Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


With only 32% of UK businesses admitting to implementing distributed denial of service (DDoS) security prevention, it is about time banks sharpen up their systems. The Bank of England’s Financial Stability Report has already revealed vulnerabilities in the computing infrastructure of the UK’s banking sector, and Natwest was recently subjected to attacks of this kind towards the end of 2013.

Roger Jones
Roger Jones

No matter what your sector, when a website goes down there are usually financial and reputational losses. But when you are a global bank or providing other types of financial services, it can be even worse. Your customers cannot access their own cash, and businesses come to a halt. And as voice and other real time communications move onto public IP networks it’s not just web and email servers that can be subject to Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks.

Risks to VoIP and Real Time Communications in banking

As more and more banking customers access money in real time using their smart phones or online, Real Time Communication DDoS attacks are a powerful threat. Even if a business does have an ironclad firewall and intrusion prevention system in place, the attack vectors for Real Time Communications are unique.

Real Time Communication DDoS attacks can vary significantly from a more traditional IP or Web-based DDoS attack. A Voice or Telephony DDoS attack can be brutish, with voice ‘packets’ flooding in from many hosts causing VoIP platforms to be overrun and unable to route and switch calls. This ultimately prevents calls from coming in or going out of the networks.

Sniffing media packets, meanwhile, allow calls to be recorded, changed and replayed, and these can be posted on the Internet or used to impersonate a caller. They can also allow hackers to record security and identity verification questions with Interactive Voice Response systems or contact centre agents. Combined with other social engineering techniques this could allow an attacker to compromise users accounts.

And there are always man-in-the-middle attacks that can be performed by impersonating telephony endpoints, allowing someone to appear to work for your organisation.

Telephony DDoS, (TDDoS), attacks can also come in the form of repetitive telephone calls from multiple locations at varying frequencies. These seemingly legitimate calls may contain silence, recorded messages or just hang up immediately on answer. They are easily generated at zero cost and can cause significant denial of service.

To a traditional data security device, these IP messages look genuine. The number and frequency of these fake requests can prevent any genuine communications getting through. External voice communication can be stopped in its tracks. No calls going out and none being received.

In the banking world if this takes place, say in the contact centre, many telephone customers will be frustrated they cannot get through to carry out their banking requirements. With banks always looking to improve customer services and re-build trust any downtime could lead to lost business and an inability to compete.

Banking security requirements

As an increasing number of information and communications systems become IP-connected, the level of potential damage to a company’s business or reputation from cyber attacks rises.

Sonus research carried out among 450 EMEA IT decision makers in 2013 revealed that only 32% of UK businesses have DoS attack prevention solutions present on their networks, despite analysts predicting that a quarter of DoS attacks in 2013 would be application-based. And only 26% of respondents said they were actively monitoring call detail records to detect toll fraud.

What is needed to protect against these threats is a device or application designed specifically for VoIP and SIP that understands both brute force DDoS attacks and TDDoS attacks. Any such device also needs to understand the signaling and media elements of a real time call, in addition to knowing where the calls are originating from and the “state” of the call. Processing Call “state” such as ringing, answering, talking and hang up is essential to provide Real Time Communications security.

Securing network borders

Sonus Security
Sonus Security

Security should be strengthened at the borders, where two networks meet (Enterprise to Internet, or Enterprise to Service Provider). In Real Time Communications, it is the session border controller (SBC) that can provide this border security.

IT managers in banks need to understand where their network borders are for different applications, and then place the security application in the correct part of their network. Session border controllers act as a security guard to secure incoming and outgoing communications, protecting against DoS and DDoS attacks and providing media and signaling encryption, topology hiding and black, white and grey listings, ensuring no one can see past the front door to gain information to help plan an attack.

As DDoS and DoS attacks continue, and an increasing number of voice and Real Time Communications applications are applied to the network, security strategies must be re-evaluated. They need to include provision for VoIP and UC, and any VoIP security strategy must protect the UC application, the endpoint and the media itself. Prevention is always better than cure, and no bank wants to be headline news for the wrong reasons!

Roger Jones, Sales CTO EMEA, Sonus Networks.