How to detect and block fraud traffic?


According to experts, most telecom providers are losing 3 to 10 percent of their income due to fraud. Be it voicemail hacking, phishing, call forward hacking or any other brand of con, this epidemic is growing at a rate of 29% per year! Learning from what the carriers do to protect their networks, we’ve compiled a list of ways that you can best detect and avoid nasty telecom fraud within your own network, ultimately saving your business thousands of dollars!
DETECTING:
Employ Fraud Detection Hardware or Software
Above all, we recommend that you install fraud detection hardware or software into your network. Companies like Cisco, Avaya, and others have various hardware options so you can configure the system for secure access to appropriate parties. For example, Avaya and other providers have Class of Service restrictions on all their platforms to enforce feature access security.
Various software based solutions exist from companies such as: NexOSS by TransNexus, Oracle and Humbug Telecom Labs. A principal VoIP fraud detection solution can analyze call detail records for suspicious activity, automatically sending you an alert when fraud is identified and then self-implementing preventative measures before it’s too late.
More specifically, the VOIP detection software effectively eliminates the problem of traffic pumping fraud for VoIP providers by employing smart monitoring features that sense when there is an unusual spike in call traffic to a specific destination. When a suspicious spike occurs, the system automatically puts a temporary block on the route, ensuring that fraud losses are kept to an absolute minimum, without interrupting legitimate calls.
AVOIDING:
1. Secure Your Network:
It may sound like common knowledge, but the very first line of defense between you and telecom fraud is to ensure that your network is secured with a strong password. To maximize your protection, pick a mixed-case, alphanumeric password that avoids sequential or repetitive numbers. Your password is the gatekeeper; make it a stern one!
2. Proper Device Provisioning:
Properly provisioning each of your SIP devices is a vital initial step in protecting your network. To securely provision your VoIP devices, complete the following checklist.
  • Eliminate insecure file transfer protocols (TFTP, FTP).
  • Minimize the impact of necessary TFTP access by limiting network access to only trusted parties.
  • Disable administrative interfaces on all endpoints.
  • Change passwords on all endpoint devices.
  • Change default password of the day seeds for eMTAs (embedded Multimedia Term Adapter).
  • Disable ssh and http interfaces on eMTAs.
  • Lastly, implement an access list to prevent unauthorized SIP requests to the eMTA. This should prevent a denial of service attack on the eMTA.
3. Perform Regular Maintenance:
Hackers and fraudsters are constantly improving their methods so you too should make sure your defense is state-of-the-art. The key here is to perform regular maintenance on your system, in all areas. Yes, make sure your detection software is always up to date; continually change your passwords (never repeat), re-evaluate system securities, etc.
4. Perform a Regular Security Audit:
Included within the regular maintenance, performing a regular security audit on your network will ensure that it is properly configured. Follow these steps for best results.
  1. As mentioned above, check for weak passwords across the network but pay special attention to the voice portal passwords, web and application access passwords and SIP authentication passwords.
  2. Check for international forwarding.
  3. Check for accounts without authentication.
5. Strategic Call Routing:
Because there are specialized operators that can perform a validation on a call before completing it, some providers have chosen to strategically route known fraud countries through these operators, as an initial line of defense. Although this process is somewhat time consuming and questionably cost effective, this method can certainly minimize telecom fraud.
6. Session Border Controllers:
In addition to automated defenses, Session Border Controllers (SBCs), which work in front of an IP connected PBX, can also be a second-line deterrent for fraud in that they can detect and stop repeated attempts to guess user credentials, as well as, unauthorized attempts to route traffic. Some SBCs can even analyze call patterns and dynamically learn your network’s typical traffic patterns, sending warnings when something deviates from the norm.
7. Enforce SIP Authentication:
The first step in securing your VoIP network is to enforce SIP Authentication for all VoIP endpoint devices. Authentication should occur at registration, call initiation and service subscription. For secure password verification, use the HTTP digest method. SIP Authentication should require a device to have the following three pieces of information in order to validate a request:
  • Valid SIP URI.
  • Authentication Username.
  • 20 character pseudo-random password.
8. Blanket Call Blocking:
Perhaps the most aggressive prevention practice of the bunch, some providers are completely blocking destination countries with reportedly high incidences of fraud (i.e. Pakistan, Philippines and varied African nations), or simply blocking calls to fraud related phone numbers. Of course, the drawback here is that this risks denying legitimate traffic, however, depending on your networks specific makeup, this may be an advantageous cost-benefit practice.

We hope you’ve found this list of advice for detecting and avoiding telecom fraud to be helpful. Hackers are getting trickier each year so it’s best to stay ahead of the con, implementing these expert tips all along the way.
Contact us
Share on Google Plus

About Unknown

0 comments:

Post a Comment