Six VoIP Security Recommendations

Before you begin to implement VoIP across your organization, there are several things you should consider. Security is extremely important these days and it is best to think before than act after an attack. Some vendors are building security solutions within their products others are not, leaving it up to the user to implement these measures.

1. Make sure your network and security infrastructure, including firewalls routers, VPNs, etc., are voice-optimized and capable of supporting the advanced security requirements for VoIP. More importantly, bandwidth, latency and quality of service become critical requirements for network and security infrastructure.

2. Your IP PBX is at the core of your VoIP infrastructure. Depending on the software you are using, especially windows servers, ensure that the base operating system of your IP PBX, as well as network infrastructure, are always updated and patched for the latest security vulnerabilities. Vendors that provide proprietary operating systems are a lot less vulnerable.

3. It is important to be proactive in conducting regular security assessments of your VoIP infrastructure. Being aware of such security flaws will help to avoid attacks and prevent system outages.

4. Manage your remote access ports and system backdoors. Default login and administrator passwords on such devices are a very common entry for attacks. Disable any insecure remote access features, such as FTP and Telnet, and disable local administration and management features.
5. Structure your network to use VLANs to separate voice and data devices and its corresponding traffic. Deploying VoIP devices on separate VLANs permits isolating data traffic from voice and signaling traffic, as well as utilizing Quality of Service (QoS) capabilities. VLAN separation does not ensure a robust security practice but having separate VLANs will help in isolating the traffic.

6. If your VoIP traffic goes over the Internet, use encryption technologies like IPsec tunnels to secure the VoIP traffic. While many of the VoIP protocols include capabilities for encryption and authentication, most of them are optional. Ensure your vendor has a security policy within the product itself.