Tuesday, September 6, 2011

Tips for Securing VoIP Phones in the Cloud

Click to enlarge.
South Africa - ...accepting an unprotected Internet Protocol (IP) connection from your VOIP partner is not the safest tactic. “Besides inviting eavesdropping on your most sensitive business dealings”, says Rob Lith, Director of Connection Telecom, “It also puts you at risk of sponsoring thousands of rands ($) in phone calls made on your account.”

What can be done?
So what can be done to keep your PBX safe from spilling your trade secrets and bleeding out your cash resources? The good news is that both VOIP providers and customers can pitch in. Here are some ways to safeguard your telephony:

Customer-side
· Password generators – Cloud PBX customers should use only securely-generated random passwords. Passwords chosen by humans are often the weakest link in a company’s security posture, so invest in tools that manage and retrieve passwords easily and securely. 1password from AgileBits is a good example.
· Strong access policies – It can be as basic as allowing only known IP address ranges access to the voice platform. But this approach, while highly secure, sacrifices flexibility – for instance the ability to access the voice server while roaming overseas.
· Cloud customers can also load tools that monitor VOIP accounts for repeated failed password attempts, and block the IP address from which the attempts are coming pending administrator investigation. Fail2ban is one such tool.

Provider-side
· Tools like Zabbix monitor unusual call patterns, destinations, numbers of live calls and account balances, and trigger alarms when certain values are exceeded (too many calls, a sharp drop in account balance, unusual international prefixes being dialed etc). Anything out of place is picked up long before too much harm can come to the user enterprise.
· VPN tunneling used in an enterprise VOIP service shields calls from eavesdropping and line-jacking, making it as secure as line encryption. An MPLS network and VPN technology like ViBE are among the applications that enable secure VPN tunnelling.
· Private cloud solutions are shielded from the public Internet by virtue of the customer’s ownership of the hosted domain.

Conclusion
VOIP hacking, while not an everyday occurrence, is very possible. However, with the right tools and a few basic security habits, this form of communication can be highly secure. (more)