Layered Security Gains Ground in Securing VoIP Systems
Early adopters of VoIP business phone systems gave security little thought. But today, with attacks being staged with more frequency against organizations of all sizes and types, IT specialists are updating security practices to protect voice and data transmitted over their networks. It turns out security professionals and managers are more concerned than ever about security breaches of a network, according to a recent IDG Enterprise survey.
While the biggest threats to VoIP systems – including denial of service attacks, data breaches, spamming and viruses – are common on networks as well, VoIP brings added concerns to the table. Call interception, caller ID hacking and registration hijacking are real vulnerabilities to VoIP systems.
That’s a big reason why IT professionals should consider VoIP business phone systems separately when they’re implementing security precautions. For many, this means implementing a customized layered security approach to protect voice and data transferred over the VoIP system.
As the name implies, layered security uses multiple layers of defense to protect resources and data. The idea is that systems are better protected against attacks when multiple defensive components are in place. The system uses these components to protect the network at different levels, or “layers.” With layered security, several security tools will be deployed at different points in the network to prevent intrusion.
What does layered security look like? Its main components are:
The Firewall: Strategic placement of your firewall – which separates your VoIP from the rest of your network – is the first layer of defense. But you should also make sure the firewall is VoIP-aware, meaning it’s been designed to handle VoIP traffic.
Also, placing your VoIP in a Virtual LAN (VLAN) is highly recommended by security experts. By placing data and voice traffic in separate VLANs, you’ll:
- Reduce the number of Ethernet switches required in the network.
- Eliminate the transmission of packets from the data network to the voice network.
- Isolate the effects of congestion, packet loss and viruses, so that problems on one network won’t impact the other.
Encryption: Here, even simple protocols can provide substantial protection against data breaches. For VoIP systems, the preferred method is “transport layer security,” which is designed to secure client-server applications.
Traffic Analysis: Daily monitoring of VoIP traffic is essential for uncovering hidden data. Deep packet inspection tools can analyze outgoing network traffic and prevent the transmission of unauthorized data.
Authentication: Just as with your data network, it’s imperative to apply strong authentication mechanisms and access controls.
Physical security: Limit access to the servers and cables hosting your VoIP systems. Your data center should be behind a locked door, with access restricted to the people handling your IT.
By building security layer by layer, from the user interface toward the data center core, you’ll reduce the risk of breaches, intrusions and other threats.
To learn more about data network best practices for VoIP, download our white paper.