Six VoIP Security Recommendations
Before you begin to implement VoIP across your organization,
there are several things you should consider. Security is
extremely important these days and it is best to think before
than act after an attack. Some vendors are building security
solutions within their products others are not, leaving it up to
the user to implement these measures.
1. Make sure your network and security infrastructure, including
firewalls routers, VPNs, etc., are voice-optimized and capable
of supporting the advanced security requirements for VoIP. More
importantly, bandwidth, latency and quality of service become
critical requirements for network and security infrastructure.
2. Your IP PBX is at the core of your VoIP infrastructure.
Depending on the software you are using, especially windows
servers, ensure that the base operating system of your IP PBX,
as well as network infrastructure, are always updated and
patched for the latest security vulnerabilities. Vendors that
provide proprietary operating systems are a lot less vulnerable.
3. It is important to be proactive in conducting regular
security assessments of your VoIP infrastructure. Being aware of
such security flaws will help to avoid attacks and prevent
system outages.
4. Manage your remote access ports and system backdoors. Default
login and administrator passwords on such devices are a very
common entry for attacks. Disable any insecure remote access
features, such as FTP and Telnet, and disable local
administration and management features.
5. Structure your network to use VLANs to separate voice and
data devices and its corresponding traffic. Deploying VoIP
devices on separate VLANs permits isolating data traffic from
voice and signaling traffic, as well as utilizing Quality of
Service (QoS) capabilities. VLAN separation does not ensure a
robust security practice but having separate VLANs will help in
isolating the traffic.
6. If your VoIP traffic goes over the Internet, use encryption
technologies like IPsec tunnels to secure the VoIP traffic.
While many of the VoIP protocols include capabilities for
encryption and authentication, most of them are optional. Ensure
your vendor has a security policy within the product itself.