Pin Me

New Defenses Against the Most Advanced Hacking Threats: Q&A With Patrick Park Part III

written by: •edited by: Bill Bunter•updated: 5/5/2010

Advanced Hacking Attacks author Patrick Park offers tips to combat the latest cyber attacks.

  • slide 1 of 1

    Cyber Fraud

    Patrick Park, author Advanced Hacking Attacks explains how fraud can be a potential threat for a small business as we continue our series looking at new cyber threats, including the increase of fraudulent phone calls.

    Bright Hub: VOIP can be a great benefit, offering the ability to make affordable long distance calls and potentially save a small business a lot of money, but there are risks. Do you see fraud as a potential risk with VOIP, and what are some of the risks a small business could face?

    Patrick Park: A fraudulent toll call is one of the common threats these days, especially for long distance or international calls. Because most mediation devices (for example, public switched telephone network [PSTN] media gateway, proxy server) require valid credentials (for example, ID and password) before setting up the toll call, an attacker collects the credentials first in many different ways. Typically, an attacker creates spoofed messages for brute-force password assault on the server until he receives authorization. If the clients use default passwords or easy-to-guess passwords, it is much easier to find them, especially when an attacker uses a password dictionary (a file that contains millions frequently used passwords).

    Bright Hub: What are some of the ways that a server might be able to check on things such as credentials? Can you describe why this could be an issue?

    Patrick Park: In some cases, the server does not require the credentials, but checks out the source IP address or subnet of the client to control the access. Especially when call trunking (for example, SIP trunking) is set up between a VoIP service provider and an enterprise customer, the access control based on the source IP or subnet is commonly used. An attacker may be able to access the server by spoofing the source IP address.