Call diverting, rerouting and eavesdropping are just some of the security issues that PSTN networks and VoIP communication systems have in common despite the technical differences that define them. Although switching to VoIP means going for a more flexible, efficient and high quality communication solution you still need to make sure all your conversations and data are private and secured. Wondering how secure is really your VoIP solution? It all depends on how experienced and prepared is your VoIP system provider to ensure security. These are just a few things you need to know before deciding with what company to work on taking your communication system to the next level with guaranteed security.

VoiP – How safe can you be?

Photo source: Yuri Samoilov

 

Levels of security threats

There are three major levels of security threats that you need to know about and make sure that they are being acknowledged and covered by your VoIP system provider:

  • IP level threats associated with applications such as web and email that are familiar to any Internet user. From this point of view the threats are mostly the same as the ones you encounter when using your email and the security measures are similar.
  • Protocol and application specific threats that are determined by how the SET VoIP protocol is designed and implemented. This kind of threats can determine disruptions such as call misdirection or call termination and they can be the source of major activity disruption.
  • Content related threats which interfere with the media stream meaning voice calls or video conference affecting the quality of communication.

Video: VoIP security threaths

 

Types of security threats

Depending on the objective of the person that is targeting a VoIP systems, the main types of threats that you need to be protected from when using VoIP are mostly the same ones you are dealing with when using a PSTN network:

  • Identity and service theft – service is stolen from a service provider or the cost of using the service is passed to another person or company.

Types of security threats

Photo source: A. Strakey
  • Eavesdropping – a third party is listening on the conversations obtaining confidential information such as names, passwords, social security and phone numbers.
  • DoS or Denial of Service – defines a network or device resources overload that causes calls to drop out prematurely and halts call processing.
  • Call tampering – quality of calls is spoiled by injecting noise packets in the communication stream or by withholding packets delivery and determining periods of silence during the call.
  • Man-in-the-middle attacks – calls are intercepted by a third person which assumes the role of the calling party to the called party or vice versa.
  • Viruses and malware – a VoIP system is as secure as your laptop, tablet or other device you are using to access it. A professional provider will advise you how to protect your Internet connections and the devices you are working with so that all your data is safe and secured.

 

How do you deal with VoIP Security threats?

Identify risks and vulnerabilities

The first step in making sure your system is protected from any attack is to identify and deal with the specific risks your company might be exposed to, such as securing vulnerable VoIP servers and devices, preventing unauthorized calls, protecting sensitive communication and data. Understanding what a potential attacker would want to accomplish, such as disrupting your business (competition), obtaining free long calls on your expense or access to confidential information is the first step in preparing the best security measures to keep your system safe.

Secure endpoints

Viruses, worms, unauthorized access and other types of attacks are mostly oriented towards vulnerable endpoints such us Internet protocols, operating systems and management interfaces of laptops and desktops running softphones or VoIP hard phones. These are the first to be evaluated and secured.

Secure endpoints

Photo source: Teresa

 

Server security measures

The set of measures necessary to ensure server security includes:

  • Defining clear authorization policies in order to prevent from the start unauthorized access to sensitive administrative data,
  • Preventing DoS attacks by maintaining firewall, anti-tampering and antimalware solutions,
  • Enabling specified user account for maintenance and evaluation,
  • Using only applications required by the system,
  • Defining a clear procedure of audit for both administrative and user-sessions and all service-related activities
  • Creating a strong authentication systems for all user access.

 

Layered security

The next step any experienced provider will take is to add layers of security around your servers and isolate your VoIP servers and other necessary infrastructure such as DNS and LDAP from phones, laptops and desktops by using different networks to carry different types of data (management, voice traffic data traffic). Layered security is one of the most efficient approaches used in protecting your data.

Firewalls

When transitioning to VoIP one of the changes you might need to make is the firewall you have been using so far to protect your network. An experienced provider will explain to you that the firewalls we usually use to protect our computers are not suitable for VoIP which needs a large range of UDP ports dynamically allocated for media streams, because the only way they can accommodate VoIP technical requirements is to leave large sets of port numbers permanently open for VoIP creating vulnerabilities for attacks.

These, and a few other extremely efficient security measures, if put in place correctly and timely, will protect your VoIP communication system from attacks and disruptions in your activity. With efficient security protocols in place, VoIP systems are an excellent way to boost communication quality and efficiency and thousands of companies are already taking advantage of its flexibility. Want to know more about VoIP security and how to make sure nobody is listening on your calls? Let your questions in a comment to this post or contact us directly.