Oracle SBC can be used to protect against fraudulent calls by enabling Telephony Fraud Protection and creating/maintaining the following type of lists:
- Blocklist – Specify a fraudulent call based on the origination/destination phone number or URI (by prefix or by fixed number). When a call is received to an entry on the blocklist, the system rejects the call with the default response is “403 Forbidden.”
- Allowlist – Manage any exception to the blocklist.
- Redirect List – Send a fraudulent call to an Interactive Voice Response (IVR) system, or to a different route.
- Rate Limit List – Use rate limiting to limit the loss of money, performance, and availability that an attack might cause.
Telephony Fraud Protection is included in the advanced license.
The process for using Telephony Fraud Protection includes the following steps:
1. Enable Telephony Fraud Protection
2. Specify the source of fraud protection management
3. Create the file that contains the list of phone numbers to manage
4. Activate the fraud protection file
You can create the fraud protection phone number list on the File Management page on the Web GUI, or you can create it externally in XML and upload it to the OSBC. Save the file to /code/fpe/<filename>. When updating the fraud protection file remember to refresh the configuration from the file with the following command (using CLI):
notify fped refresh
Navigate to the configuration menu to System -> fraud-protection, set mode to local and provide a file name, then click on Manage file:
Then click OK,
In the next window you can administer the Fraud Protection Table (in this case fraud.xml file)
If the fraud.xml is downloaded the content is the following: