What is a SIP Threat Management Device (STM)?
You may be familiar with UTM – Unified Threat Management device, but have you come across an STM – SIP Threat Mangement device, that is used to protect the IP PBX and IP Phones/Telephony infrastructure from threats/attacks?
Here is a guest post by Martin Andre Strul of Allo.com, manufacturer of STM device, Analog/Digital Telephony cards, Analog telephone adapters, VOIP gateways, PBX systems, IP Phones and more.
Special message from Allo.com to readers of excITingIP.com: If you are a system integrator, an IT person in your office, someone involved with VOIP security and want to learn more about this unit or just interested in reviewing the STM, contact us for a sample today! (They are looking for Beta testers & Reviewers).
What is STM – SIP Threat Management?
The STM – SIP Threat Management device, is installed in front of any SIP based PBX system or gateway and offers extra layers of security against numerous types of attacks that are targeted towards IP telephony infrastructure. The features offered by the STM complement those of a traditional firewall or UTM, and it can be installed in conjunction with a UTM.
Every year the number of PBX fraud victims increases dramatically. More and more companies are targeted by individuals who are looking to bring down or exploit the communications system. Some do it for fun and others for illicit profit, but the end result is always the same… The victim company goes through hell!
Some things to consider:
- The law is clear, you are the only responsible for the security of your phone system and any charges generated from it.
- You will pay on average 5,000$ USD to 80,000$ per attack to your carrier.
- Downtime of your whole system is very common.
- In some cases you will have to find a different carrier.
Here is an overview of the most common attacks to PBXs today and how the STM handles them –
- SIP Device Fingerprinting: The hacker will try to identify which PBX software is running or which hardware you are using. Once he gets this info, he will look for their weaknesses and attack accordingly. The STM will simply not answer to such requests leaving the hacker in the dark.
- User enumeration: The hacker will request the system to divulge the extension numbers. Once he gets this info, he can then start looking for the passwords. The STM will not give out this info.
- Password Cracking Attempt: The hacker will try different user names and passwords in order to gain access to an extension or the admin panel of the PBX. The STM can be configured to block an IP if more than 10 trials are done within 10 minutes, for example.
- PHREAKERs: These guys take advantage of your negligence and steal from you without really hacking anything… They just check the most common/default user names and passwords used and if they get lucky, its a bad day for the victim.
- The Hardcore Scammer: Using scripts and special tools, these criminals know exactly what they are doing and have the knowledge to hack and exploit an unprotected phone system. The list of scams they can run is long but it can range from setting up an extension in your system and using it to sell cheap international calls, to more elaborate FAX back or CALL back scams where they use your system to call very expensive / minute phone numbers they control…
- DoS/DDoS attacks: These are designed to flood your PBX with an exaggerated numbers of packets. Their goal is to bring down your communication system and render it unusable. The STM will dynamically block for a pre determined period of time, the IP or IPs from which these attacks originate.
- Cross Site Scripting attacks: These are amongst the most complex and hard to achieve. A script is injected in your PBX by the hacker and can program it to do all kind of malicious actions such as having al your extensions ring at once. The STM blocks off the intent and IP address(es) trying to do that.
Manufacturer’s message: The ALLO.com STM uses the SNORT based real-time deep packet inspection engine, which is in fact a large database of known threats to PBXs. Much like a terrorist watch list, the STM uses this list to check each SIP packet heading towards your system and blocks any malicious packet as well as its originating IP.
excITingIP.com
You could stay up to date on Computer Networking/IT Technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’.
Hello , do you know if this device can be installed on a trunk ? I have a switch with 3 vlans (computers, voice, wireless) and i want to protect both my PBX and my IP Phones not only the PBX , on my router i have created three dhcp servers to send my ip addresses over one cable to my switch for all my vlans and i have assigned access ports on the switch and i have full connectivity and internet and ip telephony.But when i connect the STM inline
router—trunk line—–(STM)—–trunk line—–switch—–(vlans & PBX)
i have NO connectivity to or from anything not even DHCP passes . But when install it like the manual says
router—–trunk line—-switch——-(STM)——PBX i have full connectivity everything works fine. Is it me doing something wrong ?