Every year VoIP technology reaches farther as more and more companies in the United States are ditching their legacy systems. According to the German online statistics portal Statista, from 2010 to date the VoIP user base grew up from 30 to 120 million in the US alone. As we explained in the publication VoIP and Security, along with this impressive VoIP growth, threats and breaches have become more common as well, so it is important that you stay ahead of the attackers and plan your VoIP network for security.
VoIP security planning tips
We want to share with you some tips to start planning your VoIP network for security:
- Create strong, random and unique passwords for each one of your VoIP devices. You can think of these password as access keys as they are only shared between your VoIP phone and VoIP PBX, your users don’t need to know or remember those passwords.
- Establish IP Access Control Lists (ACLs) of the phones and routers authorized to connect to your VoIP network. It is of particular importance that port 5060/UDP on your firewalls should be open to the ACL whitelisted devices only.
- Configure VoIP encryption (SIP+TLS and SRTP) on all devices connected over the public internet as that will greatly reduce the possibility of call interception. SIP+TLS connects over port 5061/TCP so it won’t be affected by the above mentioned whitelist.
- When it is not possible or practical to enable SIP+TLS and SRTP, use a VPN.
- Frequently evaluate and analyze your Call Detail Records. Any suspicious call should trigger more in-depth audits.
- Limit access to international calls by the use of personal identification pins.
- Limit call forwarding because it may allow your users to generate international calls skipping the identification pin requirements.
- Configure a Session Border Controller at your network perimeter, as this server will be in charge of filtering suspicious traffic and block brute force attacks.
Preparing your operations team about all the risks that may exist on a VoIP network is a fundamental task. In conclusion, prevention and training will always be a great allies to keep your network infrastructure safe.
Leave us your comments and share.