You have already decided to implement VoIP technology because you want to obtain the advantages that it will bring to your business, yet as with any new technology implementation security cannot be left as an afterthought.
Most common threats in a VoIP network
So, what are the most common threats you’ll face when setting up a VoIP network?
- Denial of service, where an attacker sends a flood of SIP registration packets or incomplete call sessions with the intent of crashing a server.
- Theft of service, when an attacker uses your VoIP infrastructure to place calls. This is probably the most common and feared threat as it will show up on your phone bill.
- Call interception, which is akin to wiretapping and translates into phishing, blackmailing and loss of intellectual property and trade secrets.
While these scenarios sound scary, you can prevent them with a few simple measures.
An application level firewall on the network perimeter will quickly fend off any Denial of Service attempt, as most of these firewalls can actively block connections that try to guess your VoIP phones passwords. More advanced firewalls are able to detect and block bogus SIP messages that try to crash your VoIP PBX.
The recipe to prevent Theft of Service seems obvious but you wouldn’t believe how many VoIP admins fail to implement it: You must use long, unique, random passwords for each VoIP phone on your network. You will use these device passwords at device configuration time only and your users won’t ever see them, so there’s no point in making them easy to remember.
Wiretapping becomes impractical when using VoIP encryption, so to avoid it you must always enable SIP+TLS and SRTP on your phones. Although their function looks similar, it is not:
- SIP+TLS, also called SIPS, encrypts the SIP signalling protocol thus protecting information exchange between your phones and PBX.
- SRTP encrypts the call’s audio payload so nobody will be able to wiretap your calls by sniffing your network.
It always surprise me how many companies fail to implement even such basic VoIP security measures.
Take a look at Grandstream’s GXP1600 series, as all of them support SIP+TLS and SRTP protocols
Remember, enjoying the benefits of IP telephony means thinking about a secure infrastructure, too.