This Industry Viewpoint was authored by Sheldon Smith, Senior Product Manager at XO Communications
Voice-over-IP (VoIP) networks are quickly replacing plain old telephone service (POTS) in both enterprise environments and SMB settings. While C-suites and front-line employees worry about implementation and the bottom line on a case-by-case basis, IT professionals and industry experts see the bigger picture: All VoIP systems come with security risks — regardless of company size or sophistication — that must be addressed to drive ROI and protect company interests. Here are four of the most common.
Bottom line? All VoIP systems need a firewall. As noted by WhaTech, properly implemented firewalls leave necessary ports open while closing ports that aren't regularly in use. It's also important to allow feature access on a case-by-case basis rather than granting broad permissions for services used at irregular intervals. The use of firewalls comes down to function over form; while many businesses focus on promising and much-hyped technologies to defend VoIP and other media networks, experts recognize the need for basic protection — and the oft-maligned firewall is the ideal place to start.
Why would an attacker target VoIP systems for a DDoS attack? All too often, companies can't find a logical answer to this question and so don't prepare for the possibility of high volume malicious traffic. The problem? DDoS attacks of any kind are often used as smokescreens to blind businesses while hackers go after higher-value targets. And with so many companies now relying on VoIP for local, long distance and rich media communications, the sudden loss of service can throw IT security into overdrive and leave other critical network systems at risk. You've got a few good options to address DdoS attacks — there's designing code in house, paying for mitigation hardware or leveraging a VoIP provider that builds DdoS protection into their offering.
According to an NIST whitepaper, one area many companies overlook is physical access to their VoIP network. With so much attention focused on virtual threats such as packet sniffing, eavesdropping and data theft, it's easy to forget that physical access to a server room or facility grants malicious actors virtually unlimited access to VoIP systems and data. Beyond simply data being intercepted, malicious access by either outside actors or motivated insiders could result in total system compromise that could go undetected for weeks or even months.
The best protection here is simple physical blocks. Everything from locked doors to access control systems or security guards. In many respects it mirrors the “target hardening” theory used to protect offices and homes — if potential targets look difficult to access or owners appear vigilant, would-be criminals will seek easier alternatives.
Another security threat to VoIP networks? Mobile devices. With BYOD quickly becoming a corporate reality rather than the exception, companies have little hesitation in allowing smartphones access to company communications. As noted by NIST, however, this poses problems for any devices using wireless networks since these connections may not be secure. Keeping hackers at arm's length here means opting for improved wireless security — think WPA2 over WEP — and ensuring access is never granted unless users are on a secure network. Communications safety must trump convenience; the risks of a wireless breach make open access a dangerous game.
VoIP networks offer speed, scalability and support for mobile devices but come with unique security issues. By addressing the need for firewalls, DdoS mitigation, physical defenses and wireless protection, however, it's possible to decrease risk without deterring ROI.
Sheldon Smith is a Senior Product Manager at XO Communications (xo.com). XO provides telecommunications services and cloud solutions. Sheldon has an extensive background in unified communications and his position involves overall product ownership.