Friday, November 20, 2009

Security recommendations for VoIP


Before beginning a successful VoIP rollout across the organization, there are many things you should consider.


1. Make sure your network and infrastructure security, including firewalls, IDS, VPN, etc., are the voice-optimized and capable of supporting the advanced security needs for VoIP. Traditional static policy rules are not sufficient to control the VoIP traffic. The protocols involved dynamically allocate ports during call setup, which requires opening and closing the doors at the gateway level security on demand. The inspection of the VoIP traffic not only at the network level but also at the application level is needed to meet the challenges of VoIP protocols in Network Address Translation (NAT) environments. Finally, the bandwidth, latency and quality of service become critical requirements for network infrastructure and security, while processing multiple streams of simultaneous transmission of voice.


2. Critical security vulnerabilities have been identified on a regular basis, leaving systems vulnerable to denial of service attacks and even more serious buffer overflow. Your IP PBX lies at the heart of your VoIP infrastructure, ensure that the basic operating system of your IP PBX, as well as the network infrastructure are always updated and patched for the latest security vulnerabilities. Regular security assessments of your VoIP infrastructure to provide the identification and remediation of security flaws to avoid attacks and prevent disruptions.


3. Always properly secure any remote access and configuration possibilities for individual VoIP devices to eliminate any backdoors. VoIP phones as the endpoints are the most common and widely accessible components of a VoIP infrastructure. Default login and administrator passwords on these devices are a very common way for attacks. Disable any secure remote access features, such as FTP and Telnet, and disable the local administration and management functions.


4. If the VoIP traffic goes over unsecured channels like the Internet, using encryption technologies such as IPSec tunnels to protect VoIP traffic. While many VoIP protocols include features for encryption and authentication, most of them are optional. It is essential to establish secure tunnels for transporting information flows (VoIP call signaling, call control and media) between sites and over untrusted networks.


5. Network structure and leverage VLANs separate devices for voice and data traffic. Although this may have a limited impact on security, deploying VoIP devices on separate VLANs can isolate data traffic and voice signaling traffic, and using Quality of Service (QoS).

By Richard Anderson

No comments:

Post a Comment