fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

NSA Shares Guidance on Securing Voice, Video Communications

NSA Shares Guidance on Securing Voice, Video Communications

The National Security Agency (NSA) has shared mitigations and best practices that systems administrators should follow when securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems.

UC and VVoIP are call-processing systems used in enterprise environments for various purposes, from video conferencing to instant messaging and project collaboration.

Since these communication systems are tightly integrated with other IT equipment within enterprise networks, they also inadvertently increase the attack surface by introducing new vulnerabilities and the potential for covert access to an organization’s communications.

Improperly secured UC/VVoIP devices are exposed to the same security risks and targeted by threat actors through spyware, viruses, software vulnerabilities, and other malicious means if not adequately secured and configured.

“Malicious actors could penetrate the IP networks to eavesdrop on conversations, impersonate users, commit toll fraud and perpetrate denial of service attacks,” as the US intelligence agency explained.

“Compromises can lead to high-definition room audio and/or video being covertly collected and delivered to a malicious actor using the IP infrastructure as a transport mechanism.”

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

UC VVoIP system
UC VVoIP system (NSA)

Admins are advised to take these key measures to minimize the risk of their organization’s enterprise network being breached by exploiting UC/VVoIP systems:

  • Segment enterprise network using Virtual Local Area Networks (VLANs) to separate voice and video traffic from data traffic
  • Use access control lists and routing rules to limit access to devices across VLANs
  • Implement layer 2 protections and Address Resolution Protocol (ARP) and IP spoofing defenses
  • Protect PSTN gateways and Internet perimeters by authenticating all UC/VVoIP connections
  • Always keep software up-to-date to mitigate UC/VVoIP software vulnerabilities
  • Authenticate and encrypt signaling and media traffic to prevent impersonation and eavesdropping by malicious actors
  • Deploy session border controllers (SBCs) to monitor UC/VVoIP traffic and audit call data records (CDRs) using fraud detection solutions to prevent fraud
  • Maintain backups of software configurations and installations to ensure availability
  • Manage denial of service attacks using rate-limiting and limit the number of incoming calls to prevent UC/VVoIP server overloading
  • Use identification cards, biometrics, or other electronic means to control physical access to secure areas with network and UC/VVoIP infrastructure
  • Verify features and configurations for new (and potentially rogue) devices in a testbed before adding them to the network

“Taking advantage of the benefits of a UC/VVoIP system, such as cost savings in operations or advanced call processing, comes with the potential for additional risk,” the NSA concluded.

“A UC/VVoIP system introduces new potential security vulnerabilities. Understand the types of vulnerabilities and mitigations to better secure your UC/VVoIP deployment.”

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

Much more extensive security best practices and mitigations on how to prepare networks, establish network perimeters, use enterprise session controllers, and add endpoints when deploying UC/VVoIP systems are available in the Cybersecurity Information Sheet released today by the NSA.

In January, the NSA also shared guidance on how to detect and replace outdated Transport Layer Security (TLS) protocol versions with up-to-date and secure variants.

The agency also warned companies to use self-hosted DNS-over-HTTPS (DoH) resolvers to block threat actors’ DNS traffic eavesdropping and manipulation attempts.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us