How to Implement VoIP Security
You may worry about the possibility of outsiders tapping into your Internet communications. If you run your telephone calls over the internet, then you not only have to think about securing your data transmissions, but your telephone conversations as well. The Internet Protocol routes transmissions across many different networks. The connections any call will travel across cannot be predicted because each router encountered in the journey makes an on-the-spot decision over where to forward your calls. This makes it impossible to ensure security on the wires your call will travel over. Wi-Fi links make physical security even harder to implement.
The only feasible method of securing a VoIP falls with software and encryption. There is a lot you can do within your own offices that will enhance the security of your Internet-based phone system.
Remove unnecessary applications on handsets. IP phones are loaded with functions, such as Telnet and FTP. These applications increase access points to the network. Phones also may have an integrated web server, which should be configured to avoid creating unwanted visibility on the Internet.
Guard all the organization’s data networks by installing firewalls, anti-virus and anti-spam software. Create a Virtual LAN dedicated to voice traffic, keeping it separate from the data traffic that is more vulnerable to hacking and Denial of Service attacks.
Secure against eavesdropping by implementing encryption. There is a particular risk of calls being monitored where wireless devices are employed. Most VoIP service providers offer an encryption service. This service usually is achieved by the “SecureRTP ” method. The military has developed Secure Voice over IP (SVoIP), which integrates encryption software.
Enforce common sense security rules. Ban members of the organization from lending their IP phones to people outside the organization. Make it a punishable offense to divulge access codes and enforce regular password changes.
Update software regularly. VoIP providers are aware of the security risks to their industry. Software updates improve security measures. Also anti-virus software should be regularly updated together with related virus databases.
Keep informed. Many organizations with a web presence specialize in VoIP security. A few minutes each day keeping abreast of the latest developments in security will pay dividends. One example of these organizations is the VoIP Security Association. This organization’s website also lists tools available to monitor traffic and enforce security.