VoIP Phone Security Concerns

An IP phone can deliver significant benefits to your organization, as long as you can trust that the phone and your communications are secure.

A presentation entitled: VoIP Security: How Secure is Your IP Phone (News -Alert)? highlights that while phone security is nothing new, there are threats within the next generation that may not have existed in the past. The first objective is to employ best practices and plug any obvious holes that exist.

It is important that the IT team secure a company’s VoIP phones by ensuring privacy and appropriate access to information; maximizing service availability; avoiding unnecessary costs; extend service to remote groups securely and reliably; adhere to compliance issues; and develop an approach to security that is strategic.

Of course, wanting security for VoIP phones and actually accomplishing it are two different things. There are obvious complications that exist in this area, including the fact that there are multiple vendors and multiple applications; vendor and internal priorities tend to compete against each other; the responsibilities for security tend to be spread among internal groups; and a comprehensive defense against threats involves a number of different layers.

The security of VoIP phones is helped along by specific industry movements, including the VoIP Security Alliance (News - Alert), whose mission is to promote the current state of security research associated with VoIP. VOIPSA also promotes the education and awareness of VoIP phones security, as well as free VoIP testing methodologies and tools.

The very real threats VoIP phones are facing include voice line attacks such as eavesdropping and man-in-the-middle attacks; and call control which can expose information regarding users, systems and patterns. Defense strategies to battle these threats include physical protection, Ethernet switching, VLANs and VPNS, encrypted conversations and the maintenance of routing tables and account codes.

Best practices to protect VoIP phones include a general network where all voice streams and call signaling is encrypted, networks are evaluated for readiness to carry VoIP phone traffic, virtual LANs are used to segment voice and data and secure mechanisms are used to transverse firewalls. Remote management should only be performed through encrypted connections and proper password management must be in place. Software loads should be encrypted and tamper-proof and sets should run the minimum of services required.

Additionally, servers should be incorporated into the appropriate patch management and anti-virus systems and proper physical security should be applied to all VoIP phones and other equipment. Sufficient backup power is a must and all wireless devices should have WPA in place. Appropriate measures should also be taken to thwart PSTN threats, even when VoIP phones are in use.

While this summary merely scratches the surface of the protections that must be in place for VoIP phones to be secure, it is a great start to educating your IT team to dig a little deeper.

Susan J. Campbell is a contributing editor for TMCnet and has also written for eastbiz.com. To read more of Susan’s articles, please visit her columnist page.

Edited by Stefanie Mosca

Article source: http://voip-phones.tmcnet.com/articles/196826-voip-phones-face-significant-threats-this-generation.htm