Voice over IP (VoIP) experiencing massive success with businesses. Prime ROI: it allows not pay the telephone (or video conference) passing entirely on the corporate network, including to subsidiaries abroa. In addition, it offers. a host of advanced features, appreciated by users and companies: text transcripts of voice messages and vice versa (including email), customizable ringtones and music waiting, automatic rerouting of calls to a device indicating the availability of user, etc. And all through a simple interface and within reach of any user.
An application like the others, but very sensitive
Like any application, VoIP can integrate with other applications simply and business directory, and easily managed. But like any application, it is exposed to various threats and IT risks. While regulatory compliance is forcing companies to remain vigilant on various issues and to protect privacy. However, any organization must be proactive and protect themselves from attacks by hackers and pirates Web and networks.
Indeed, VoIP data traveling over networks are de facto exposed to these risks and the most sensitive business information is at risk of being intercepted. Most risks affecting data networks potentially threaten VoIP
In addition other specific threats exist. Espionage or recording conversations, passwords, recovery, voicemail pirated digital identity theft , type of intrusion “man-in-the-middle” (invisible interception of all communications), DoS attacks VoIP stopping all of the company, taking into illicit hand the management console …
Hence the urgent need to secure and thoroughly supervise their VoIP network.
The 20 essential tasks?
Of course, any VoIP security policy must go hand in hand with the security of network data. Here is a list of 20 good security practices that should respect any VoIP deployment. Although some may seem obvious, they are not always respected
- Isolate traffic of voice traffic data by deploying two vLAN;.
- Protect the console remote administration with a password worthy of the name (and do not leave the default password!)
- at least Encrypt sensitive communications
- Use an IP session security protocol (Sips) to protect against eavesdropping and forgeries;
- Apply physical and logical protection: VoIP server must be at the SIP shelter behind a firewall and a system of prevention against intrusion (IPS);
- Create different user names for their extension number
- Maintain VoIP systems updated and consistently apply security patches;
- Restrict calls by telephone handset;
- Use encryption to secure communications;
- Define and deploy robust security policies
- Use traffic analysis tools and deep packet inspection (Deep Packet Inspection or DPI)
- Securing proper VoIP gateways;
- Imposing the protection of voice mail by a code of 6 figures or via a certificate equipment;
- Permanently delete any voice message sensitivity;
- Clear VoIP accounts of employees leaving the company;
- Limit the number of login attempts to a VoIP account;
- Restricting the type of calls allowed on the network and define periods of use of VoIP;
- Outlawing the default international calls
- Establish security awareness campaigns for employees
- Ask all employees to immediately report anything that seems strange to them or unusual
These few steps should already protect the company of a large number of attacks still occur on networks, often with success.