Dealing with DoS Attacks in VoIP

Every industry has its “common cold” — their own unique threat that seemingly has no cure.

In cybersecurity, that problem is quite possibly Denial of Service attacks.

What is Denial of Service?

Often shortened to DoS, or DDoS (“Distributed Denial of Service”), this digital headache first hit back in 1999, and has plagued the computer world ever since.

DoS attacks function by one “controlling” computer forcing other computers to send an excess of data to a web server, generating so much activity that the system can no longer process genuine users.

It’s as if moviegoers, lined up to buy tickets for a show, were suddenly ambushed by a massive crowd cutting in front of them; the increase in traffic prevents those previously queued customers from ever reaching the ticket booth.

Risks to VoIP

As a concept, DoS probably feels fairly abstract. But its results are thoroughly real. According to one study, DoS strikes have affected a whopping 92% of North American businesses, preventing access to websites anywhere from 30 minutes to over four hours. Taken yearly, these attacks cause an average loss of over US$200,000, per business.

And although VoIP isn’t technically a website, it’s still vulnerable to DoS attacks. Just as hacked computers can overload a server with superfluous data, they can easily shut down a VoIP system with a swarm of calls, messages, and other requests for access.

That’s not just theory: DDoS is commonly listed as a vulnerability in VoIP, and in practice, it’s been used to shut down phone communication during larger cyberattacks. Considering that high-data DoS attacks were up 967% just in Q1 of 2019, it’s easy to see why you should take this security risk seriously.

The Solution

The best preventative measure against DoS attacks is to stop them from being able to occur in the first place: while you want your PBX to be accessible, you also want your system to ignore an excess of access attempts.

In theory, this could be achieved by a firewall. The key, though, is that the protection can’t consist only of asking for registration. After all, if your system is trying to verify the status of a request, it’s still devoting processing power to that traffic—thus still giving the DoS perpetrator what they want.

To be effective, a firewall should instead stop processing a glut of suspicious requests altogether. This way, the system doesn’t waste time with determining registration; it simply filters out the bad traffic, and puts genuine users back at the front of the line.

With Wildix, this form of DoS protection comes built into all parts of the PBX system, from SIP to the web. It’s even set up automatically, right from install, as part of its “secure-by-design” promise.

But if there’s one takeaway here, it’s that DoS attacks are unlikely to go away anytime soon—meaning it’s all the more important to safeguard your systems against them.

For more tips over managing office life and implementing software, subscribe to receive our magazine for free!

Social Sharing

Leave a Reply