Leave a Comment

Should You Include VOIP Security in Your Security Reviews?

Voice over IP (VoIP) is fast becoming ubiquitous in the business world. But VoIP can be subject to various types of threats and there are also privacy issues and other concerns, some of which include access and authentication, Denial of Service (DoS) attacks, VoIP spam, toll fraud and ‘vishing’ (the VOIP equivalent of phishing emails).

My colleague, Simon Heron, succinctly itemized these concerns in a recent white paper. IT managers take heed — here are a few tips you may find useful:

– Include VoIP security in your security reviews
– Use encrypted protocols like SRTP and SIPS
– Patch your systems frequently and don’t assume that your SIP trunk provider follows similar security procedures
– It’s critical that your network traffic goes through a firewall designed to protect VoIP systems
– Monitor VoIP traffic frequently – it’s a good way to spot abnormal activity
– Educate your users to recognize VoIP fraud

Simon indicated that probably the most critical concern is privacy as both SIP and H.323 are easily listened to if a hacker finds a relevant data stream. He recommended placing VoIP phones on separate, individually secured (firewalled) vLANS to protect against rogue devices, and then protect that vLAN against introducing any unauthorized device.

And the bottom line? Watch your network and calls for any unusual activity – you’ll mitigate potentially nasty security problems by responding expeditiously!

This entry was posted in: VoIP
Tagged with: ,


Our mission is to produce, configure and maintain effective, affordable, computer security systems to protect the computer systems of enterprises of all sizes. We believe that all companies, regardless of size, should be afforded the same level of protection.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s