The rapid adoption of IP based telephone systems is causing a stir in both the business and IT worlds. But it creates some challenges too, not least in terms of how to keep communication secure.
VoIP, as with any new technology, comes with potential security risks. Because it uses existing network and internet infrastructure, it’s subject to existing threats and there are some new ones to consider too. You need not only to guard against wider network threats such as DDoS attacks but also against some more VoIP specific ones.
Understanding the problem
An essential factor in being able to protect your VoIP system effectively is understanding the threats that it faces. These can be both internal and external. Protection, therefore, needs to work across several layers: application, network and security.
Techniques such as behavioural analysis are increasingly used. These employ machine learning to spot patterns that may indicate suspicious activity, but are only a part of the comprehensive monitoring required for true security.
Keeping voice termination and data apart
A key part of many security strategies is to separate voice and data traffic on the network. The technology means that this doesn’t necessarily have to be achieved physically. Virtual segmentation can be used to ensure that VoIP traffic only flows through specific network devices and paths.
Using dedicated resources such as subnets and virtual interfaces in this way also helps to ensure that voice traffic always has the bandwidth it requires for smooth operation and continued high call quality. VoIP is particularly sensitive to bandwidth restrictions, so this is a key consideration. This is, of course, a double-edged sword as it’s also vital that bandwidth-heavy applications, including SaaS, do not steal resources from VoIP.
Ideally, all of this needs to be taken into account when specifying the network infrastructure. For ongoing operation, network admins should have a clear view of VoIP traffic so that they can understand its impact. They also need to be able to prioritise information relating to VoIP traffic flows and log data to allow them to respond quickly to any security incidents or other issues relating to voice traffic.
This level of information is, of course, useful elsewhere, making for in-depth management reports that can help you to understand how the system is being used and where any traffic bottlenecks are occurring.
Guarding against VoIP fraud
One of the key threats to VoIP systems is gaining access to the system in order to make unauthorised calls; so-called ‘toll fraud’. Guarding against this effectively involves building rules based upon network events. These may be triggered by network devices or by the VoIP application itself.
Keeping tabs on the destination of traffic is a useful technique here too. Rapid unexpected changes in the call destination of VoIP traffic is a strong sign that the network may have been compromised and that unauthorised calls are being made. This is a good way of spotting internal abuse of the system as well.
Enterprise-wide policies to govern the use of VoIP are essential in implementing this type of system. This not only helps ensure that it is used in an approved manner but also assists admins in spotting the use of unauthorised ‘shadow’ systems such as peer-to-peer chat applications or soft phone applications. Use of these conflicts with the basic need we discussed above to keep voice and data traffic separate from each other.
This goes hand-in-hand with network policies designed to ensure that VoIP and data are kept to their discrete parts of the infrastructure. It’s important to have a policy on protocol use too. SIP (Session Initiation Protocol) is rapidly becoming the norm for IP voice systems and effective monitoring system will be able to spot issues such as malformed SIP packets.
Of course, security isn’t only about curbing abuse, whether from inside or outside the company. It’s also key to ensuring regulatory compliance. This is a particular issue for businesses in tightly regulated sectors including financial services or healthcare, but with the arrival of GDPR it impacts almost all enterprises.
Having VoIP and data on the same network opens up the possibility of data theft relating to voice traffic. This can be a particular worry where compliance requires the recording of calls and their storage for a defined period of time.
Here again, monitoring and analysis of network and user activity is essential for keeping the VoIP system and its call data safe and secure.
Protecting information, whatever its source, has to be high on the agenda of any business today. This is true whether the material comes from voice or data and whether the threat comes from inside or outside the organisation. Essential to providing that protection is the ability to understand what is happening on the network and to segregate voice and data effectively.