVoIP Security

An attacker may disable a valid SIP registration and replace it with their own IP address. This allows them to intercept, reroute, replay or terminate calls as they choose. Victims of registration hacking often do not know that they have been hijacked.


How to Prevent It
  • Use strong authentication and VoIP optimised firewalls to detect and block attacks. A VoIP optimised password will:
    • Detect and alert upon directory scanning attempts.
    • Detect and alert upon failed authentication attempts.
    • Log all REGISTRAR requests.
    • Alter upon any unusual pattern of REGISTRAR requests.
    • Limit REGISTRAR requests to an established user list.
    • Act as a proxy and provide strong authentication for registrars that lack the ability to do so themselves.
  • Select strong passwords. Don’t use “mechanically generated” passwords, such as the extension with a prefix/suffix.


VoIP Security Checklist


Equipment and ServersCheckbox


□ Choose VoIP protocols and equipment carefully

□ Turn off unnecessary protocols

□ Consider separating VoIP and other IP-based infrastructures

□ Authenticate remote operations

□ Separate VoIP servers from the internal network

□ Make sure the VoIP security system is able to track the communications ports by reading signalling packets

□ Use the Network Address Translation (NAT)

□ Use a security system that performs VoIP specific security checks

□ Limit max trunk calls and max calls per extension to your requirements

□ Update your server’s operating system and all associated software to the latest version and enable the latest security patches


Passwords and Access


□ Ensure that all passwords are unique

□ Ensure all passwords alphanumeric with at least eight digits

□ Ensure maintenance port access is only available to those with passwords

□ Ensure that passwords and access codes are changed regularly

□ Delete or change former employees’ passwords as soon as they leave

□ Ensure access PIN is set on smartphones which using VoIP

□ Limit external access to known IPs

□ Consider a creating whitelist of callable country codes/premium-rate numbers

□ Limit VoIP registrations to local network

□ Ensure that non-public facing extensions are accessible only via your internal network

□ Block access to unallocated mailboxes on the system and change default PIN on unused mailboxes


VoIP Security Checks and Backup


□ Enable VoIP logging to monitor activity

□ Check firewall logs on a weekly basis to identify potential threats

□ Monitor for evidence of hacking – e.g., out of hours calls and the inability to get an outbound line

□ Analyse billed calls by originating extension to identify unusual usage

□ Back-up your system at least once every 30 days


WMX Global Support


WMX Global is a leading communications and technology provider. We operate our own core network for international communications, and have developed relationships with renowned carriers across the globe.

WMX’s core network leverages multiple datacentres to increase resiliency and reach. We are interconnected with all major tier 1 carriers. Our network operates to the highest industry standards in performance, latency and security.

Each of our customers are allocated a dedicated account manager, responsible for the success of the services we provide to your business. We provide you with named contacts and support so you have direct access to key members with knowledge of your business and the services and support you require.

Our award-winning technical support team who take pride in helping customers reach a resolution as quickly as possible. And our engineers are all trained to third line standards, which means that technical enquires are dealt with effectively and efficiently by knowledgeable staff.

If you have any questions regarding VoIP security, don’t hesitate to get in touch.


Head Office

1st Floor Heywood House, Ridgeway Street, Douglas, Isle of Man, IM1 1EW

Email Address:

VAT No. 003272231

Company No. 008112V

All content EliteCommsGroup ltd registered in the Isle of Man