Three Tips to Secure Your VoIP Network
VoIP telephony offers numerous advantages for companies such as lower telecommunication costs, greater flexibility, and many other attractive features. However, as you migrate from analog/digital phones to VoIP telephony, new security vulnerabilities may emerge. Just like the IP network may present risks, the VoIP environment can also have its vulnerabilities. However, these vulnerabilities are preventable, so here are 3 very important tips to help you secure your VoIP network.
Why Might This Pose a Threat?
To better assess the risk, you need to understand how VoIP telephony works. In short, voice is encoded in packets like any other data and directed to the company’s VoIP network.
This process requires a VoIP infrastructure with very different constraints and requirements compared to traditional data traffic. Installing a VoIP network requires an adapted architecture, so without a secure network, the computer system could be exposed to new threats, such as signaling protocol hacking or identity theft. This vulnerability is avoidable, however, and must therefore be met with precautionary measures.
Advice 1: Protect Yourself Against Hacking
The . through VoIP telephony is also known as « vishing », a combination of the words phishing and VoIP (voice over IP) .This is when someone uses one of your servers to randomly dial phone numbers.
This scam is nothing new, and already exists on the internet. Malicious individuals will try to obtain data that they can exploit, so make sure you use a specific VoIP firewall as it should have VoIP features. It will secure your network by preventing unwanted users from accessing confidential information. This will also isolate your VoIP servers, ensuring that they only talk to authorized and authenticated users.
Advice 2: Change Your Passwords
Changing the passwords for your installation and your voicemail on a regular basis is a simple way to secure your company’s telephony. Keep in mind that a good password needs to be complex enough to prevent hacking. For access to the phone server, we recommend that you use 8 characters with a mix of capital and lowercase letters, numbers, and special characters. For your voicemail, we recommend a minimum of 6 digits without repetition or patterns.
Advice 3: Secure All Exchanges
One of the most crucial issues is making sure all exchanges between the VoIP VLAN and the data VLAN are carefully controlled to avoid any malicious intrusion. To ensure this, all IP telephony stations must be authorized to connect to the network via the 802.1x authentication and the access control lists at the routing equipment level. You should also set up a protection system against the injection of fake ARP requests and fake DHCP servers.
Also, make sure to update your IP phones securely (signed firmware and operating systems), by loading an X.509 certificate for example.
Frédéric Caron
Vice-President, Business Development
ComUnik