Securing the IP Contact Center

By Kevin Mitchell

As communications evolves in service provider and enterprise networks, VoIP and IP interactive communications (IC) adoption are on the rise in contact centers. A Yankee Group survey found that nearly half (47 percent) of the North American contact center respondents indicated they will deploy VoIP in their contact center by the end of 2007, with VoIP penetration of agent seats expected to exceed 60 percent by the end of 2008.

With the adoption of IP interactive communications – predominately based on Session Initiation Protocol (SIP) – call centers are transitioning to multimedia customer care centers incorporating not just voice conversations, but Instant Messenger (IM) chat, click-to-call, image sharing, and interactive video. In addition to increased customer service, the migration to IP IC makes contact centers more flexible and resilient as a result of contact center virtualization, skills-based routing, and application integration. These improvements are done with an eye on the bottom line, because costs can be lowered by implementing economical and more rapidly deployed IP trunks from service providers for inbound or outbound PSTN calls.

These benefits do not come without some risk – namely, network availability, call quality, communication integrity, and assured reachability. The security and availability of VoIP and IC infrastructures should be the paramount concern for IP contact centers. Successful attacks resulting in contact center downtime can result in lost revenue, diminished customer satisfaction, and potential lawsuits.

Threats to IP Interactive Communications: There are numerous IP interactive communications threats and attacks, but they vary in terms of probability and impact. These threats are becoming more probable as contact centers connect to external networks via IP as opposed to converting VoIP used internally to TDM using media gateways. The main threats to an IP contact center (presented in descending order of significance) are:

  • Denial of Service (DoS) attacks: Casual hackers, professional criminals, or disgruntled customers can conduct malicious attacks designed to cripple contact center IC elements by overloading them with calls or service requests. This is the most serious threat in terms of its impact to contact center operations.
  • Overload events: In addition to purposeful DoS attacks, non-malicious periods of intense activity (such as American Idol tele-voting) can also cause an increase in call signaling rates that exceed what the contact center infrastructure can support, resulting in network conditions that are similar in effect to DoS attacks.
  • Network abuse and fraud: Malicious intrusion or service theft may take the form of an unauthorized user gaining access to the VoIP network by mimicking an authorized user or seizing control of a SIP proxy and initiating outbound calls to the PSTN for free. Another possibility is using a compromised endpoint to redirect or forward calls for eavesdropping.
  • Viruses and malware: Computer viruses, worms, Trojan horses, and other malware can infect agent phones and SIP-based ACD infrastructure – just as they can computers and servers – and degrade performance or completely disrupt service. As devices become more sophisticated with distinct operating systems, malware also serves as a way to subjugate devices and launch DoS attacks that piggyback encrypted links.
  • Identity theft: Phishing and “man-in-the-middle” can be used to acquire caller identification information to gain unauthorized access to services and information. This threat is most relevant for contact centers that deal with sensitive financial, health, or insurance information.
  • Eavesdropping: The ability to listen to or record calls is easier on VoIP networks than on PSTN. This is a concern not only because of personal privacy violations, but also because sensitive information can be compromised and exploited. Again, the threat is greatest when dealing with credit cards, social security numbers, and confidential information.
  • Spam over Internet Telephony (SPIT): The delivery of unsolicited calls or voicemails can inundate networks, annoy subscribers, and diminish the usefulness of VoIP networks. This is an overblown concern today, but as VoIP endpoints and networks proliferate, the attractiveness increases for spammers to annoy agents and decrease productivity.

These threats exist at four main IP network border points, not all of which may be in place in a contact center. The borders are:

  • Interconnect: IP trunks to service providers using SIP or H.323 signaling for inbound and outbound calls
  • Trusted access: private, managed IP networks that connect service providers’ residential, enterprise, or mobile subscribers (as part of an emerging federation of trusted networks)
  • Untrusted access: unmanaged Internet for connections to work-at-home agents or inbound callers
  • Multisite contact center: private, managed IP networks that connect contact center locations

Solutions for a Secure Contact Center: A solution to this menagerie of IP IC threats is best suited – from a cost, manageability, and capability perspective – for the IP network border points, allowing the core infrastructure to scale more cost-effectively. This way, the first line of defense is at the ingress and egress points of the IP contact center network. As such, the border elements employed must be able to protect themselves from attack, as well as secure the equipment in the contact center core – equipment that’s tied to servicing the customer. This protection should keep the contact center operational in the face of attack.

The key features and functions that this border element must deliver to stop or mitigate the threats include:

  • Access control, which employs static and dynamic access control lists to prevent DoS attacks and service fraud, as well as guarantee resource availability for trusted users
  • Dynamic trust management and behavior learning, used to determine which devices or users are trusted, untrusted, or malicious based upon their signaling behavior; ensures endpoints behave according to policies
  • Authentication and authorization in order to prevent unauthorized use of network resources
  • Topology hiding, anonymizing all contact center infrastructure information to minimize chances of directed attacks
  • Admission and overload control, limiting the rate of call requests, preventing excessive signaling requests (originating from both malicious and legitimate sources) from overwhelming contact center IP IC resources
  • Deep packet inspection of the VoIP packet payload and attachment stripping, thwarts viruses and malware
  • VPN separation, which isolates the virtual private networks that connect callers, agents, and external service provider networks; for hosted contact centers, this feature securely separates multiple enterprise clients
  • Encryption, to ensure integrity and confidentiality of sensitive communications over untrusted networks
  • Monitoring and reporting, to provide audit trails for investigation, threat resolution and planning, including intrusion detection reporting

These capabilities allow contact centers to prevent attacks from impacting their IP IC core by detecting them and acting against them at their network’s border. Optimally, all these capabilities should be delivered at wire speed and should not add signaling or media latency or affect legitimate call quality.

Traditional data security products have proven to be completely inadequate in protecting real-time IP interactive communication infrastructure due to a lack of session awareness. Purpose-built hardware is required to prevent DoS attacks and overloads and to encrypt signaling and media at high capacity. The border element must be stateful, meaning it can correlate signaling and media flows and keep track of session status, which traditional data security products cannot do. A dedicated, session-aware border element with rich functionality in the areas outlined above is required to provide control and security.

The benefits of IP in the contact center are quite clear, but so are the threats and security implications that need to be addressed when migrating to IP. The IP borders of the contact center are the attack points, and there are session border controller solutions that are purpose-built to deal with the threats to IP interactive communications.

Kevin Mitchell is director of solutions marketing at Acme Packet, the leading provider of session border control solutions. For more information on Acme Packet or session border controllers, email

[From the December 2008/January 2009 issue of AnswerStat magazine]