Security Risks to Consider When Setting up VoIP
September 6th, 2013 by admin
Enterprises have spent much time and money on integrating VoIP with their networks. One of the most often neglected aspects of this transition is security. Many IT leaders believe existing security protocols are enough, however, they are not. With VoIP, there are new ways to infiltrate the network. This is not phone line based as was PSTN. Your phones are now connected to the network and the Internet as a whole, opening the door to hackers and other intruders who are finding new ways to infiltrate every day.
Telephone service has traditionally been secure when employed on a separate network. The issue with VoIP is your phones are now linked to the data network. All of the same security threats, therefore, now apply to components of the enterprise telephone system. Adoption of this new format in telephony is still growing faster than attentiveness to security, although the threats are more recognized than ever. The current trend is one favoring a solid security policy. The aftermath of a security breach can be devastating in many ways.
Why Does VoIP Leave the Network So Vulnerable?
On traditional phone systems, voice is transmitted over a single connection, which remains open until the call ends. Data transmitted over VoIP does not take the form of a single stream of audio, as many believe. Data packets are transmitted, as with email, web queries, and remote access, through various networks before reaching their destination. This means voice packets are effectively taken apart and put back together again. Some get lost along the way. Missing packets are often ones intercepted by hackers, and the only way to pinpoint it is through subtle degradations in call quality.
Since IP networks are designed for speed and efficiency, what seems like a circuitous route is really the fastest one. Call data may move through a variety of networks. Since these can be located anywhere in the world, you not only have to worry about competitors. People living in places where acquiring your data is not considered so malicious won’t hesitate to do so. In fact, they may already be scanning the web for the next call stream to target.
What Are the Security Risks of VoIP?
There are many risks to consider when setting up VoIP. Some may be so subtle you might never notice them. Others can involve a direct attack on your network, in which case you’d immediately feel the effects. A large-scale network attack can have many devastating results. More realistically, these are on a corporate scale, but if a hacker working for a terrorist network, for example, was able to get in, there could be huge disruptions to things like the stock market or regional power supply. Attacking an enterprise network could cut off communications between branch offices, employees, suppliers, and customers.
The best way to stop such events is to prevent unauthorized access. Protection should be as strong for your voice systems as they are for the rest of the network. Encrypting voice traffic is an effective strategy; there are many technologies already available, such as voice and video-enabled VPN, IP Security, and the Advanced Encryption Standard, to reinforce VoIP security. Voice data can also be limited to a single VLAN, which would also limit the damage if there was an attack. Aside from full scale attacks, there are other risks to your network and business:
- Financial theft – If a hacker can get into your financial network or banking system, they could essentially bankrupt your company. Keep all account numbers secure. This means authorized access, encryption, and security monitoring need to be everywhere in the network.
- Access to data – The importance of data to the enterprise has been stressed over and over again. Competitors are always looking for an edge, even if it means going to great lengths to undermine another organization. They can gain entry to look for information on product launches, corporate acquisitions, patents, and just about anything else that could be used against you. This includes customer account data. Such competitors have stolen patent data or subversively driven customers away from specific products, for example. They can implement a strategy known as call hijacking; only a free Wi-Fi hotspot is needed, and the hacker can easily obtain sensitive information discussed during the call.
- Malware Intrusion – VoIP provides cybercriminals with another means to inject malware and spyware. They can intercept a call, using an unsecured Wi-Fi connection, and get it to run through their servers. The malware is added to the packets and can then find its way into the destination network.
- Non-Text Phishing – Elaborate phishing scams have been set up, with cybercriminals pretending to be someone from a legitimate service provider. Unsuspecting parties on the receiving end might be tricked into giving out sensitive information such as banking or other account numbers and details.
- Lack of a security policy – An assessment of the security risks, a plan, and a set of policies are needed to secure the network. Since these risks come from all sides, including outside and within the network, policies for data applications are important.
Every network equipped with VoIP should have packet data encryption. This will prevent hackers from accessing call traffic or redirecting it. Secure gateways and firewall protection help to ward off unauthorized users, as does employing multiple encryption layers. Transport Level Security is engineered to encrypt calls; for encrypting communications between two specific endpoints, Secure Real Time Protocol is effective. These help to reduce the risks of data leaks and theft.
Another strategy is to select a VoIP system already packed with security measures. The Allworx phone system is one such product. It is designed to deter hackers, who are more easily dissuaded when they know getting into such a system will take too much time. In addition, the Allworx system is easier to install and supports faster online communication. When setting up VoIP, therefore, it is imperative not to cut costs by neglecting to maximize your security. Hackers can intercept vital data without being detected.
If you are looking to set up a secure VoIP system and you need advice from experienced professionals, give Business Phones Direct a call and one of our experts can assist you 866-777-7466.
Posted in: Products