VoIP telecom services have grown substantially in the past decade. As such, securing these business networks has had many challenges that do not apply to traditional phone systems.
Why is security an issue with VoIP?
VoIP is an application running on the internet. Like any other internet programs, VoIP faces the same inherent internet security issues that every application faces. On top of this, VoIP is a relatively young technology and security features are constantly being improved and upgraded.
Common VoIP Security Threats
While there are security features built in to VoIP systems, it’s important to know and be able to recognize threats so that you can be on the lookout for your business. Several problems have arisen that VoIP has had to defend against. VoIP has many benefits for small and medium sized businesses, but here are some situations that any business should look out for:
Risk # 1: VoIP traffic may be internet bound.
Routing traffic over the internet is inherently less secure than placing a call over traditional circuit switched networks. Some solutions utilize virtual private network (VPN) tunnels to connect a remote phone to the corporate office phone system. This works except for two limitations: VPN’s can take time to setup (up to 30 seconds), so prior to placing or receiving phone calls, the VPN connection need to be up and running. Also, VPN relies on hardware so if encrypting and decrypting traffic on the VPN appliance becomes burdensome, the result is delayed VoIP packets, causing delays and static on the VoIP phone.
Risk # 2: Patching problems.
Updating VoIP endpoints presents a number of challenges. Legacy phone handsets and devices did not require software updates, and many incorrectly assume security patches do not exist for phones. Second, many organizations don’t have the downtime windows to set-up telephone security diagnostics. Administrators find that maintenance downtime with telephone equipment does not work in the same manner as it does with data services.
Risk # 3: VoIP security is only as reliable as the underlying network security.
One simple cause of security issues with a VoIP is that the existing network has security vulnerabilities to exploit. It’s wise to implement independent security assessments before deploying a VoIP system. The biggest issues come from gateway security, firewall configuration, patching procedures, periodic system logins and wireless security.
Risk # 4: More ports open means more ports to secure.
While the infrastructure equipment may remain unchanged, VoIP complicates network traffic flow with many new ports, rules, and virtual networks. An IT expert must carefully map out the method by which network traffic travels, as well as the resulting implications to the corporate wide area network, bring your own device policies, and remote access policies.
The best policy is to do this before installing the VoIP so that any configuration issues can be isolated and kept to a minimum. Regardless, with any major infrastructure change, only a minimum number of ports should be opened to conduct business operations.
Risk # 5: Wireless phones require advanced wireless security.
Many VoIP phone systems offer wireless handsets and devices for mobility and weak wireless security exposes VoIP vulnerabilities. The best wireless solutions require centralized network authentication, in addition to wireless encryption, to ensure that no one from outside of the network has access to the system, even if they are able to detect the wireless signal.
VoIP is everywhere in American businesses and it’s hard to keep track of every possible incident that can occur to threaten security. It’s not uncommon for telecom products to be released without well thought out security.
3 easy steps to maintain your VoIP system:
Step 1 – Perform a security audit ahead of any VoIP implementation or systems upgrade.
Step 2 – If you cannot afford a security audit, review the existing configuration, arrange for the necessary changes and have the telephony vendor to review for accuracy.
Step 3 – Make sure your firewalls are VoIP aware. If not, you should upgrade it ahead of time.
Following these simple steps will set you on the path for telephone systems protection and a reliable telephone system with minimal problems and distress, and a higher quality of performance.