VoIP Peering Prevents Man-in-the-Middle Fraud
Targeted Internet traffic misdirection is a growing concern, says security monitoring firm Renesys. Specifically, an increasing amount of information is being hijacked by man-in-the-middle attacks.
Such attacks work by redirecting Internet traffic remotely through an attacker’s server. During the redirection, the data can be monitored and even altered before reaching its intended destination. Renesys estimates that roughly 1,500 Internet Protocol (IP) address blocks have been hijacked this year so far. The attacks have targeted financial institutions, voice-over-IP (VoIP) providers and governments.
The hijacking relies on the trust relationship between gateways, and on the interception going unnoticed. While traffic is delayed, it is not usually delayed long enough to rouse suspicion. While once these sorts of attacks were relatively uncommon, they now are a serious threat. The attacks have now "moved from a theoretical concern to something that happens fairly regularly," Renesys noted.
"Everyone on the Internet," Renesys warned, "certainly the largest global carriers, certainly any bank or credit card processing company or government agency — should now be monitoring the global routing of their advertised IP prefixes."
For VoIP users, man-in-the-middle attacks can lead to eavesdropping, call tampering or quality degradation. And while this might be fine for that call about picking up the milk, it can be a different story entirely for financial or sensitive business information. One approach to avoiding interception and such attacks is using voice peering.
Voice peering is the forwarding of voice calls directly from one provider to another, bypassing the Internet and thereby ensuring a higher level of security. A compromised VoIP line can lead to the injection of malware, installation of viruses, and stolen information.
Voice Peering mitigates these risks by traversing a private Layer 2 Ethernet fabric, meaning less public point of entry for these attackers.
“Voice peering directly affects the total VoIP experience by protecting the business or the user from Denial of Service (DoS) attacks or an intentional flooding of what seems like legitimate requests to overwhelm the hardware and software responsible for supporting the telephone service,” noted Susan Campbell recently on a TMCnet post. “It also protects against Phreaking or hackers stealing user credentials to intercept the service and let the user pay for it.”