VoIP Security Considerations

VoIP Security Considerations

For a successful VoIP rollout across an organization, several factors should be considered. The following precautions will help eliminate the most common VoIP security threats such as the distributed denial of service (DoS) attack, spams and frauds.

During VoIP configuration/installation, it is important to establish security infrastructure including firewalls, VPNs, etc., to be capable of supporting the advanced security requirements for VoIP and be voice optimized at the same time. The VoIP security protocols dynamically allocate ports during call setup, requiring opening and closing of ports at the security gateway on demand. The protocol required the voice traffic inspection at the network and application level to address the challenges of VoIP protocols in Network Address Translation (NAT) environments.

Similar to other services using network, there are critical security vulnerabilities being identified for VoIP. It is important to have the IP-PBX and IP Phone firmwares always updated and patched for the latest security vulnerabilities. Regular security assessments of your VoIP infrastructure provide identification and remediation of such security flaws to avoid attacks and prevent outages. Your IP-PBX is the heart of your VoIP infrastructure and it must be updated and patched as necessary.

Since the VoIP gateways, servers and phone can be configured remotely, backdoor and front door access is sometimes enabled for ease of configuration. It is recommended to properly secure any remote access and configuration capabilities to individual VoIP devices to eliminate any security breaches. It is important to note that the endpoint credentials and administrator passwords on such devices are a very common avenue for attacks. In general, disable any insecure remote access features, such as FTP and Telnet, and disable local administration and management features.

If your VoIP traffic goes over the Internet, use encryption technologies like IPsec tunnels to secure the VoIP traffic. While many of the VoIP protocols include capabilities for encryption and authentication, most of them are optional. It is essential to establish secure tunnels for carrying the VoIP information streams (call signaling, call control and media) between sites.

Wherever possible, leverage VLANs to separate voice and data devices and traffic. This may have limited impact on security, however deploying VoIP devices on separate VLANs isolates data traffic from voice and signaling traffic and permits utilization of Quality of Service (QoS) capabilities.

When creating passwords for accounts, follow secure password guidelines such as making password long, using a combination of numbers and alphabets, not using common names, or same as the account numbers.