Concluding Remarks and Tips to Secure VoIP
VoIP is now prevalent in corporate America. All too often, products release to market without
well thought out security. Unfortunately, this has largely proven true with VoIP. While you
should not fear a VoIP implementation, make sure your security house is in order prior to folding
voice services into your data network. I leave you with the following tips summarizing the
recommendations supplied in this paper.
Tip # 1 – Perform a security audit ahead of the implementation. Remediate
vulnerabilities prior to your VoIP implementation.
Tip # 2 – If you cannot afford a security audit, have your firewall administrator review
the existing configuration, propose necessary changes for VoIP, and have the telephony
vendor review for accuracy. Further, use this as an opportunity to shut down unneeded
ports on your firewall.
Tip # 3 – Make sure your firewall is VoIP aware. If not, you should upgrade it ahead of
time.
Tip # 4 - Plan on establishing VPN tunnels for any endpoint connectivity outside of the
corporate office.
Tip # 5 – If you use an IDS/IPS, you can try to run VoIP behind it, but should have a
backup plan if the results are not acceptable. This plan would include steps to move the
phone system to a different un-scanned subnet. Remember, active packet scanning can
cause jitter and delay on your VoIP phone.
Tip # 6 – Have your telephony vendor write up a recommended patching methodology
and training program for IT staff. Make sure that handsets are included in the program.
Tip # 7 – If a general patching program does not exist, have your IT director write up a
patching policy for all other aspects of the network.
Tip # 8 – Include your VoIP servers in the tape backup schedule. Without a backup, you
would not be able to restore telephony in the event of a disaster.
Tip # 9 – SIP may be popular, but it may not be worth the risk. If you have a choice, it
may be worth using a proprietary protocol, such as Cisco’s SCCP.
No comments:
Post a Comment