10 Tips to Filter Out SPITBy: VoIP Now, on April 30, 2007
With the ridiculous amount of email spam circulating out there (some estimates put this at staggering 82% of all emails), it's hardly a surprise that VoIP would be the next target. With calls being cheap and the technology readily available, spammers have little to discourage them from adding SPam over Internet Telephony (SPIT) to their repertoire. SPIT has the possibility of being even more annoying that your run of the mill spam because, unlike Spam email which you can ignore or delete at your leisure, SPIT calls happen in real time and disrupt your day. SPIT can also eat up your VoIP bandwidth, lowering the quality of your calls and clogging up your voicemail with the same annoying junk that gets filtered out of your email. Luckily, SPIT attacks are still fairly rare, at least in the American market; but in the past few years with the explosion of VoIP usage the amount of potential targets for SPIT has grown, making it a more worthwhile endeavor for spammers. As VoIP becomes more widely used, the growth of SPIT is almost inevitable, so it makes sense to set up your VoIP to take care of unwanted calls before they ever become a problem. Here are a few tips on methods you can use to help keep SPIT out of your VoIP system.
- VoIP Provider Filtering: Some VoIP providers, such as Vonage and Skype, can actually help protect you from SPIT. Calls through those providers travel, at least in part, through proprietary closed systems. These systems have existing defenses in place, which can help filter out a lot of the more obvious SPIT before it ever reaches your phone. Provider based security isn't foolproof however, as hackers can and have invaded VoIP provider systems. Still, provider based filters can be a good first line of defense to SPIT and other threats to your VoIP.
- Strong Authentication: This is probably the most important first step to filter out SPIT. By forcing users to be authenticated before allowing calls through, ideally, very little spam would ever reach you. Authentication programs work by using a "circle of trust." If you make a call from provider A to provider B, in order for provider B to accept that call Provider A would have to authenticate that the call actually came from Provider A. The networks "trust" each other to validate users. These kinds of systems are hard to hack into - a hacker would have to steal a user's identity or create a fake network identity to be able to override this security. If you are using VoIP for your business, these kind of authentication systems can and should be set up, not only to protect you from SPIT but from other threats as well.
- Reputation Based Systems: A reputation based system works by assigning a score to users. The score is based on the history of the caller. For example, if you are being targeted by SPIT calls, the source of these calls can be flagged as bad and, going forth, calls from this source will be assigned a reputation based on this label which can be distributed across the entire network. While this system might be affective in some situations, it isn't without its drawbacks. Generally, those wishing to distribute SPIT will use a number of different identities making keeping track of the "bad" calls difficult. Also, it's possible that some calls you want to receive might get mislabeled as bad. A reputation based system can help you filter out some SPIT calls, but chances are some will still get through.
- Central Black Lists: Another way to help filter out SPIT is to use a system similar to that used by your email spam blockers. This is a very simple system, but it can be effective. A list is created of all known SPIT numbers and those numbers are blocked by the system, just like you can block certain email addresses from going into your inbox. SPIT users will continue to change their numbers, but the list will grow and evolve along with those changes, becoming increasingly effective. The drawback to this, of course, is that calls not coming from blacklisted numbers will still get through, but when used in conjunction with another SPIT filtering method, blacklists can be very effective at limiting the number of SPIT calls that will get through.
- VoIP SEAL: VoIP SEAL is a relatively new release from Japanese manufacturer NEC. VoIP SEAL is an automated system that is designed to protect your VoIP from any unsolicited calls. It works by employing a number of tests, which the system analyzes to give each call a "score" to measure the risk or danger. What is great about VoIP SEAL is that it works in a two-step process. Incoming calls that pass initial tests that determine they are not a threat are allowed to go through. Calls that still have a degree of suspiciousness to them are routed to specialized answering machine where additional tests can be performed. This two-part system can help reduce the amount of real callers that could erroneously be identified as SPIT. A system such as VOIP SEAL could provide a simple solution to filter your incoming calls.
- Automated Challenge: One way to make sure that your calls are coming from actual humans instead of automated recordings is to set up a system that requires all calls coming from an unknown source to answer a simple question. Instead of routing the unknown call to you, the call will be answered by a recording asking the caller to enter a series of numbers or something along those lines. This may sound like an irritant to valid callers, but it ideally only needs to be done once. After the number has been judged as a human then the system would remember the caller and allow it go through. This can be an extremely effective way to manage incoming calls (aside from the minor irritation) but might be limited by the amount of database power required to know whether the caller is a new caller or is in the existing database.
- VoIP Firewall: A firewall for your VoIP can be a great security investment. A VoIP firewall is an application driven by a security policy defining whether to allow or to deny certain calls. It manages and protects the traffic, flow and quality of VoIP and other SIP-related communications. Borderware has launched an SIP firewall called SIPassure to help mediate the threats that could potentially take down your VoIP system. One of the benefits of the firewall is that it filters an controls any SPIT that might be coming through to your phone. Since calls go through a system of authentication, it's unlikely that much SPIT, or any other VoIP would get through.
- Voice Recognition: Though it might sound like a strange way to determine if a call is SPIT or not, there is technology out there which uses the voice of the caller to determine whether or not the call is someone you want to speak with. V-Priorities from Microsoft can analyze the characteristics of a caller's voice and their word usage to determine whether the person is a friend, family member, colleague or stranger; and route the call appropriately (the system was 90% accurate in tests). This is neat technology, but I can't help but wonder what happens to those other ten percent of calls. There is potential to route an important business call to a junk call voicemail, which could be an annoyance. The technology will most likely improve over time, however, and can provide an innovative way to monitor your calls.
- Calling Rate Limit: Another SPIT filtering technology you can employ involves calling rate limits. Eyeball has released AntiSPIT, a program that uses calling rate limits to keep out unwanted SPIT. The AntiSPIT engine employs a calling rate limit that is dynamically adjusted. Malicious calling behavior is identified and blocked but it does not interfere with legitimate calls as it uses an algorithm based on the caller-recipient history among other factors. This information is used to create a calling limit unique to each number. Once the calling limit is exceeded, further calls can be blocked, challenged, or forwarded to the recipient. The dynamic calling rate limit allows the server to add a rating tag to a call signal that indicates whether the call is good, suspicious or bad using green, yellow or red colors (or differing ring tones).
- Secure Your VoIP: While programs aiming to target SPIT specifically are great, the simplest thing you can do to protect yourself is to make sure your VoIP is secure against more than SPIT. Employ a program to encrypt your VoIP conversations. Additionally, you should protect your servers and networking hardware with an IDS (intrusion detection system). Your VoIP provider can also affect the security of your calls, so go with a provider with the capability to handle most, if not all, Internet telephony security issues.
With the growth of the VoIP security market there are undoubtedly more solutions and preventative measures than are listed here, and you shouldn't need to secure financial aid, look up Kaplan university reviews, and go back to college to figure it all out. These tips can give you a start on avoiding a majority of the threats SPIT can pose. SPIT might not be an overwhelming problem for VoIP yet, but the reality is that it's only a matter of time. Spammers aren't about to give up on their efforts to target you, so it's best to take precautions against SPIT now before you're faced with a ongoing problem.