To maintain integrity on our network as high as possible and to help protect our customers, Flowroute has implemented additional fraud prevention functionality. The following tips enable you to apply added security to your VoIP deployments.
In this article:
Prevention Tips
Maximum Outbound Rate
Destination Whitelist
Fraud management system (FMS)
If you operate one or more PBX systems on public IP addresses, we urge you to conduct a security audit of your system. The number of VoIP fraud cases is on the rise, and your best defense is the security of your systems.
Prevention Tips
Ensure your password for your Flowroute account is very secure.
Ensure that all SIP accounts or phone extensions on your PBX use strong passwords. Never choose simple passwords such as 100, password, or phone. Fraudsters are now using automated tools to brute-force attack PBX systems, finding accounts with weak passwords and using them to their advantage. You might want to generate random passwords using such sites as Password Generator or Gibson Research Center Perfect Passwords.
If your PBX has a setting for allowing anonymous inbound calls from the Internet, please disable it. Some PBX configurations are set up to automatically forward inbound calls to the first available outbound trunk if the call cannot be routed to any internal SIP account or phone extension which, when combined with the setting for allowing anonymous inbound calls, makes for a very vulnerable PBX system.
Do comprehensive security audits of your systems. If the system hosting your PBX is hacked, your PBX could be used for fraudulent calls, or your Flowroute SIP credentials may even be stolen and used to originate fraudulent calls from a remote location. Please consult a qualified System Administrator if you are unsure how to security audit your systems.
If you are using IP Tables or a *nix-based system, you can further automatically "ban" an IP address that is attempting to breach your system if it fails more than a certain number of authentication attempts. See Fail2ban main page for more information.
Review access logs regularly and you can keep up to date on security patches and practices for your network services. You may use SIP auditing tools such as SIPvicious.
Change the Maximum Outbound Rate
You can adjust and define the maximum outbound rate for your account. This rate is a ceiling rate for calls coming out of your account.
You can adjust this rate if you intend to call countries with a higher per-minute rate by setting a Maximum Outbound Rate on the Fraud Control page of Flowroute Manage. See Set a Maximum Outbound Rate to configure this option.
Set up a Destination Whitelist
In addition to the maximum outbound rate, we also offer whitelist features. You may use a strict whitelist such that your account would only be authorized to call specific destinations. All other fraud tools are ignored for destinations listed in your whitelist. See Set up a Destination Whitelist for more information.
Utilize a fraud management system (FMS)
What is it? It’s a Company wide platform to prevent fraud.
It can use CDRs of the customer's account to review account calling
It monitors for commonly used fraud attacks
It’s capable of alerting employees of any suspicious activity
How does it help?
FMS uses frequently found fraud patterns. It’s an enterprise-wide data analysis platform that works well in detecting many different types of fraud. The FMS uses Call Data Records (CDRs) to create usage-based analysis profiles that detect threats and irregular activity. Most voice fraud detection platforms can automatically scan through phone number databases, ranges, and destinations to determine blacklist” callers. They can help notify team members of activity that might need further investigation.
NOTE: Flowroute does not offer FMS tools directly.
Want to see how to use Flowroute Fraud Prevention controls?
View our how-to videos on Vimeo and YouTube.