Although security in VoIP networks is not implemented as a standard by all organizations or SIP providers, the idea of a secure framework is not new. There are even several built-in protocols that make VoIP as secure as possible. In fact, VoIP security works on several levels. As with any computer system, the weakest areas are the strongest. For example, if passwords are not properly set and recovered, intruders may very well be able to access your infrastructure without hacking in elsewhere. So before considering an upgrade to your security system, you should ask yourself where your weak link is and start by eliminating it.
When it comes to the technology itself, multi-level encryption is still the best way to protect against VoIP hacking. It’s also a good practice in general. Many companies have valuable trade secrets that they don’t want to divulge to other organizations that might come snooping around. An extreme example: imagine Apple with an unsecured network.
Nothing is more secure than a corporate VPN. At least when it comes to connections between VoIP servers and clients. Hacker attacks are virtually impossible except at the end-user and server level: between the two communication points, only encrypted data is transmitted, making man-in-the-middle attacks unnecessary.
However, if no secure VPN is used, the SIP signal must first be encrypted: The VoIP connection is divided into an RTP stream and a SIP part. In the latter case, authentication passwords and other information are transmitted. The encryption of this part is mandatory. Once this point is clarified, it is a good idea to use the SRTP protocol service instead of RTP. Unfortunately, not all SIP providers support SRTP connections, so in this case, you have to find another way to provide end-to-end encryption.
Another attack vector is a poor configuration or outdated VoIP client software. Companies will have hundreds of VoIP clients, including employee smartphones and fixed VoIP phones. In this case, make sure that the SIP provider is connected to the VoIP phone manufacturer. This way, all VoIP phones will be automatically configured to download and install the latest updates and patches to protect your network from attacks.
About Author
Cecilia Lyman Robertson is a 44-year-old CEO who enjoys networking, VoIP phone, VoIP and Security. She has a post-graduate degree in business studies.
